Explore a comprehensive approach to securing healthcare data using Open Policy Agent (OPA) in this 24-minute conference talk. Learn how to implement a "Shift Left" security strategy by codifying and enforcing policies across microservice architectures. Discover the design of an OPA-driven application development process that enables custom security policy definition and enforcement through Envoy sidecar injection. Gain insights into creating policy-enabled applications that provide least-privilege access to Protected Health Information (PHI) and Personally Identifiable Information (PII). Watch real-world demonstrations of restricting access to sensitive data and controlling inbound and outbound traffic from applications. Understand the differences between PHI and PII, the importance of policy versus practice in healthcare data security, and how OPA can improve DevOps processes. Delve into vertical OPA application, service access management, and internal data access management to enhance overall healthcare data protection.
Overview
Syllabus
Intro
Hi, I'm Martin
What is Personal Health Information?
How does PHI differ to PII?
Why does it matter?
Policy vs Practice
Processes often suck
DevOps is a culture of practice
What is OPA?
How does OPA help?
Applying OPA vertically
Make processes suck less
Service access management
Internal data access management
Taught by
CNCF [Cloud Native Computing Foundation]
