Highlights:

  • Veza announced that its Open Authorization API (OAA) is now available on GitHub for community participation, expanding the enterprise’s access to identity-first security.
  • With Veza’s Open Permission API, clients may translate and view authorization metadata from any SaaS service, bespoke apps, and enterprise applications.

Veza announced that its Open Authorization API (OAA) is now available on GitHub for community participation, expanding the enterprise’s access to identity-first security. Developers may now design and distribute connectors to extend the Veza Authorization Graph to any sensitive data, wherever it resides, including cloud providers, SaaS apps, and custom-built internal apps, therefore expediting their organization’s route to zero trust security.

To secure enterprise data, security professionals advocate ‘Least Privilege.’ However, the rush to a multi-cloud, multi-application environment has exploded the complexity and layers of interconnection for which access must be understood, analyzed, and constantly remedied to achieve and maintain the least privilege. Recent attacks on Okta and Twilio indicate that corporations permit comprehensive data access through groups, roles, policies, and system-specific permissions. Veza links the connections between effective permissions across cloud providers, SaaS applications, and identity platforms, making it simple to visualize who may read or remove critical data. OAA enables enterprises and the broader community to construct their own Veza integrations, providing visibility to any resource, including SaaS apps like GitLab, Jira, and custom-built internal apps.

Tarun Thakur, co-founder and CEO of Veza said, “The vast majority of cybersecurity failures are rooted in issues with the gap that exists between identity, access to data, and permissions. Since our founding, we have been committed to protecting our customers from threats like ransomware, privilege abuse, and data breaches. With Veza Open Authorization API, we are extending our identity-first security approach broadly in the market and arming organizations with the tools they need to remediate undesirable and unnecessary data access at a granular level and meet the requirements of access governance for enterprise systems, both on-premises and in the cloud.”

With Veza’s Open Permission API, clients may translate and view authorization metadata from any SaaS service, bespoke apps, and enterprise applications. Through the Authorization Graph, users may investigate identity-to-data relationships, monitor for least privilege misconfigurations and breaches, and conduct thorough entitlement assessments for all of their sensitive data.

Riaz Lakhani, CISO of Barracuda Networks, said, “We specifically chose Veza because their Open Authorization API allowed us to connect to our custom internal applications. We follow the principle of least privilege, but with so many systems to review, we valued Veza’s unique ability to quickly give us a comprehensive view quickly. They made it faster and easier for our team to review all permissions with confidence.”

As an open-source project on GitHub, Veza’s Open Authorization API enables users and partners to learn from and build upon each other’s work to establish an all-data-accessible control plane. By making the OAA SDK and connectors accessible on the GitHub Community, Veza enables clients to ingest authorization metadata previously segregated in internal systems and SaaS apps. The OAA community has already developed connectors for key SaaS applications, such as GitHub, Bitbucket, GitLab, Jira, Coupa Software, Zendesk, Slack, Pagerduty, and Looker. These integrations are now accessible to all Veza users.

Craig Rosen, Chief Security & Trust Officer at ASAPP, said, “Veza solves the problem of aligning identities to data. Veza’s Open Authorization Platform helped us extend that visibility to all the apps and data that matter most to us, like GitHub and Jira. Now it is easy for our security professionals to understand (and remediate) who has access to our important intellectual property.”