Airbnb’s product engineering team recently discussed their implementation of a self-serving, centralized access control platform. Built on the principle of least privilege, the team designed a five-stage architecture, which provides benefits from security, usability, and developer experience aspects.
Paul Bramsen, Staff Software Engineer at Airbnb provided a glimpse into Airbnb’s access management journey in a blog post. Bramsen noted that Airbnb needed a place to manage employee access to their systems. Employees’ requirements are to reduce unnecessary access and provide necessary permissions to Airbnb’s systems.
The system envisioned has two goals: manage the entire life of access authorization and build a system that is easily integrated with other authorization stores (eg AWS IAM, LDAP, Apache Ranger, etc.). To accomplish these goals, the team at Airbnb reviewed various products on the market, but none of them served these goals.
The product engineering team developed the following five-stage architecture. Updates flow from left to right. For example, the platform can query the Employee Data System or Connectors can query it, but it doesn’t interact directly with the Permission Stores.
Source: Airbnb’s Approach to Managing Access to Scale
Employee Data Systems are HR systems that contain employee data, owned by the IT team. The Access Control Platform (phase 2) is the core system, which includes all the business logic to manage permissions as well as the User Interface for employees. Connectors (stage 3) inform the platform about the available permissions and synchronize the permissions with the appropriate permission store. Permission Stores maintain permission and answer permission queries. Clients are the systems that end users need – e.g. SSH, Apache Superset, MySQL, internal customer support tools, Salesforce, etc.
The Product Engineering Team implemented the Access Control Platform two years ago. Bramsen cites usage-based expiration as one of the benefits of the platform – where permissions that haven’t been used for a certain period are automatically revoked. The platform notifies affected employees of the upcoming change in permissions and then provides instructions for maintaining permissions. The chart below shows the change in user access to System X, since usage-based expiration was implemented at the end of April.
Source: Airbnb’s Approach to Managing Access to Scale
As a side, Alcor, a cloud services organization, announced the new release of AccessFlow Identity Governance and Administration (IGA). With this release, AccessFlow allows enterprises to build and automate the identity lifecycle with ServiceNow. To learn more about AccessFlow, readers can visit AccessFlow here or download the application from the ServiceNow App Store.
When it comes to usability, due to the self-service nature of the Access Control Platform, employees can request permissions without the need for a support engineer. Less operational overhead because the platform allows approvers to assign permissions, and employees can revoke their permissions or permissions for the systems they manage. Promoting a seamless developer experience, the platform notifies connectors of changes via an asynchronous message queue. When a permission state changes, the Access Control Platform sends a message to the queue.
The Airbnb team reiterates that there is more to do in the Access Management space, and with methods like the above, they are committed to keeping their community’s data safe.