The Limits of “Man-in-the-Middle” Architecture for Authorization

Veza's approach to building an authorization platform differs from other companies in the Identity-First Security market by utilizing an out-of-band architecture instead of an in-line one. The in-line approach, which involves a proxy or agent sitting between data and users, is believed to have four fatal flaws: slow deployment due to security reviews, downtime risk, new points of failure, and increased policy complexity. Veza's out-of-band solution pulls metadata from APIs, leverages existing authorization policies and systems, and avoids the issues associated with in-line architecture. This approach is faster to deploy, has no downtime risk or new points of failure, and reduces policy complexity by helping users understand and manage their authorization policies more effectively.