Background
Zero trust security works on the principles of never trust and always verify. Organizations are applying these principles in different areas, but there are still a few areas that require more attention in the security space to implement access control, one of them is a very popular and widely used messaging service such as Kafka where there are various solutions available for authorization. The risk footprint of this service is quite high as it is a backbone of processing huge data sets for many organizations and securing it for illegitimate access should not be ignored as the data stored in many of these topics would be highly critical and therefore should be tightly governed. There are many similar offerings provided by the cloud providers which are quite well managed and tightly integrated with secure IAM, for e.g. with AWS cloud services like Kinesis Data Streams and even the AWS managed version of Kafka the authorization is quite well integrated. So, to begin we will go through some of the ways by which we can achieve authorization in Kafka.