Fine-Grained Policy-Based Access Control: Why & How?
- LANGUAGE: English DATE: Thursday, October 18, 2018 TIME: 4:00pm CEST, 10:00am EDT, 7:00am PDT
Mastering authorization is critical for modern organizations with multiple user constituencies, applications, and data types. Authorization has become a crucial part of security infrastructures and can no longer be considered just another feature of existing IAM solutions. Instead, authorization control infrastructures have developed their own segment in the security market.
There is a need for more than just one technology to meet different needs of the market, especially in the areas of administration and governance - both dictate the need for an authorization solution.
Furthermore, customers face challenges in several areas – the main one is having no insight into what data and functionalities users are able to access. And while there is a constant need for businesses to continuously modify, extend, and modernize their processes and business models, there is a lack of adequate and agile data access control and management functionality.
RBAC (Role Based Access Control) has proven handy for adding manageability and assurance to coarse- or medium-grained authorization but break down in the face of dynamic environments or complex access policies. Attribute-based access control (ABAC) has gained adherents but is in fact just another piece of the puzzle. Policy-based Access Control (PBAC) is an emerging model that seeks to help enterprises address the need to implement actionable access control schemes based on corporate policy and governance requirements. In general, PBAC can be considered the harmonization and standardization of the ABAC and RBAC models at an enterprise level in support of specific governance objectives.
In this webinar you will learn more about:
- The concept of Authorization as business need and technology requirement.
- Why Authorization is a feature and important piece of the IAM puzzle.
- Why Authorization is one of the main concerns of the business owner of the information.
- Why your authorization solution should enable the business as well as the admins.
In the first part of the Webinar Kuppinger Cole Lead Analyst John Tolbert will introduce the benefits and challenges of data-centric security based on RBAC (Role-based Access Control), which has often shown to be overly static and difficult to manage, complemented with ABAC (Attribute Based Access Control).
In the second part of the webinar, Gal Helemski from PlainID will talk about the concept of Authorization as a whole solution. She will describe the benefits of implementing a unified approach to address them. A single dynamic authorization architecture works across formerly separate dimensions, and can thus solve most problems through a combined RBAC and ABAC approach.
PlainID provides both Business AND Admin teams with a simple and intuitive means to control their organization’s entire authorization and access control process. The platform allows you to implement literally any kind of rules you could imagine, all without coding, and all in fine grained detail. PlainID simplifies Authorization so that thousands of Roles, Attributes and even Environmental Factors can be converted into a few logical SmartAuthorization policies using our Graph Database Decision Engine. We offer the first policy based access control (PBAC) solution that simplifies Authorization to one point of decision, one point of control and one point of view across your cloud, mobile and legacy applications.
The Identity-as-a-Service (IDaaS) market continues to develop with a significant push from organizations looking to adopt cloud-based delivery of security services including IAM. While IDaaS Access Management solutions, providing SSO (Single Sign-On) for the users and access to a variety of services are already established, IDaaS IGA is not as widely used yet. However, shifting IGA (Identity Governance and Administration) capabilities, e.g. Identity Lifecycle Management and Access Governance, to the cloud might provide significant benefits regarding time and cost of deploying and operating IGA.
Come to the place where the Digital Transformation is happening. The European Identity & Cloud Conference, held from May 12-15, 2020, offers a mixture of best practice discussions, visionary presentations, and networking opportunities with a future-oriented community. More than 800 thought leaders, leading vendors, analysts, executives, and end-users get together in Munich to be inspired by a list of world-class speakers.