KCOS Logo

Highlights

A policy-based access management system can offer significant benefits to corporations, provided the solution is designed and deployed to meet the organization’s specific requirements.

In developing requirements and deploying a solution for PBAC, the following should be considered:

  • Access control decisions should be externalized. Applications that maintain static entitlements at the data level or in own databases to determine user access rights are difficult to integrate. While policies can be used to auto-generate and manage static entitlements, modern applications should rely on external access decision control.
  • Policy management should be centralized. While administration points may be distributed for different use cases and while different business units will be in charge of policy definition, management, and governance, policy creation and management need to follow common corporate-wide policies.
  • Support for all corporate infrastructure that hosts connected applications and resources, such as: on-premises, cloud, and cloud-native assets, is essential. Decision point deployments should be in close proximity to the connected applications and databases.
  • Decision data should be as real-time as possible. For solutions that maintain their own information point data, a mechanism to maintain data quality and data governance is required.
  • Data governance, in general, is required for information that is used for decision making. PBAM relies on the combination of policies and current data for making (authorization) decisions at run-time. Thus, both policies and data must be correct and well-governed.
  • Support for corporate governance is required. Integration with monitoring and event management should be deployed and tools such as policy analytics should be provided.
  • With increasing regulation by government and industry bodies, ensuring compliance requirements are met is essential.