Authorization has become a critical component of the Identity & Access Management landscape. Where identity lays the foundation, dynamic authorization helps ensure the right access at the right time to the right resources, ensuring secure collaboration between the IAM teams and the business. With the rapid change in business models and technology trends, it is imperative that authorization services keep pace to meet evolving requirements. This panel of experts should provide a lively discussion about the changing landscape of authorization systems.
Key takeaways:
Managing accesses represents an incredible organizational challenge. The usual way is to grant rights on a case by case basis, complicating the task of security administrators, often by copying rights that similar employees currently have or had in the past. Over time, risk is that employees accumulate undue privileges or that accounts are forgotten and not deactivated, leading to a higher insider risk or account hijacking by external attackers. The risk is even higher with IT employees who obviously have extended privileges. The process of creation is often slow, leading to disgruntled managers and employees, whereas the removal process is unsound. Setting up RBAC can drastically reduce these risks and increase employees’ productivity. Discover through this case study the best practices in implementing RBAC and what were the lessons learned.
Key Takeaways:
1) Get an example of a practical implementation of RBAC
2) Understand what to focus on when implementing RBAC
3) Get a sense of the required process
4) Understand how to get buy-in for such a project