IAM and Data Governance Beyond Compliance
Combined Session
Friday, June 07, 2024 11:30—12:30
Location: B 07-08
Friday, June 07, 2024 11:30—12:30
Location: B 07-08
Compared to externalising authentication, externalising authorization has proven elusive. Yet a combination of the rise of advanced threat actors, regulation, compliance and pressures for greater business agility is bringing it back in focus. It is tempting to think of externalising authorization as a technology problem. Technology like policy languages, authorization engines and workflow systems is necessary to enable the externalisation of authorization, but it is not sufficient. Externalising authorization requires three foundational building blocks to be in place, namely value for all stakeholders from engineers to customers, supporting business processes and technology. In this session we explore each of these building blocks should be internalised in terms of mapping value for all stakeholders, the process and culture needed to make authorization policies explicit and finally the need to drive authorization infrastructure, from policy language to enforcement engines, into the compute and network fabric to address greenfield and brownfield deployments in order to remove barriers to externalising authorization.
The cybersecurity landscape is evolving rapidly, and traditional security paradigms are proving inadequate in the face of modern threats. As organizations strive to embrace Zero Trust principles, the role of Privileged Access Management (PAM) is pivotal. This talk explores the transformative concept of "Micro Authorizations" and its potential to shape the optimal direction for PAM implementations in support of Zero Trust initiatives.
The Authorization Fabric decides whether a specific principal is authorized to perform a precise operation on a particular resource and whether the resource permits this access.
The granularity of this approach is vital in today’s threat landscape, requiring organizations to shift their focus to a comprehensive, system-wide authorization framework. This shift, parallels the principles of microservices but applies them to the realm of access control.
Rather than depending on a single point of control, there is a need for a network proxy that acts as a bridge between trust and authorization.
Join us on a journey towards a future powered by micro authorizations, where precision, adaptability, and contextual awareness define access control. Explore how micro authorizations can address contemporary security challenges and facilitate the adoption of the Zero Trust model.
One of Identity’s core purposes is to secure access to resources. Since the inception of Identity Governance programs, organizations we have taken an “inside out” approach to secure access and have not focused as much on the resource model. While this approach has produced positive results, it has come at the cost of efficiency, speed and accuracy. We explore the different contributions that identity governance can make to data governance and how combining data and identity governance programs can produce more accurate results, better models and a more secure infrastructure.
