The traditional concept of an in-house data center behind a static corporate firewall is history once and for all. The enterprise is now in full embrace of dynamic applications provided and scaled by dedicated cloud service providers. To innovate faster, regain control, and compete in a new world that is shifting from a "need to know" to "need to share" paradigm requires a new focus on security and authorization in a dynamic perimeter. This dynamic perimeter spans hybrid models that seamlessly mix local applications and cloud services. This is irrelevant to the end user – they need SSO and AuthZ based on their need to share regardless of where the app is delivered. Administrators shouldn’t be forced to duplicate ids in the cloud – they want to maintain authoritative ids and policies from centralized decision points. And service providers do not have the expertise or desire to manage security. Service Gateways when combined with ABAC Attribute-based Access Control engines deliver a ready on-premise or cloud outsourced service to regain control of security within the virtualized data center.