Redefining Access Governance

Moderator(s):

Dr. Horst Walther Senior Analyst

KuppingerCole

Matthias Reinwarth Lead Advisor & Senior Analyst

KuppingerCole

Access Governance and its requirements are currently changing just as much as Identity and Access Management are. With the availability of newly designed, complementary technologies for the collection and analysis of real time access data as well as real time data analytics, current Access Governance and Access Intelligence architectures offer the opportunity of being transformed into a strategic component for corporate governance and proactive security management on top of a well-established existing Identity and Access Management system which includes the associated identity provisioning tools.

To redefine Access Governance it is required to first take a step back, to identify strengths and weaknesses of current Access Governance solutions and reconsider the underlying concepts.

Understanding the upcoming challenges for Identity and Access Management, and thus for Access Governance as well, forms the second part. These challenges for Access Governance include the need to embrace the extended enterprise, the context of Dynamic Authorization Management, and the extension of Access Management towards Entitlement Access Governance.

Third and finally, Access Analytics and Access Intelligence supplement Access Governance by additionally accessing both real time and historic activity data to enable automated and ad-hoc evaluation of policy-based rules and pattern-based activity monitoring.

The resulting approaches and suggestions range from slight amendments to the process design and implementation (e.g. dynamic recertification schedules) over role attribute changes (by adding access risk information to entitlements) to extending existing architectures by adding powerful real time Access Analytics and Access Intelligence functionalities and bridging the gaps to interact with traditional GRC infrastructures and Real Time Security Intelligence.

After attending this block of sessions you will be able to

List the strengths and weaknesses of current Access Governance solutions
Describe the challenges faced by Identity Management, Access Management and Access Governance
Understand and describe the role of Access Intellignece and Automation in modern IAM environments
Define alternaive approaches to traditional access recertification campaigns

This block qualifies for up to 5 Group Learning based CPEs depending on the number of sessions you attended.

Sessions:

Access Governance Best Practice

One-Click Insight, Lean Recertification, Improved Compliance: Redefining Access Governance for the Digital Business

Date: Thursday, May 07, 2015 Time: 11:00-12:00

One-Click Insight, Lean Recertification, Improved Compliance: Redefining Access Governance for the Digital Business

Matthias Reinwarth, KuppingerCole

Improve your level of compliance, gain up-to-date insight and reduce recertification workload. Add business risk scoring to your Access Governance Architecture, focus attention on high-risk access and extend your existing infrastructure to provide real-time access risk information. Re-think your existing Access Governance processes and understand upcoming IAM challenges and their impact on your infrastructure. In his opening notes for the Access Governance Track, Matthias Reinwarth...

Externalized Access Management (ABAC, RBAC) at Talanx Systeme AG for Bancassurance

Frank Wittlich, Talanx Systeme AG

Beginning from the architectural impact of authorisation as a cross-sectional function in the system environment of an insurance service stack, role based access control (RBAC) and attribute based access control (ABAC) will be introduced. After these preliminary considerations it will be shown by means of the case study of the Talanx Bancassurance that both models co-exist efficiently and seamlessly by using a standard authorization tool.

IAM Processes and their Communication Loops

Stephanie Jaecks, Bayer BBS

Need of basic business demands – providing IAM solution - establish fundamental operation – guidance, support and communication. To ensure the implementation of these chain within an global organization and to fulfill or exceed the expectations of our customers, regarding quality, service level and usability is a challenging and fascinating job. In this session the principles based on examples will be presented how IAM processes and their communication loops are established...

IAM Standard Processes

Roles or no Roles, that’s the Question. Two Different Approaches for Compliant IAM Processes.

Date: Thursday, May 07, 2015 Time: 12:00-13:00

Roles or no Roles, that’s the Question. Two Different Approaches for Compliant IAM Processes.

Dr. Horst Walther, KuppingerCole • Matthias Reinwarth, KuppingerCole

In this session, Matthias Reinwarth and Horst Walther will present the KuppingerCole standard IAM process models in two variants. One uses roles for implementing a consistent, comprehensive approach. However, there are various situations where deployment of complete role models is not feasible. For these situations, KuppingerCole has developed a lean model that works without roles, but allows organizations streamlining and standardizing their IAM processes anyway and meeting essential...

RBAC & ABAC Hybrid Approaches

Patrick Parker, EmpowerID • Frank Wittlich, Talanx Systeme AG • Frank Böhm, FSP • Thorsten Niebuhr, WedaCon

Over the past several years, there have been a lot of discussions around terms such as RBAC (Role Based Access Control), ABAC (Attribute Based Access Control), Dynamic Authorization Management (DAM) and standards such as XACML. Other terms such as RiskBAC (Risk Based Access Control) have been introduced more recently. Quite frequently, there has been a debate between RBAC and ABAC, as to whether attributes should or must replace roles. However, most RBAC approaches in practice rely on...