Security challenges are arising as businesses become more and more digital. Integrating access control into all your business processes requires proper access management. In this talk, we will give and overview of the current state-of-practice of access management. Who are the world’s leading vendors in access management? What is the role of different access management technologies like identity management and identity governance & administration and how do they relate to each other? What does it take for your organisation to effectively manage access to mitigate future “digital risks”?
3. 3
In more than half of the cases,
the insider used some form of
authorized access.
“Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S.
Financial Services Sector”, CMU SEI
7. The hard thing about access management
CISO
Business
policy
Employees
GovernanceOperational
x
x
?
?
Application
policy
x
7
Access
requests
Systematic
access reviews
x
x x ?
O
10. Fix your identity management
“ Security starts by
understanding who your users are and
what they have access to. ”
10
John Burnham, IBM Director of Strategic Communications
16. 16
Sales dept. vs. HR vs. finance vs.
upper management vs. ...
Business policy vs.
application policy
This complicates things...
● Translation and refinement
are error prone!
● Hampers transparency
Not everyone uses the same vocabulary
Business
policy
Application
policy
17. Some only have “allowed users”,
others only know roles or groups.
This complicates writing an
application policy:
● Or users get too many
permissions
● Or you end up with clutter
in your IDM database
● Hampers transparency
17
Not every application uses the same concepts
Business
policy
Application
policy
19. 19
Access management is...
● Important, but
hard to do right
○ Cross-cuts your
organisation
○ Cross-cuts IT
● Lots of point solutions
○ Trim the leaves
○ ...but don’t always
tackle the root of
the problem
20. Two enabling technologies for the future
20
● Reduces conceptual gap
● Improves “readability”
(and therefore transparency)
● Avoids unnecessary burden on IDM
● Makes policy change more flexible
● Enables centralized policy administration
(and therefore transparency)
ABAC PBAC
Help with...
● aligning access management with business processes
● accountability and compliance
21. The current state of
access management
Any further questions?
Contact us at
thomas.heyman@cs.kuleuven.be
Interested in our events?
Subscribe here
http://bit.ly/DistrinetAccessControl