The Era of Dynamic and Externalized Authorization has Arrived (E,R)

No ratings

Presented at Rocky Mountain Information Security Conference 2012 by

Gerry Gebel

"The business need to share sensitive information, the maturing of cloud computing models, and the continuous pressure from compliance mandates are combining to make externalized and dynamic authorization an imperative for enterprises today. It is no longer sufficient to rely on outdated role-based access models or the embedded authorization schemes that are unique to each business application. Attribute-based access control (ABAC) approaches, based on the Extensible Access Control Markup Language (XACML) standard are enabling forward-looking organizations to address their access control requirements in a more holistic, consistent and effective manner. This session will focus on current trends in the authorization market, share common use cases and business requirements, and discuss a maturity model for IT organizations. In addition, the session will cover how externalized authorization systems address key issues for audit, governance and access certification. Learner Objectives: Latest trends in externalized authorization How externalized authorization relates to other identity management capabilities How externalized authorization improves and organization's posture as it relates to access governance Where authorization systems can implement access controls for cloud-based computing scenarios What security architects should be doing to plan for implementation of externalized and dynamic authorization services"