SlideShare une entreprise Scribd logo

CIS13: Policy Enabled Access Control: Meeting “Need to Share” Business Requirements

CloudIDSummit
CloudIDSummit

Gerry Gebel, President, Axiomatics Americas The most important, sensitive and valuable information your organization manages is exactly what your partners, customers and internal teams require access to. How do you implement this need-to-share business model without disclosing too much data and running afoul of laws, regulations or internal business rules? This session will describe how access policies and attributes are combined to provide a flexible and effective authorization solution.

BusinessTechnologie
1  sur  28
Télécharger pour lire hors ligne
Policy  Enabled  Access  Control   Mee#ng  ”Need  to  Share”  Business  Requirements     Gerry  Gebel,  President  Axioma#cs  Americas   ggebel@axioma#cs.com   @ggebel     #cisNAPA  
Se#ng  the  context   Opera0ng  in  a  “need  to  share”  world   #cisNAPA   2  
!  Think  more  about  aBributes   !  Business  metadata     and     !  And  less  about  en0tlements   !  IT  metadata   Objec0ves  for  this  session   #cisNAPA   3  
!  Account  managers  can  view/edit  records  of   clients  directly  assigned  to  them   !  Account  managers  can  view  records  for  all   clients  in  their  branch,  except  VIP  clients   !  Managers  can  view/edit   records  of  clients     assigned  to  their   subordinates   Financial  services   #cisNAPA   4  
!  Nurse  Prac00oners  in  the  Cardiology   Department  can  View  the  Records  of  Heart   Pa0ents   !  Billing  administrators  can  view  non-­‐medical  data   for  pa0ents  in  the   same  state   !  Emergency  access   is  permiBed,  but   logged   Electronic  health  records   NIST  ABAC  800-­‐162   #cisNAPA   5  
CRM   !  Users  can  view  customer  cases  for  their  LOB,   country,  region,  role  or  if  they  created  the  case  #   !  Users  with  risk  level  !=  HIGH  can  approve  cases   !  For  certain  cases,  e.g.  Singapore,  user  must  be   domiciled  in  same  country   as  the  customer  case   #cisNAPA   6  
#cisNAPA   In  the  olden  days,  authoriza0on  was  about   Who?   7  
Authoriza0on  should  really  be  about…   When?  What?   How?  Where?  Who?   Why?   #cisNAPA   8  
!  ABributes   !  Are  sets  of  labels  or  proper0es   !  Describe  all  aspects  of  en00es  that  must  be   considered  for  authoriza0on  purposes     !  ABribute  Based  Access  Control  (ABAC)   !  Uses  aBributes  as  building  blocks   It’s  all  about  the  ABributes!   #cisNAPA   9  
An  Authoriza0on  Service   De-coupled from Applications Standards- Compliant Authoriza0on  Service   Fine- Grained Context-Aware Attribute-based Access Control Externalized AuthZ Policy-based Access Control #cisNAPA   10  
Need  to  Share  vs.   Perimeters   Does  the  perimeter  maBer?   #cisNAPA   11  
#cisNAPA   12  
Source:  hBp://bit.ly/U9l7wg   #cisNAPA   13  
#cisNAPA   14  
#cisNAPA   15  
#cisNAPA   16  
Source:  www.arrayguard.com   #cisNAPA   17  
Implemen0ng  the  “need   to  share”  model   Using  aBributes,  policies  and   standards   #cisNAPA   18  
!   eXtensible  Access  Control  Markup  Language   !   An  OASIS  standard   !   The  de  facto  standard  for  fine-­‐grained  access  control   !   Current  version:  3.0   !   XACML  defines   !   A  policy  language   !   A  request  /  response  scheme   !   XML,  SOAP,  REST  &  JSON   !   A  reference  architecture   The  XACML  Standard   #cisNAPA   19  
The  XACML  Architecture   Manage   Policy  Administra;on  Point   Decide   Policy  Decision  Point   Support   Policy  Informa;on  Point   Policy  Retrieval  Point   Enforce   Policy  Enforcement  Point   #cisNAPA   20  
#cisNAPA   Authoriza0on  in  depth  &  at  the  right  layer   21  
XACML  è  Anywhere  Authoriza0on  Architecture   #cisNAPA   22  
ABributes  and  Governance   Ensuring  high  fidelity  aBributes   #cisNAPA   23  
!  See  “garbage  in,  garbage  out”  principle   !  Access  policies  rely  on  validity/assurance  of   aBribute  values   !  Some  aBributes  will  be  managed  by  aBribute   governance  solu0on  –  mostly  IT  data   !  Other  aBributes  are  managed  by  your  business   ac0vi0es  –  client  data,  research  data,  health  records,   etc.   The  Importance  of  ABribute  Governance   #cisNAPA   24  
!  Governance  tools  keep  track  of  “privilege   gran0ng  aBributes”   !  Enhances  repor0ng  and  aBesta0on   !  Governance  tools  expose  risk  scores   !  Has  the  user’s  access  been  cer0fied  on  schedule?   !  Does  the  user  have  a  high  risk  profile?   !  Authoriza0on  system  can  incorporate  risk  data     !  If  $riskScore  >  $threshold  Then  DENY  access   Governance  –  Authoriza0on  possibili0es   #cisNAPA   25  
In  Summary   #cisNAPA   26  
!   Securely  enable  new  and  exis0ng  business  models   !   Easier  to  manage  applica0ons   !   Decouple  authoriza0on  from  applica0on  –  easier  to   implement  changes  to  the  system   !   More  secure  applica0ons   !   Consistently  enforce  policies  across  heterogeneous   plasorms  and  systems  at  the  level  of  granularity  required   !   Achieve  audit  and  regulatory  compliance   !   Declara0ve  policy  language  makes  audi0ng  and  cer0fying   applica0on  access  a  straighsorward  process   #cisNAPA   Benefits  of  Data  Governance   27  
Ques0ons?   Contact  us  at     info@axioma0cs.com  

Recommandé

HIPAA_CheatSheet
HIPAA_CheatSheetHIPAA_CheatSheet
HIPAA_CheatSheetDerrick McBreairty
 
CIS 2015 User Managed Access - George Fletcher
CIS 2015 User Managed Access - George FletcherCIS 2015 User Managed Access - George Fletcher
CIS 2015 User Managed Access - George FletcherCloudIDSummit
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySabra Goldick
 
Australian CFOs in Jeopardy: What you don't know about software license compl...
Australian CFOs in Jeopardy: What you don't know about software license compl...Australian CFOs in Jeopardy: What you don't know about software license compl...
Australian CFOs in Jeopardy: What you don't know about software license compl...Flexera
 
Introduction to business policy
Introduction to business policyIntroduction to business policy
Introduction to business policyHanish Sharma
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...CA Technologies
 
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070retheauditors
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...CA Technologies
 

Recommandé

HIPAA_CheatSheet
HIPAA_CheatSheetHIPAA_CheatSheet
HIPAA_CheatSheetDerrick McBreairty
 
CIS 2015 User Managed Access - George Fletcher
CIS 2015 User Managed Access - George FletcherCIS 2015 User Managed Access - George Fletcher
CIS 2015 User Managed Access - George FletcherCloudIDSummit
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySabra Goldick
 
Australian CFOs in Jeopardy: What you don't know about software license compl...
Australian CFOs in Jeopardy: What you don't know about software license compl...Australian CFOs in Jeopardy: What you don't know about software license compl...
Australian CFOs in Jeopardy: What you don't know about software license compl...Flexera
 
Introduction to business policy
Introduction to business policyIntroduction to business policy
Introduction to business policyHanish Sharma
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...CA Technologies
 
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070retheauditors
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...CA Technologies
 
ABD207 building a banking utility leveraging aws to fight financial crime and...
ABD207 building a banking utility leveraging aws to fight financial crime and...ABD207 building a banking utility leveraging aws to fight financial crime and...
ABD207 building a banking utility leveraging aws to fight financial crime and...Amazon Web Services
 
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...apidays
 
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...dsapps
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...CA Technologies
 
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018Amazon Web Services
 
Breaking Up with Your Solution: Migrating Your Ecommerce to a Microservices P...
Breaking Up with Your Solution: Migrating Your Ecommerce to a Microservices P...Breaking Up with Your Solution: Migrating Your Ecommerce to a Microservices P...
Breaking Up with Your Solution: Migrating Your Ecommerce to a Microservices P...Skava
 
Customer Uses of Data Lakes
Customer Uses of Data LakesCustomer Uses of Data Lakes
Customer Uses of Data LakesAmazon Web Services
 
Pre-Con Ed: Software Asset Management: Working in the Trenches
Pre-Con Ed: Software Asset Management: Working in the TrenchesPre-Con Ed: Software Asset Management: Working in the Trenches
Pre-Con Ed: Software Asset Management: Working in the TrenchesCA Technologies
 
Data Lakes in the Wild
Data Lakes in the WildData Lakes in the Wild
Data Lakes in the WildAmazon Web Services
 
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...Amazon Web Services
 
Driving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningDriving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningWSO2
 
Uses of Data Lakes
Uses of Data LakesUses of Data Lakes
Uses of Data LakesAmazon Web Services
 
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...ggebel
 
Developing Modern Applications in the Cloud
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the CloudCobus Bernard
 
CIS14: Identity at Scale: Building from the Ground Up
CIS14: Identity at Scale: Building from the Ground UpCIS14: Identity at Scale: Building from the Ground Up
CIS14: Identity at Scale: Building from the Ground UpCloudIDSummit
 
Uses of Data Lakes: Data Analytics Week SF
Uses of Data Lakes: Data Analytics Week SFUses of Data Lakes: Data Analytics Week SF
Uses of Data Lakes: Data Analytics Week SFAmazon Web Services
 
Revealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityRevealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityHelpSystems
 
AVEVA World Conference NA - Cormac Ryan, AVEVA ISM
AVEVA World Conference NA - Cormac Ryan, AVEVA ISMAVEVA World Conference NA - Cormac Ryan, AVEVA ISM
AVEVA World Conference NA - Cormac Ryan, AVEVA ISMAVEVA-Americas
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...CA Technologies
 
Apps
AppsApps
AppsInsightLake Support
 
CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 

Contenu connexe

Similaire à CIS13: Policy Enabled Access Control: Meeting “Need to Share” Business Requirements

ABD207 building a banking utility leveraging aws to fight financial crime and...
ABD207 building a banking utility leveraging aws to fight financial crime and...ABD207 building a banking utility leveraging aws to fight financial crime and...
ABD207 building a banking utility leveraging aws to fight financial crime and...Amazon Web Services
 
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...apidays
 
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...dsapps
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...CA Technologies
 
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018Amazon Web Services
 
Breaking Up with Your Solution: Migrating Your Ecommerce to a Microservices P...
Breaking Up with Your Solution: Migrating Your Ecommerce to a Microservices P...Breaking Up with Your Solution: Migrating Your Ecommerce to a Microservices P...
Breaking Up with Your Solution: Migrating Your Ecommerce to a Microservices P...Skava
 
Pre-Con Ed: Software Asset Management: Working in the Trenches
Pre-Con Ed: Software Asset Management: Working in the TrenchesPre-Con Ed: Software Asset Management: Working in the Trenches
Pre-Con Ed: Software Asset Management: Working in the TrenchesCA Technologies
 
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...Amazon Web Services
 
Driving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningDriving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningWSO2
 
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...ggebel
 
Developing Modern Applications in the Cloud
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the CloudCobus Bernard
 
CIS14: Identity at Scale: Building from the Ground Up
CIS14: Identity at Scale: Building from the Ground UpCIS14: Identity at Scale: Building from the Ground Up
CIS14: Identity at Scale: Building from the Ground UpCloudIDSummit
 
Uses of Data Lakes: Data Analytics Week SF
Uses of Data Lakes: Data Analytics Week SFUses of Data Lakes: Data Analytics Week SF
Uses of Data Lakes: Data Analytics Week SFAmazon Web Services
 
Revealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityRevealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityHelpSystems
 
AVEVA World Conference NA - Cormac Ryan, AVEVA ISM
AVEVA World Conference NA - Cormac Ryan, AVEVA ISMAVEVA World Conference NA - Cormac Ryan, AVEVA ISM
AVEVA World Conference NA - Cormac Ryan, AVEVA ISMAVEVA-Americas
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...CA Technologies
 

Similaire à CIS13: Policy Enabled Access Control: Meeting “Need to Share” Business Requirements (20)

ABD207 building a banking utility leveraging aws to fight financial crime and...
ABD207 building a banking utility leveraging aws to fight financial crime and...ABD207 building a banking utility leveraging aws to fight financial crime and...
ABD207 building a banking utility leveraging aws to fight financial crime and...
 
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...
 
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
 
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018
 
Breaking Up with Your Solution: Migrating Your Ecommerce to a Microservices P...
Breaking Up with Your Solution: Migrating Your Ecommerce to a Microservices P...Breaking Up with Your Solution: Migrating Your Ecommerce to a Microservices P...
Breaking Up with Your Solution: Migrating Your Ecommerce to a Microservices P...
 
Customer Uses of Data Lakes
Customer Uses of Data LakesCustomer Uses of Data Lakes
Customer Uses of Data Lakes
 
Pre-Con Ed: Software Asset Management: Working in the Trenches
Pre-Con Ed: Software Asset Management: Working in the TrenchesPre-Con Ed: Software Asset Management: Working in the Trenches
Pre-Con Ed: Software Asset Management: Working in the Trenches
 
Data Lakes in the Wild
Data Lakes in the WildData Lakes in the Wild
Data Lakes in the Wild
 
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...
 
Driving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine LearningDriving Digital Transformation through Big Data Analytics and Machine Learning
Driving Digital Transformation through Big Data Analytics and Machine Learning
 
Uses of Data Lakes
Uses of Data LakesUses of Data Lakes
Uses of Data Lakes
 
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
 
Developing Modern Applications in the Cloud
Developing Modern Applications in the CloudDeveloping Modern Applications in the Cloud
Developing Modern Applications in the Cloud
 
CIS14: Identity at Scale: Building from the Ground Up
CIS14: Identity at Scale: Building from the Ground UpCIS14: Identity at Scale: Building from the Ground Up
CIS14: Identity at Scale: Building from the Ground Up
 
Uses of Data Lakes: Data Analytics Week SF
Uses of Data Lakes: Data Analytics Week SFUses of Data Lakes: Data Analytics Week SF
Uses of Data Lakes: Data Analytics Week SF
 
Revealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityRevealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i Security
 
AVEVA World Conference NA - Cormac Ryan, AVEVA ISM
AVEVA World Conference NA - Cormac Ryan, AVEVA ISMAVEVA World Conference NA - Cormac Ryan, AVEVA ISM
AVEVA World Conference NA - Cormac Ryan, AVEVA ISM
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
 
Apps
AppsApps
Apps
 

Plus de CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

Plus de CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Dernier

Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesDavidSamuel525586
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckHajeJanKamps
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...ssuserf63bd7
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerAggregage
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdfChris Skinner
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...SOFTTECHHUB
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfJamesConcepcion7
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsIndiaMART InterMESH Limited
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdfMintel Group
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...Hector Del Castillo, CPM, CPMM
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifeBhavana Pujan Kendra
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdfChris Skinner
 

Dernier (20)

Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in Philippines
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deck
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon Harmer
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdf
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan Dynamics
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
 
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptxThe Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in Life
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
 

CIS13: Policy Enabled Access Control: Meeting “Need to Share” Business Requirements

  • 1. Policy  Enabled  Access  Control   Mee#ng  ”Need  to  Share”  Business  Requirements     Gerry  Gebel,  President  Axioma#cs  Americas   ggebel@axioma#cs.com   @ggebel     #cisNAPA  
  • 2. Se#ng  the  context   Opera0ng  in  a  “need  to  share”  world   #cisNAPA   2  
  • 3. !  Think  more  about  aBributes   !  Business  metadata     and     !  And  less  about  en0tlements   !  IT  metadata   Objec0ves  for  this  session   #cisNAPA   3  
  • 4. !  Account  managers  can  view/edit  records  of   clients  directly  assigned  to  them   !  Account  managers  can  view  records  for  all   clients  in  their  branch,  except  VIP  clients   !  Managers  can  view/edit   records  of  clients     assigned  to  their   subordinates   Financial  services   #cisNAPA   4  
  • 5. !  Nurse  Prac00oners  in  the  Cardiology   Department  can  View  the  Records  of  Heart   Pa0ents   !  Billing  administrators  can  view  non-­‐medical  data   for  pa0ents  in  the   same  state   !  Emergency  access   is  permiBed,  but   logged   Electronic  health  records   NIST  ABAC  800-­‐162   #cisNAPA   5  
  • 6. CRM   !  Users  can  view  customer  cases  for  their  LOB,   country,  region,  role  or  if  they  created  the  case  #   !  Users  with  risk  level  !=  HIGH  can  approve  cases   !  For  certain  cases,  e.g.  Singapore,  user  must  be   domiciled  in  same  country   as  the  customer  case   #cisNAPA   6  
  • 7. #cisNAPA   In  the  olden  days,  authoriza0on  was  about   Who?   7  
  • 8. Authoriza0on  should  really  be  about…   When?  What?   How?  Where?  Who?   Why?   #cisNAPA   8  
  • 9. !  ABributes   !  Are  sets  of  labels  or  proper0es   !  Describe  all  aspects  of  en00es  that  must  be   considered  for  authoriza0on  purposes     !  ABribute  Based  Access  Control  (ABAC)   !  Uses  aBributes  as  building  blocks   It’s  all  about  the  ABributes!   #cisNAPA   9  
  • 10. An  Authoriza0on  Service   De-coupled from Applications Standards- Compliant Authoriza0on  Service   Fine- Grained Context-Aware Attribute-based Access Control Externalized AuthZ Policy-based Access Control #cisNAPA   10  
  • 11. Need  to  Share  vs.   Perimeters   Does  the  perimeter  maBer?   #cisNAPA   11  
  • 17. Source:  www.arrayguard.com   #cisNAPA   17  
  • 18. Implemen0ng  the  “need   to  share”  model   Using  aBributes,  policies  and   standards   #cisNAPA   18  
  • 19. !   eXtensible  Access  Control  Markup  Language   !   An  OASIS  standard   !   The  de  facto  standard  for  fine-­‐grained  access  control   !   Current  version:  3.0   !   XACML  defines   !   A  policy  language   !   A  request  /  response  scheme   !   XML,  SOAP,  REST  &  JSON   !   A  reference  architecture   The  XACML  Standard   #cisNAPA   19  
  • 20. The  XACML  Architecture   Manage   Policy  Administra;on  Point   Decide   Policy  Decision  Point   Support   Policy  Informa;on  Point   Policy  Retrieval  Point   Enforce   Policy  Enforcement  Point   #cisNAPA   20  
  • 21. #cisNAPA   Authoriza0on  in  depth  &  at  the  right  layer   21  
  • 22. XACML  è  Anywhere  Authoriza0on  Architecture   #cisNAPA   22  
  • 23. ABributes  and  Governance   Ensuring  high  fidelity  aBributes   #cisNAPA   23  
  • 24. !  See  “garbage  in,  garbage  out”  principle   !  Access  policies  rely  on  validity/assurance  of   aBribute  values   !  Some  aBributes  will  be  managed  by  aBribute   governance  solu0on  –  mostly  IT  data   !  Other  aBributes  are  managed  by  your  business   ac0vi0es  –  client  data,  research  data,  health  records,   etc.   The  Importance  of  ABribute  Governance   #cisNAPA   24  
  • 25. !  Governance  tools  keep  track  of  “privilege   gran0ng  aBributes”   !  Enhances  repor0ng  and  aBesta0on   !  Governance  tools  expose  risk  scores   !  Has  the  user’s  access  been  cer0fied  on  schedule?   !  Does  the  user  have  a  high  risk  profile?   !  Authoriza0on  system  can  incorporate  risk  data     !  If  $riskScore  >  $threshold  Then  DENY  access   Governance  –  Authoriza0on  possibili0es   #cisNAPA   25  
  • 27. !   Securely  enable  new  and  exis0ng  business  models   !   Easier  to  manage  applica0ons   !   Decouple  authoriza0on  from  applica0on  –  easier  to   implement  changes  to  the  system   !   More  secure  applica0ons   !   Consistently  enforce  policies  across  heterogeneous   plasorms  and  systems  at  the  level  of  granularity  required   !   Achieve  audit  and  regulatory  compliance   !   Declara0ve  policy  language  makes  audi0ng  and  cer0fying   applica0on  access  a  straighsorward  process   #cisNAPA   Benefits  of  Data  Governance   27  
  • 28. Ques0ons?   Contact  us  at     info@axioma0cs.com