Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
© 2005-2013 NextLabs Inc.
Managing Role Explosion with
Attribute-based Access Control:
More Roles than Employees?
Sandeep ...
© 2005-2013 NextLabs Inc. Slide 2
2-Part Series
Part 1 – More Roles than Employees
Trends and drivers for role explosion, ...
© 2005-2013 NextLabs Inc. Slide 3
Agenda
Session1
Access Control Challenges Today
Authorization Dimensions
Role Based Acce...
© 2005-2013 NextLabs Inc. Slide 4
Information Risk Management Challenge
Compliance with Regulations
• Global Business Mode...
© 2005-2013 NextLabs Inc. Slide 5
Business Authorization Dimensions
● Functional Access
● Determine the actions a user can...
© 2005-2013 NextLabs Inc. Slide 6
Authorization Layers
© 2005-2013 NextLabs Inc. Slide 7
Real need for more controls
Finance Engineering Manufacturing Purchasing Suppliers Partn...
© 2005-2013 NextLabs Inc. Slide 8
Finance Engineering Manufacturing Purchasing Suppliers Partners
Finer grained controls
E...
© 2005-2013 NextLabs Inc. Slide 9
Resources
Type Scale
Application 100-1,000s
Service 1,000s
Functions 1,0000s
Data Type 1...
© 2005-2013 NextLabs Inc. Slide 10
Real life example
Attributes Possible Values #
Project Membership PR01, PR02.. 10
US Ci...
© 2005-2013 NextLabs Inc. Slide 11
Challenge – Exploding Access Complexity
Companies have multiple access variables
• Mult...
© 2005-2013 NextLabs Inc. Slide 12
Roles – Numerical Example
Scenario Derived Role Enabler Role
50 Functional
roles &
5 Su...
© 2005-2013 NextLabs Inc. Slide 13
Roles across multiple systems
RolesAttributes
BW
Users
© 2005-2013 NextLabs Inc. Slide 14
Customization & Maintenance Costs
$241.01 User Adoption cost per role
56% think there i...
© 2005-2013 NextLabs Inc. Slide 15
About NextLabs
NextLabs Entitlement Manager is an
SAP-Endorsed Business Solution
Policy...
© 2005-2013 NextLabs Inc. Slide 16
Thank You!
Thank you for viewing a preview of Part 1 of our Managing Role Explosion
wit...
Prochain SlideShare
Chargement dans…5
×
Prochain SlideShare
Top Ten Reasons Why Developers Don’t Adopt ABAC
Suivant

2

Partager

Managing Role Explosion with Attribute-based Access Control - Webinar Series - Part 1

As companies globalize and consolidate their SAP systems, they face an increasing need to control access to sensitive data based on fine grained user profiles. Traditionally, companies have managed this access by defining fine grained roles, leading to an explosion of roles that are inconsistent and hard to manage.

In this webinar series, attendees will learn:
- The key trends driving role explosion
- The challenges of role explosion
- Example use cases that drive role explosion
- How attribute-based access control (ABAC) can alleviate the problem

Attendees will also see demonstrations of use cases illustrating how role explosion happens, and how ABAC can help reduce role explosion.

Livres associés

Gratuit avec un essai de 30 jours de Scribd

Tout voir

Managing Role Explosion with Attribute-based Access Control - Webinar Series - Part 1

  1. 1. © 2005-2013 NextLabs Inc. Managing Role Explosion with Attribute-based Access Control: More Roles than Employees? Sandeep Chopra Director of Product Management NextLabs, Inc.
  2. 2. © 2005-2013 NextLabs Inc. Slide 2 2-Part Series Part 1 – More Roles than Employees Trends and drivers for role explosion, cost of role management Demonstrations of typical use cases that drive role explosion Part 2 – “Attributes” is the new Role Basics of ABAC and how it can help reduce role explosion Demonstrations of typical use cases and how ABAC works.
  3. 3. © 2005-2013 NextLabs Inc. Slide 3 Agenda Session1 Access Control Challenges Today Authorization Dimensions Role Based Access Control and Role Explosion Authorization Decision Map Next Week’s Preview Session 2 Attribute Based Access Control and Information Control Policies Demonstration Examples Question and Answers
  4. 4. © 2005-2013 NextLabs Inc. Slide 4 Information Risk Management Challenge Compliance with Regulations • Global Business Model • External Partners • Distributed Supply Chain Collaboration • Business Process Transformation • Single Application Instance • Shared Services • Compliance with Contractual Obligations (NDAs, PIAs) • Disclosure of Critical IP Intellectual Property Protection • Export Control (ITAR, EAR, UKMOD) • Financial • Health and Privacy Consolidation and Efficiency “How do I control access to information across server, cloud, and client applications in a cost-effective manner?” Information Sharing Information Governance
  5. 5. © 2005-2013 NextLabs Inc. Slide 5 Business Authorization Dimensions ● Functional Access ● Determine the actions a user can perform ● Data Access ● Determine the data a user can see ● Governance ● Rules for access management Functional Access DataAccess
  6. 6. © 2005-2013 NextLabs Inc. Slide 6 Authorization Layers
  7. 7. © 2005-2013 NextLabs Inc. Slide 7 Real need for more controls Finance Engineering Manufacturing Purchasing Suppliers Partners Cost Analysis Engineering Designs Vendor Analysis BOM Structures Demand Forecasts Information
  8. 8. © 2005-2013 NextLabs Inc. Slide 8 Finance Engineering Manufacturing Purchasing Suppliers Partners Finer grained controls Engineerin g Designs Program Data Export Controlled Proprietary Usage Control
  9. 9. © 2005-2013 NextLabs Inc. Slide 9 Resources Type Scale Application 100-1,000s Service 1,000s Functions 1,0000s Data Type 10,000-100,000s Documents 1,000,000s-100,000,000s Data 1,000,000,000s+ What type of resources do you need to authorize?
  10. 10. © 2005-2013 NextLabs Inc. Slide 10 Real life example Attributes Possible Values # Project Membership PR01, PR02.. 10 US Citizen No/Yes 2 Location US, China 5 Export License NR, ITAR, EAR 5 NDA No, NDA-01 5 Usage View, Change, Copy, Send 4 10,000
  11. 11. © 2005-2013 NextLabs Inc. Slide 11 Challenge – Exploding Access Complexity Companies have multiple access variables • Multiple Export Jurisdictions (e.g. ITAR, EAR, BAFA) • Multiple IP Control Agreements (e.g. PIEA, NDA) • Multiple Applications and Systems (e.g. PLM, ERP, SCM) Traditional role based access control (RBAC) explodes based on the number of variables Number of Access Variables RequiredAccessRules
  12. 12. © 2005-2013 NextLabs Inc. Slide 12 Roles – Numerical Example Scenario Derived Role Enabler Role 50 Functional roles & 5 Subsidiaries 300 total roles:  50 Functional roles  5 derived company code  35 derived Plants 56 roles:  50 Functional roles  1 enabler template – Company code  1 enabler roles for Plant 35 Plants under 5 subsidiaries 1840 Roles  50 x 35 = 1,750  1,750 + 5+ 35 + 50 = 1840 Roles 1802 Roles  50 Functional roles x 35 plants = 1,750  1750 + 50 + 2 = 1802 Benefit Baseline 5% less than Derived roles 1Company 5Subsidiaries 7 Plants/Subsidiary = 35 Plants
  13. 13. © 2005-2013 NextLabs Inc. Slide 13 Roles across multiple systems RolesAttributes BW Users
  14. 14. © 2005-2013 NextLabs Inc. Slide 14 Customization & Maintenance Costs $241.01 User Adoption cost per role 56% think there is lack of standardization in roles across different applications and systems. * Reference 2010 Economic Analysis of Role-Based Access Control Guide to Attribute Based Access Control 9 applications per user 17 roles per user across applications 35 Administrative actions per role $40M Life time cost on 10,000 Users
  15. 15. © 2005-2013 NextLabs Inc. Slide 15 About NextLabs NextLabs Entitlement Manager is an SAP-Endorsed Business Solution Policy-driven, information risk management software for Global 5000 enterprises. Help companies achieve safer and more secure internal and external collaboration Ensure proper access to applications and data Facts Locations HQ: San Mateo, CA Boston, MA Hangzhou, PRC Malaysia Singapore 40+ Patent Portfolio Major go-to-market Partners: IBM, SAP, HCL-AXON, Hitachi Consulting “We allow companies to preserve confidentiality, prevent data loss and ensure compliance across more channels and more points with a single unified solution with unmatched user acceptance and total cost of ownership.” - Keng Lim, Chairman and CEO NextLabs Overview
  16. 16. © 2005-2013 NextLabs Inc. Slide 16 Thank You! Thank you for viewing a preview of Part 1 of our Managing Role Explosion with Attribute-Based Access Control webinar series. To watch our complete recording, CLICK HERE. In the remainder of this webinar, you will see Demonstrations of typical use cases that drive role explosion.
  • sky_wu

    May. 28, 2018
  • nagib2001

    Apr. 23, 2017

As companies globalize and consolidate their SAP systems, they face an increasing need to control access to sensitive data based on fine grained user profiles. Traditionally, companies have managed this access by defining fine grained roles, leading to an explosion of roles that are inconsistent and hard to manage. In this webinar series, attendees will learn: - The key trends driving role explosion - The challenges of role explosion - Example use cases that drive role explosion - How attribute-based access control (ABAC) can alleviate the problem Attendees will also see demonstrations of use cases illustrating how role explosion happens, and how ABAC can help reduce role explosion.

Vues

Nombre de vues

1 786

Sur Slideshare

0

À partir des intégrations

0

Nombre d'intégrations

3

Actions

Téléchargements

1

Partages

0

Commentaires

0

Mentions J'aime

2

×