Access Governance and its requirements are currently changing just as much as Identity and Access Management are. With the availability of newly designed, complementary technologies for the collection and analysis of real time access data as well as real time data analytics, current Access Governance and Access Intelligence architectures offer the opportunity of being transformed into a strategic component for corporate governance and proactive security management on top of a well-established existing Identity and Access Management system which includes the associated identity provisioning tools.
To redefine Access Governance it is required to first take a step back, to identify strengths and weaknesses of current Access Governance solutions and reconsider the underlying concepts.
Understanding the upcoming challenges for Identity and Access Management, and thus for Access Governance as well, forms the second part. These challenges for Access Governance include the need to embrace the extended enterprise, the context of Dynamic Authorization Management, and the extension of Access Management towards Entitlement Access Governance.
Third and finally, Access Analytics and Access Intelligence supplement Access Governance by additionally accessing both real time and historic activity data to enable automated and ad-hoc evaluation of policy-based rules and pattern-based activity monitoring.
The resulting approaches and suggestions range from slight amendments to the process design and implementation (e.g. dynamic recertification schedules) over role attribute changes (by adding access risk information to entitlements) to extending existing architectures by adding powerful real time Access Analytics and Access Intelligence functionalities and bridging the gaps to interact with traditional GRC infrastructures and Real Time Security Intelligence.
Adaptive Policy-Based Access Management: Beyond ABAC and RBAC
Over the past several years, there have been a lot of discussions around terms such as RBAC (Role Based Access Control), ABAC (Attribute Based Access Control), Dynamic Authorization Management (DAM) and standards such as XACML. Other terms such as RiskBAC (Risk Based Access Control) have been introduced more recently.
In particular, a frequent discussion has been going on between RBAC and ABAC enthusiasts, as to whether attributes should or must replace roles. However, most RBAC approaches in practice rely on more than purely role (i.e. on other attributes), while roles are a common attribute in ABAC. In practice, it is not RBAC vs. ABAC, but rather a continuum.
During this session, Martin Kuppinger will open the discussion on the different ways how access is granted – in a static, ACL-like approach or more dynamically, based policies and contextual information – and what the challenges are when moving to a more dynamic approach.
The Future of Authorization
IAM/IAG @ Continental AG: Clearing Process as a Basis for Identity Management
The history of Continental consists of many mergers and aquisitions which lead to a very heterogeneous environment concerning accounts and account processes. Continental designed a special clearing process to securely map the HR data and account data of each employee and create the digital identity. As a next step the identity lifecycle processes will be defined and implemented.
Identity Relationship and Access Management and Dynamic Authorisation Management as a Driver for New Business Opportunities
If you can externalise authorisation management away from the application you will simplify online application development considerably. If you can externalise authorisation and identity management to your customer you can achieve considerable cost savings through self-service functions. If you put your customer in control of their identity data, and link your Identity Relationship and Access Management (IRAM) solution to your CRM, you can automate registration processes and invite customers directly from the CRM to your online services. As the customer has control over their identities and authorisations using the IRAM solution, you will improve the quality of the customer data within your CRM and you’ll be able to increase the efficiency of your sales and marketing by 30%, or as much as your CRM currently holds out-dated, corrupt or incorrect data.
With 3 million customers DNA Ltd. is Finland’s largest cable operator, a leading pay TV provider in both the cable and terrestrial networks the and third largest mobile operator. At the end of 2013 DNA adopted an Identity Relationship and Access Management solution to help them better manage their corporate customers. Dynamic Authorisation Management has proven to be the biggest benefit of the IRAM deployment facilitating considerable cost savings. In 2014 DNA started to offer selected cloud services to their customers. The cloud brokerage service is utilising the IRAM solution extensively. New B2B services will be integrated to the IRAM solution in the Spring of 2015.
With the help of Identity Relationship and Access Management DNA was able to generate new business and achieve considerable cost savings. Come and see how this was possible.
- How to generate new business opportunities with Identity Relationship and Access Management solutions
- How did dynamic authorisation management help DNA
- How can you effectively manage a corporate customer base of tens of thousands with an Identity Relationship and Access Management solution
- What’s the bottom line? Was it worth it?
Access Intelligence, User Activity Monitoring, Recertification: What do we Really Need?
Improve your level of compliance, gain up-to-date insight and reduce recertification workload. Add business risk scoring to your Access Governance Architecture, focus attention on high-risk access and extend your existing infrastructure to provide real-time access risk information. Re-think your existing Access Governance processes and understand upcoming IAM challenges and their impact on your infrastructure.
This panel will discuss which approaches on redefining and extending existing approaches on Access Governance suit today’s need best.