axiomatics and first point global webinar aug 6 2014
DESCRIPTION
This slide deck demonstrates how dynamic authorization supports innovation in the digital economy.TRANSCRIPT
![Page 1: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/1.jpg)
© 2014 Axiomatics AB 1
Attribute Based Access Control (ABAC) and Authorising Data Access
Webinar: August 6, 2014
![Page 2: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/2.jpg)
© 2014 Axiomatics AB 2
Today’s speakers
John Havers
Gerry Gebel
David Brossard
![Page 3: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/3.jpg)
@axiomatics@fpgidentity#ABAC#XACML
© 2014 Axiomatics AB 3
![Page 4: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/4.jpg)
© 2014 Axiomatics AB 4
IntroductionOverview and preamble
Business drivers – why organizations invested in ABAC
Business challenges – what problems they solved
Business values – what benefits they gained
![Page 5: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/5.jpg)
© 2014 Axiomatics AB 5
![Page 6: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/6.jpg)
© 2014 Axiomatics AB 6
Next generation information security
= dynamic authorization
= attribute based access control
![Page 7: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/7.jpg)
© 2014 Axiomatics AB 7
Who
What Sensitive /business critical Information
Grant or deny access based on the following attributes
When
Where
Why
How
![Page 8: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/8.jpg)
Why organizations invested in ABAC technology
© 2014 Axiomatics AB 8
Consolidated infrastructure
Enhanced security
Business enabler
Compliance
Expose data and APIsto customers and
partners
Write once, Enforce everywhere
Consistent authorization
enforcement across applications
Implement legal frameworks
![Page 9: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/9.jpg)
Innovating in the digital economy
© 2014 Axiomatics AB 9
Business enabler
Expose data and APIsto customers and
partners
ABAC Value Proposition
Use Cases:• Context aware information management• ABAC database filtering, the key to
unlocking identity aware legacy data
The importance of ABAC in a modern information security and digital strategy
![Page 10: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/10.jpg)
© 2014 Axiomatics AB 10
By 2020, 70 percent of enterprises
will use ABAC as the dominant
mechanism to protect critical assets,
up from less than 5 percent today.
“
”Gartner Predicts, March 2014
![Page 11: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/11.jpg)
© 2014 Axiomatics AB 11
Due to the emerging nature of the Dynamic
Authorization Management market, innovation is
a key capability. Innovation drives customer
satisfaction when they receive new releases
that meet their developing requirements.
Axiomatics leads this sector.
“
”KuppingerCole AnalystsDynamic Authorization
Management Report 2014
![Page 12: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/12.jpg)
© 2014 Axiomatics AB 12
Business ChallengesProblems solved
Benefits gained
![Page 13: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/13.jpg)
© 2014 Axiomatics AB 13
Secure collaboration
Rapid and secure transactions
Compliance and governance
Timely IT service delivery
![Page 14: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/14.jpg)
© 2014 Axiomatics AB 14
Secure collaboration
…depends on efficientinformation sharing…
… which depends onprecision in access controls.
![Page 15: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/15.jpg)
Legacy access controls fail in dynamic environments
© 2014 Axiomatics AB 15
ABAC thrives in dynamic environments
![Page 16: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/16.jpg)
© 2014 Axiomatics AB 16
The ABAC factorThe information highways can be opened again. Information can now be shared securely between the right people under the right conditions.
![Page 17: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/17.jpg)
© 2014 Axiomatics AB 17
Rapid and secure transactions…depend on efficientdelegation of powers…
… while losses due to fraud or excessive risk taking are minimized.
![Page 18: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/18.jpg)
© 2014 Axiomatics AB 18
Choose between speed and security…
..or choose both
![Page 19: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/19.jpg)
© 2014 Axiomatics AB19
The ABAC factor More people can be empowered to securely execute transactions.
The transaction approval process can be considerably speeded up, according to your risk appetite.
![Page 20: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/20.jpg)
© 2014 Axiomatics AB 20
Effective compliance
and governance…depend on efficientIT governance …
…which in turn depends on correct and verifiable authorizations.
![Page 21: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/21.jpg)
Internal controls matrix and manual checklists
Centrally maintained policies enforced across applications
© 2014 Axiomatics AB 21
Authorization service
![Page 22: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/22.jpg)
© 2014 Axiomatics AB 22
The ABAC factor
By enforcing regulations and proving that your organization is compliant you can avoid fines and other punishment, as well as damage to the organization’s reputation.
![Page 23: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/23.jpg)
© 2014 Axiomatics AB 23
Timely servicedelivery
…depends on efficientsoftware development…
…and change management not causing delays.
![Page 24: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/24.jpg)
© 2014 Axiomatics AB 24
Hundreds or thousands of If-clauses scattered all over your code
Write your policy once & automate enforcement wherever needed
Write once use many times
If project X is in
planning phase then…
else…
If the user is member of project X then … else …
If user is project lead
then … else …If project X is in production phase
then … else …
If project X change control board decision has been made then … else …
During the p
roject plann
ing
phase all pr
oject member
s may
change proje
ct specifica
tion
documents. I
n the produc
tion
phase specif
ications can
only
be changed b
y project le
ads
if and only
if a change
control boar
d decision
authorize th
em to do so.
![Page 25: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/25.jpg)
The ABAC factor
© 2014 Axiomatics AB 25
Software development10%-40% cost savings – the more complex authorization rules you have, the greater the saving. Write access control code once and use over and over instead of maintaining thousands of ”if”-clauses in your code.
Change ManagementUp to 30% savings. No changes in applications when new business requirements or regulations mandate change access control policies.
![Page 26: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/26.jpg)
So how do we do this?
![Page 27: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/27.jpg)
Dynamic authorization for applications, enterprise APIs, and web services
![Page 28: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/28.jpg)
Policies
Attribute Sources
1. Access request is intercepted
2. A query is sent to the external authorization service
3. The authorization engine evaluates the relevant policies
4. It may also need to query external attribute sources for more info
5. The decision – PERMIT or DENY is returned and enforced
User: Bob Application
Can Bob access record #22 PERMIT/DENY
AuthorizationService
![Page 29: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/29.jpg)
Dynamic authorization for data filtering
![Page 30: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/30.jpg)
Policies
Attribute Sources
1. SQL statement is intercepted
2. A query is sent to the external authorization service
3. The authorization engine evaluates the relevant policies
4. It may also need to query external attribute sources for more info
5. The result: SQL statement is dynamically modified and only authorized data is returned to user
Application Data storage
User Bob wants to SELECT * from table T
SELECT A,B FROM TABLE T
WHERE…
AuthorizationService
Filtereddata
© 2014 Axiomatics AB
![Page 31: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/31.jpg)
© 2014 Axiomatics AB 31
Conclusions
![Page 32: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/32.jpg)
© 2014 Axiomatics AB 32
Attribute Based Access Control (ABAC) objectives
Get competitive advantage and create new revenue streams
Minimize the risk of fraud with dynamic, real-time access control
Meet global regulatory and privacy requirements
Cut time to market and streamline internal development
![Page 33: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/33.jpg)
© 2014 Axiomatics AB 33
Attribute Based Access Control (ABAC) benefits
Enabling secure collaboration
Delegating execution powers for fast and secure financial transactions
Compliance, compliance, and compliance
Faster service delivery, reduced development costs
![Page 34: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/34.jpg)
© 2014 Axiomatics AB 34
Meet us on site Schedule time to meet with First Point Global and Axiomatics
During the weeks of August 25th and September 1st
Contact Damon Jones ([email protected])
or
Barry Metzger ([email protected])
![Page 35: Axiomatics and First Point Global webinar Aug 6 2014](https://reader033.vdocuments.mx/reader033/viewer/2022060117/55853f58d8b42a5e018b4bc6/html5/thumbnails/35.jpg)
© 2014 Axiomatics AB 35
Questions?Thank you for listening