ABAC: ready, steady, go!
29
© 2014 Axiomatics AB 1 ABAC: ready, steady, go! ebinar: October 30, 2014
-
Upload
axiomatics-ab -
Category
Software
-
view
500 -
download
2
description
Is authorization an issue for your organization? Are current static access control methods in use, exposing your company to unnecessary risk? If so, it's time to exchange RBAC for ABAC and protect business critical information. Attribute Based Access Control (ABAC) has been developed to handle the complex information security issues posed by mobile, big data, BYOD, etc. Indeed, Gartner predicts that by 2020, 70% of all business will need ABAC in place. With ABAC in place in your organization you can 1. share information securely with the right people 2.reduce fraudulent activities in an organization 3. streamline IT development costs 4. meet and prove regulatory compliance 5. get a complete overview who has access to what
Transcript of ABAC: ready, steady, go!
© 2014 Axiomatics AB 1
ABAC: ready, steady, go!
Webinar: October 30, 2014
© 2014 Axiomatics AB 2
Guidelines
You are muted centrally
The webinar is recorded
Slides available for
download
Q&A at the end
© 2014 Axiomatics AB 3
Today’s speakers
Finn FrischSrijith Nair
© 2014 Axiomatics AB 4
Agenda Attribute Based Access Control
(ABAC) introduction & drivers
Get started now:APS Express Edition
Demo
Q&A
© 2014 Axiomatics AB 5
IntroductionOverview and preamble
Axiomatics
Business drivers – why organizations invested in ABAC
Business challenges – what problems they solved
© 2014 Axiomatics AB 6
Who is Axiomatics?Leading provider of ABAC - Attribute Based Access Control
Global deployments
200M+ users
100s of apps
Product and Innovation leader
© 2014 Axiomatics AB 7
What is Attribute Based Access Control (ABAC)? A mode of externalized authorization
Authorization policies/rules are managed in a centralized service (deployment can be centralized/distributed/hybrid)
The Extensible Access Control Markup Language (XACML) is an example of an ABAC system
Policies utilize attributes to describe specific access rules, which is why it is called attribute based access control
© 2014 Axiomatics AB 8
Next generation information security
= dynamic authorization
= attribute based access control
© 2014 Axiomatics AB 9
Who
What Sensitive /business critical Information
Grant or deny access based on the following attributes
When
Where
Why
How
© 2014 Axiomatics AB 10
can access information
information can they access
can they access information
can they access information from
, from which device or via which API can they access information
, for what reason can they access information
Who
What
When
Where
How
Why
ABAC enables the Any-Depth Architecture
© 2014 Axiomatics AB 11
© 2014 Axiomatics AB 12
ABAC Timeline
2009US Federal CIO Council –(FICAM) Roadmap and Implementation Plan v1.0advocates ABAC
2011FICAM v2.0:ABAC is recommended access control model for promoting information sharing between diverseand disparate organizations
2014Gartner predicts:”By 2020, 70% of all businesses will use ABAC as the dominant mechanism to protectcritical assets,up from 5% today.”
2012National Strategy for Info Sharing & Safeguarding included a Priority Objective to implement FICAM roadmap
2014NIST Guide to ABACSP 800-162 published
2014KuppingerColeLeadership Compasson Dynamic Authorization
”Dynamic Authorization Management is arguably the most exciting area in identity and access management today.”
Why organizations invested in ABAC technology
© 2014 Axiomatics AB 13
Consolidated infrastructure
Enhanced security
Business enabler
Compliance
Expose data and APIsto customers and
partners
Write once, Enforce everywhere
Consistent authorization
enforcement across applications
Implement legal frameworks
Delivers enterprise-wide performance ABAC solution
Unmatched scalability and performance
May not be best-fit for smaller projects
Axiomatics Policy Server
© 2014 Axiomatics AB 15
Efficient IT development
…depends on efficientsoftware development…
…and change management not causing delays.
© 2014 Axiomatics AB 16
Software development10%-40% cost savings – the more complex authorization rules you have, the greater the saving. Write access control code once and use over and over instead of maintaining thousands of ”if”-clauses in your code.
Change ManagementUp to 30% savings. No changes in applications when new business requirements or regulations mandate change access control policies.
© 2014 Axiomatics AB 17
Get Started Now!
Competing Pressures
© 2014 Axiomatics AB 18
Business
Owner
“Time-to
-mark
et!”
Security Architect
“Fine-grained
Authorization”
© 2014 Axiomatics AB 19
Quick to implement
Enterprise-ready
Easily scalable
Project level solution
Fastest, most effective way to deploy ABAC in an organization
Light-weight version of APS
Can be installed and setup in minutes
Tailored for single application or domain
APS Express Edition
21
XACML standard
ManagePolicy Administration Point
DecidePolicy Decision Point
SupportPolicy Information PointPolicy Retrieval Point
EnforcePolicy Enforcement Point
Request/Response
Policy
© 2014 Axiomatics AB
PEP SDK for Java
© 2014 Axiomatics AB 22
Container-based
© 2014 Axiomatics AB 23
PEP SDK for .NET
Web Services – WSDL API
© 2014 Axiomatics AB 24
Key Features
Standalone authorization solution for single applications
Easily scalable
Can be extended to support multiple applications
Can be upgraded to APS Enterprise for large-scale
deployments
Enterprise-ready
Support high availability deployment
Rich logging and monitoring capabilities
Subscription-based licensing
Flexible support options, including 24x7
© 2014 Axiomatics AB 25
Demo Install and Deploy
Using the service Direct use of WSDL SDK based
Possibilities…
© 2014 Axiomatics AB 26
APS ExpressRequest a 30-day trial today!
© 2014 Axiomatics AB 27
www.axiomatics.com/get-started-now
© 2014 Axiomatics AB 28
Questions?Thank you for listening
© 2014 Axiomatics AB 29
Don’t miss out on these events!
November 9-12 (Las Vegas, NV): CA World
December 2-4 (Las Vegas, NV): Gartner Identity & Access Management Summit North America
Upcoming events & webinars
More at www.axiomatics.com/events
