Segregation of duties has emerged as a problem growing completely out of proportion, mainly due to poorly design access control techniques. A switch from the Role Based Access Control (RBAC) concept to modern Attribute Based Access Control (ABAC) schemes considerably simplifies SoD resolution. This White Paper explains why.

In recent years many IT organizations have struggled to identify potential Segregation of Duties (SoD) violations within their IT systems.

A violation of this kind occurs if a user is given permissions which combined can be used to subvert a business critical process or in other ways cause harm in breach of corporate policies. A common example is the combination of permissions to manipulate vendor master data and permissions to approve invoice payments to a vendor. This combination leads to risk exposure since a user fraudulently could register a vendor and then approve fake invoices for his own benefit. The effects of a SoD analysis often leads to costly remediation efforts since conflict resolution may require altering role definitions and related business processes. Alternatively, auditors may agree to accept mediating controls, meaning the risk is accepted but managed through manual controls at regular intervals to verify that permissions in breach of corporate policies are not abused.

Some resources on this web site are available for registered users only. To access them, you need to login. If you do not have an account yet, use the registration form below.

Log in
Register

Note! Email address for activation code

or Cancel

Note! An email will be sent out. To activate your account, click the activation link in your email.
Purpose of use: see Axiomatics privacy policy.

No files or file permissions for this user

Search


The XACML Value Proposition

Cost savings may not be your primary reason to look for standards-based and fine-grained access control. It is, however, a predominant side-effect. Once you achieve secure information sharing you also enable new business opportunities. Read more...

Standards-based solutions

Cloud, mobile computing, multiple user identities, etcetera, are all factors that in the past, required an individual approach to access control. With XACML, standards-based authorization solutions can now encompass virtually any technology. Read more...

Trusted solutions provider

Axiomatics solutions can be found in use at leading global entities within finance, manufacturing, healthcare, and the public sector. Our trusted technology has been consecutively chosen for the world's largest XACML deployments. Read more...

Technology

Axiomatics is a driving force in authorization technology. The company's dedicated research hub boasts many of the world's leading experts in XACML, the standard that powers attribute based access control (ABAC), while the Axiomatics CTO is the editor of the OASIS XACML 3.0 specification. Furthermore, Axiomatics was the first organization to attest complete XACML 3.0 speciication conformance.

ABAC

Attribute-Based Access Control (ABAC) surpasses all previous authorization models. It provides easily scalable, dynamic, context-aware and risk-intelligent access control, essential for the modern enterprise.

Solutions

Axiomatics solutions deliver anywhere, any-depth access control across virtually any and every IT environment. They enable secure sharing of information across and within organization's borders and boundaries and compliance with ever-evolving regulatory mandates, while promoting new business opportunities, reducing time-to-market and cutting IT development costs.

eXtensible Authorization

Axiomatics solutions bring together the benefits of standardization, through XACML, with the proven results of externalized authorization. This is more commonly known as eXtensible Authorization.