Where nothing is at stake, there is no need for protection. Access control is essentially risk management. The greater risk, the greater the need. Authorization services therefore need to support, rather than obstruct, business objectives, something that can only be achieved with risk-intelligent access control solutions.

In any line of business risks are continuously changing. The values at stake and the threats they are exposed to vary over time. Conventional access controls however, are inflexible; they are either "on" or "off", whereby "on" often hinders legitimate use and information sharing, and "off" overexposes an organization to risk. Furthermore, more often than not, a scenario occurs where access at the "front door" is too secure, while the "back door" is left wide open. Managing risk intelligently with Axiomatics eXtensible authorization solutions however, solves such problems once and for all.Risk indicators

Different types of risks

Information security principally depends on our ability to deal with three different risk types:

  • Confidentiality: the risk that assets be exposed for unauthorized or illegitimate use
  • Integrity: the risk that information no longer is trustworthy, possibly due to a prior confidentiality breach.
  • Availability: the risk that business critical information becomes inaccessible or accessible with unacceptable delay or difficulty only.

The latter is often an indirect result measures intended to mitigate the first risk type. Indeed, with conventional, static and coarse-grained access control techniques there may not be an option. To secure confidentiality, information is kept behind locked doors where it remains safe, but of little use. The ability to share information, to make it available for legitimate use while protecting confidentiality and integrity, is typical gain when a shift to modern, fine-grained access control techniques is made.

Policies capturing risk conditions

Human languages support a risk intelligent behavior. "You'd better bring your umbrella; there will be rain this afternoon." To automate risk intelligence in access control systems a similar capacity is needed; the ability to express risk conditions and alter the behavior systems depending on risk levels.

With traditional access control models - assigning permissions to users via roles (RBAC) or assigning information assets to users via Access Control Lists (ACLs) - there is no way you can express context-related conditions. Either your users walk around with umbrellas in sun shine or they get wet in the rain.

Extensible authorization adds a core capability to access control techniques, namely policies. A versatile policy language, the eXtensible Access Control Markup Language (XACML), is used to capture conditional risk aspects and to grant access permissions. "Yes, permit users to read this confidential document in the context of X provided that Y unless the document state is Z. The XACML language, like human languages, uses a comprehensive grammar. It uses the following building blocks defined by attributes:

  • Subject: the user or process that is demanding access.
  • Action: the task which the subject wants to perform on a resource
  • Resource: the asset or object which the subject is requesting to access
  • Environment: the context in which this takes place

The environment attribute in particular can be used to capture risk conditions. The environment may include aspects that directly relate to the access request, such as the location from where it is made, time of day, authentication strength etc. But it can also be used to capture the state of other data at the time of the request. "Permit users to do X unless the current location is different from a location used less than five minutes ago". "Permit users to do Y provided the total amount does not exceed the purchasing budget he/she is authorized to use". "Permit users to do Z provided they did not previously do A, B or C which would represent a segregation of duties violation". "If the action does not deviate from normal user behavior patterns, allow the execution of transaction".

An integral part of risk management

When risk analysis procedures identify new risk conditions, policies are easily refined to reflect these new insights in a non-intrusive manner. There is no need to alter applications controlled or to perform role modeling exercises. The risk factor is simply added as yet another condition to existing policies. Read more...

Business enabling

With such risk intelligent and dynamic capabilities in applied access control technologies, you can enable secure information sharing in new ways. Where risks previously mandated restrictive system lockdown, fine-grained and risk-aware policies enable publishing of information to a broader audience with risks securely handled. Read more...

Search


  • Spotlight

  • News

  • Events

  • Whitepapers

Axiomatics raises $6.5 million in new investment

Funding led by Swedish technology investment firm Monterro will strenghten Axiomatics. Monterro is an investment company specializing in building and growing Nordic software technology companies. Existing investors, Coach & Capital and Almi Invest, have also participated in this round of investment.

According to founding partner and CEO, Babak Sadighi, "Much of the funding will be used to further increase product investment and thus further support our clients."

You can read more about it here.

The XACML Value Proposition

Cost savings may not be your primary reason to look for standards-based and fine-grained access control. It is, however, a predominant side-effect. Once you achieve secure information sharing you also enable new business opportunities. Read more...

Standards-based solutions

Cloud, mobile computing, multiple user identities, etcetera, are all factors that in the past, required an individual approach to access control. With XACML, standards-based authorization solutions can now encompass virtually any technology. Read more...

Trusted solutions provider

Axiomatics solutions can be found in use at leading global entities within finance, manufacturing, healthcare, and the public sector. Our trusted technology has been consecutively chosen for the world's largest XACML deployments. Read more...

Technology

Axiomatics is a driving force in authorization technology. The company's dedicated research hub boasts many of the world's leading experts in XACML, the standard that powers attribute based access control (ABAC), while the Axiomatics CTO is the editor of the OASIS XACML 3.0 specification. Furthermore, Axiomatics was the first organization to attest complete XACML 3.0 speciication conformance.

ABAC

Attribute-Based Access Control (ABAC) surpasses all previous authorization models. It provides easily scalable, dynamic, context-aware and risk-intelligent access control, essential for the modern enterprise.

Solutions

Axiomatics solutions deliver anywhere, any-depth access control across virtually any and every IT environment. They enable secure sharing of information across and within organization's borders and boundaries and compliance with ever-evolving regulatory mandates, while promoting new business opportunities, reducing time-to-market and cutting IT development costs.

eXtensible Authorization

Axiomatics solutions bring together the benefits of standardization, through XACML, with the proven results of externalized authorization. This is more commonly known as eXtensible Authorization.