Peer Insights: Wisconsin IAM User Group

We’re always looking for ways to get involved with local colleagues in the IAM space. In a recent session, we met with some of our peers at the Wisconsin IAM Meetup group in Waukesha, WI. I wanted to share some detail on these local Meetups, as there is benefit for technical, business and sales roles within the IAM space.

If you’re not familiar with the IAM Meetups, initially these began as a place for Ping Identity customers to get together. But after several meetings, the groups emerged as partnerships between multiple vendors. Now the goal is to create local communities focused specifically on Identity and Access Management (IAM), and strive to be vendor agnostic and educational to better serve the attendees. They’re also a great forum to get to know other colleagues with similar IAM roles and challenges.

The meetings typically work like this: we start with networking time, beverages and snacks, and then move to presentations, panel discussions or other interactive discussions. There is also plenty of time for one-on-one discussions and networking. Axiomatics works in partnership with other IAM vendors to help plan and host these events. In particular, the group in Wisconsin was created in 2015 through partnership with Radiant Logic – Al Cocconi and I have been cohorts in building it since that time.

We’ve since gained traction and great participation from local IAM professionals around the country. Our Wisconsin group boasts a member list of nearly 200 attendees and regularly draws Wisconsin-based companies such as Aurora Health Care, Brookdale Senior Living, Harley-Davidson, Kohl's, Manpower, Northwestern Mutual, ProHealth Care, and SC Johnson (to name a few).

We had a great line-up of contributors for this session. Keith Kunkel, Senior Information Processing Consultant at the University of Wisconsin-Milwaukee, Lubar School of Business, led the meeting and started the introductions. Our first scheduled speaker was Guarav Sheth, Senior Manager Cybersecurity with Ernst & Young. Unfortunately, his travel to Milwaukee was cancelled due to Winter Storm Niko. Thankfully our second presenter, Dan Beckett, Managing Partner and Executive Advisor at Security Architects Partners was happy to step up and extend his talk.

Dan led a dynamic and engaging presentation with the theme, "Time is Not on Your Side: Leading IAM Practices to Avoid Catastrophe." Focusing on five main tenants of good security practice, he encouraged deeper discussion and real world examples of information security. One of our attendees, Jane McCormick, an Information Security Analyst at Associated Bank, remarked that "These detailed discussions around best practices are exactly why I find this group so beneficial."

The talk sparked some meaningful sharing of ideas for everyone in the room, and plans for follow-up meetings and discussions after the event. Talking with Dan afterward he explained, "This meeting was one of the most interactive sessions I've had the pleasure of moderating. I thought the attendees were very engaged and really contributed some great anecdotes and experiences that benefitted everyone, myself included."

The Wisconsin IAM User Group has already scheduled our next meeting for Wednesday, May 17, 2017, and I hope you can join us. We strive to find locations that are between Madison and Milwaukee for convenience. You can find more information about the group and links to past meetings at our Meetup page here: https://www.meetup.com/MilwaukeeIAM/. A full listing of the cities, upcoming dates, and Meetup sites for the IAM User Groups can also be found here: https://www.radiantlogic.com/learning-center/events/user-groups/ 

Continue reading
197 Hits
0 Comments

The Power of ABAC for your API Gateway

We’ve been hearing a lot from our customers lately about the power of using APIs and microservices to expand business and speed time-to-market for new offerings. These new projects are almost always built using many different components and with that have complex security requirements – the need to share information, securely, and under the right conditions.

Using ABAC to provide fine-grained access control has become a best-practice. To meet this growing request, Axiomatics can integrate easily with most API Gateways – CA Technologies, Axway, Apigee, Data Power – and the list goes on. Thanks to the agility of our authorization solutions, we are able to work with many other configurations as well.  Integrating the authorization is a matter of configuration, no need to write any code or install separate components.

Are you looking to provide this necessary level of access control to your API or microservices project? We’d like to talk to you further about adding ABAC to the mix.

This email address is being protected from spambots. You need JavaScript enabled to view it..

You may also be interested in reading more on APIs here.

Continue reading
147 Hits
0 Comments

How Using ABAC Can Improve API Security in 2017

During Gartner’s recent IAM conference, I noticed an emerging conversation around the issues of API usage at the enterprise level. Enterprise adoption of APIs is viewed as an inevitable consequence of the ongoing digital transformation many IT professionals are managing.

API stands for Application Programming Interface and they help developers create applications that communicate easily with other applications and services. APIs are the backbone of any application ecosystem, which are a huge part of the trend towards digital transformation. All of those applications talking to one another are generating a huge amount of user data that enterprise companies need to be prepared to manage and secure.

Continue reading
398 Hits
0 Comments

Top Five Trends to Transform Enterprise Security in 2017

Our experts at Axiomatics got together at the end of the year to take a look at the trends in store for 2017. Some of these may sound familiar, as the era of digital transformation continues to expand. But you'll find a common theme: Marty Leamy, our Americas President said it best, “This year’s trends examine the evolving ways organizations can realize better enterprise-wide security with the exploding amounts of data that enterprises need to protect. Business executives are demanding better enterprise-wide security for all of their data, not only for regulatory compliance but also to protect their most critical assets.”

Attribute Based Access Control can help you address these areas that will challenge access control across your enterprise. Read on for the Top Five! 

Continue reading
384 Hits
0 Comments

How can many complex permit rules for the same policy be managed?

Background

XACML, the eXtensible Access Control Markup Language, is an authorization language that implements Attribute Based Access Control (ABAC). As the name indicates, XACML uses attributes inside policies to convey authorization statements. Policy authoring can be an art form, and we won’t get into every aspect of policy authoring today. For a brief overview of what a policy is, click here.

Continue reading
409 Hits
0 Comments

The Data Access Filter for Multiple Databases just got better.

I'm happy to share that we're ending the year with a release of the Axiomatics Data Access Filter for Multiple Databases. If you're not familiar with this solution, ADAF MD provides the ability to apply an Attribute Based Access Control approach to relational databases, featuring both Dynamic Data Masking and Data Access Filtering to ensure only authorized parties can view data retrieved from databases such as Oracle, IBM DB2, Microsoft SQL Server, or Teradata.

This release adds several technical enhancements for using the product in large-scale deployments. The feature set includes:

  • Multi-table attribute mapping to avoid duplication of XACML attributes and rules in customer's policies when protecting two or more tables.
  • The ability to fetch table definition information from the database when configuring the SQL Filter Service Agent.
  • Support for SQL statements containing synonyms (referred to as aliases in DB2).

This release also adds support for Red Hat Enterprise Linux 7.1 and 7.2 and Teradata 15.10, and also packages the latest version of Axiomatics Policy Server Express Edition.

Read more about ADAF MD here.

You may also enjoy this white pape on next generation data-centric security

 

Continue reading
163 Hits
0 Comments

Going on vacation, how can I implement delegation in XACML?

Delegating access: the proxy-delegate pattern

Sometimes, as users, we want to delegate access to our resources. For instance, an account manager may want to delegate access to their accounts to another account manager. This typically happens when the first account manager, Alice, is on vacation or unavailable, and she wants to make sure another manager, Bob, can handle her accounts.

Continue reading
348 Hits
0 Comments

Externalized Dynamic Authorization in a [Micro]Services World Pt. 3

Part 3: Microservices Authorization In-Depth

This is a multi-part series of articles describing why and how one can approach applying Externalized Dynamic Authorization to an API and/or microservices architecture that uses OAuth 2.0 flows and/or OpenID Connect (OIDC). Externalized Dynamic Authorization and OAuth 2.0 (and/or OIDC) are complementary technologies. Some of the naming can lead to confusion however, on what roles each can and should play. The series is divided into multiple parts: This Primer provides some background of the standards involved in this series, including OAuth 2.0 (referred to as just OAuth from here on out) and OpenID Connect (OIDC). The eXtensible Access Control Markup Language (XACML) tutorial is available as well.

Continue reading
729 Hits
0 Comments

Externalized Dynamic Authorization in a [Micro]Services World Pt. 2

Part 2: OAuth Scopes May Not be Enough

This is a multi-part series of articles describing why and how one can approach applying Externalized Dynamic Authorization to an API and/or microservices architecture that uses OAuth 2.0 flows and/or OpenID Connect (OIDC). Externalized Dynamic Authorization and OAuth 2.0 (and/or OIDC) are complementary technologies. Some of the naming can lead to confusion however, on what roles each can and should play. The series is divided into multiple parts: This Primer provides some background of the standards involved in this series, including OAuth 2.0 (referred to as just OAuth from here on out) and OpenID Connect (OIDC). The eXtensible Access Control Markup Language (XACML) tutorial is available as well.

Continue reading
595 Hits
0 Comments

What is the main difference between XACML 3.0 and XACML 2.0?

To Axiomatics prospects and customers, standardization, or standards compliance, is of great importance and often one of the deciding factors in choosing Axiomatics over “homegrown” or vendor proprietary products.

A standards-based product will, among other things, allow the customer to source software from multiple, standard-compliant vendors and to reduce the business risk or “vendor lock-in.” When it comes to Attribute Based Access Control (ABAC), the only applicable standard is eXtensible Access Control Markup Language (XACML). This is the standard to which an organization should require compliance when looking at solutions for Externalized Access Management (the term that Gartner now uses) / fine-grained access control / Attribute Based Access Control.

Continue reading
425 Hits
0 Comments