What is Authorization? Authorization, also referred to as Access Control, is the process that follows authentication (which checks your identity and ensures that you are who you say you are within a system) and which enforces the policy of what a specific user or service can do within a
Gartner has an interesting article titled "Modernize Your Runtime Authorization" that highlights some aspects you need from a modern enterprise authorization systems. Over the years I have seen several adjectives being used to describe an advanced authorization management system. These capture
Global regulatory legislation is a headache for almost every business, especially large,multi-national corporations. Organizations operating across borders must manage diverse regulations specific to each country. Today, we see an evolution of data privacy-specific laws to formalize, unify and
As new technologies emerge and hackers continue to develop new techniques, your enterprise data becomes more vulnerable each day. The days of storing information in a single, on-premise database are over. As a result, businesses are searching for new, modern technologies and techniques to secure
Network access security is quickly evolving as the amount of data produced by an organization increases. Combine this with the rapid increase of remote working around the world and employees needing that secure data quickly to stay productive. Traditionally, network security was about protecting
Are you looking for further clarification in working with XACML? This post originally appeared on Stack Overflow. Question: XACML allows us to specify <Target> tag in both <Policy> as well as in <Rule> tags. What I would like to understand is that: What is the
Protect What Matters Most: The Data -- Part 2, Data-Centric Security Welcome to Part 2, of Protect What Matters Most: The Data. You can find Part 1 here, if you didn't catch it. A while back, my colleague, Gerry Gebel, and I delivered a webinar on the very topic of data-centric authorization.
Protect What Matters Most: Fine-grained, Policy-based Authorization for your Data Introduction When I speak to customers about what Axiomatics does (fine-grained, externalized, policy-based access control), I tell them that historically access control was implemented within each and every app or
Most modern environments today handle large amounts of data. Typically the data is spread across different data sources such as relational databases or even a big data system or data lake. And within these massive data stores, therein lies data that is very sensitive and critical to
This Q+A originally appeared on Information Security Stack Exchange. Question: We are looking to implement Attribute-Based Access Control. While we are sold on the philosophy, there are two topics that seem to crop up: Will it lead to significant performance issues? Especially
