+
  • Runtime authorization

    Make sure access controls are applied on time, all the time, and at all access points, with runtime authorization.

Why do we need runtime authorization?

We are constantly gathering new data and other critical assets, meaning our applications and databases are subject to constant change. New customers, employees and partners all need access to these assets from different locations and different devices. Regulations are changing and so are the requirements placed on your authorization system. Managing this complex web of access controls, at high-velocity and in real-time across an enterprise, requires dynamic run-time authorization.

How does runtime authorization work?

Runtime authorization is decoupled from access control touchpoints. This enables access control to be enforced dynamically from one centralized authorization management server throughout the enterprise and IT environment. Business policies are enforced governing who can access what, from where, at what time and for what purpose. These attributes form the basis of Attribute Based Access Control (ABAC) also known as Policy Based Access Control (PBAC) which enables critical assets to be securely shared and strict regulations to be enforced. Whenever a policy is created or edited, run-time authorization is enforced, making it ideal for handling a high volume of requests at high velocity.

Still have questions?

Key capabilities of runtime authorization

Run-time authorization replaces the static method of enforcing access controls that relied on roles (RBAC) and had to be coded at the source. Corporate policies are evaluated in real-time before access is granted.

Low Latency

Despite authorization being centralized, the powerful policy management server and enforcement engine can handle enterprise-wide access requests, instantly.

Immediate updates

As access is governed by policies, any changes are made centrally and immediately enforced across the enterprise at run-time.

Context aware decisions

As a key part of the Identity and Access Management Framework, the system is in constant contact with authentication systems, attribute directories and other third-party services to make informed, context-aware decisions.

Multi-level security

Since assets are spread across the IT environment in databases and data lakes, and accessed via the cloud, applications, portals, and APIs, run-time authorization is enforced at every level of a stack.

Get in touch with us for more help.

Architecture: Modern policy-based runtime authorization for your organization

Run-time authorization consists of several key architectural elements. Due to the agnostic nature of Attribute Based Access Control, it can be deployed to support legacy on-prem systems, as well as modern cloud and hybrid environments.

Policy management

Policy Management is handled from an intuitive management console where policies can be written, published, reviewed, edited and enforced. At the backend, it comprises of Policy Administration Points (PAPs) and the support elements of Policy Information Points (PIPs), and the Policy Repository.

Policy administration point

In the Policy Administration Point, a user writes the policy in plain language, which is then automatically converted to machine-readable, standards-based code for administration and enforcement by the system.

Policy information point

The policy repository is the secure storage point for authorization policies, which is typically a relationship database. Since policies are converted to code, it’s common practice to use a standards-based code – that can guarantee policy integrity.

Enforcing authorization at run-time

Providing run-time authorization relies on a further two key elements.

Policy decision point

The Policy Decision Point evaluates what’s written in a policy and makes a decision – typically Permit or Deny access – based on what is written in a policy. If the access request is for data in a database, data masking can be utilised to mask or filter data from the user.

Policy enforcement point

With a decision taken, it is then enforced by the Policy Enforcement Point at run-time and the user is granted or denied access to use the data in accordance with the policy. The data transaction is recorded for transparent auditing purposes.

Still have questions?

How Identity governance and runtime authorization go hand-in-hand

Runtime authorization offers a richness to policy writing that supports identity governance and enables enforcement of strict regulatory requirements – including Sarbanes-Oxley Act (SOX) and the Health Insurance Portability and Accountability Act (HIPAA) – in real-time. Stating who has access to what in a policy, in accordance with an identity governance framework, is automatically enforced as an attribute in ABAC. Aggregating this through centralized authorization of policies brings simplification to this complex authorization area and supports improved regulatory auditing.

Want to find out more?

How to choose the right access control solution

No matter where your sensitive assets are stored or how complex or distributed your architecture is, we can help you safeguard and securely share them. Our experts can help you define requirements and tailor an Attribute Based Access Control solution from our dynamic authorization suite to meet your needs.

Get in touch

Regulations are getting stricter and competitors are getting more aggressive. Don’t spend time on authorization, focus on your core activities and we will ensure data is secured and regulations are met.

Customer support

Do you have a question for an Axiomatics engineer? Our support team are ready to help you.