Attributes is the new role?

By Sandeep Chopra.

“Attributes” is the new Role?

In the last Gartner Identity and Access Summit in Nov 2013, Gregg Kreizmann, Research VP in Gartner, made a prediction that by 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today.

In Oct 2013, NIST published their report titled “Guide to Attribute-based Access Control Definition and Consideration”, which we discussed in an earlier blog. This is recognition that organizations, including the federal government, need to govern how information is shared across systems, applications, and organizations. more “Attributes is the new role?”

Container-Based Controls versus Dynamic Authorization: The Difference in Windows Environments (Part 1 of 2)

By Sandeep Chopra.

If you are debating whether to upgrade to Windows Server 2012, plenty of articles describe its new security benefits (for example, see here and here). Fewer articles discuss the basic shift in Access Management this release can enable. To understand the potential benefits of one key feature, Dynamic Access Control, it’s useful to compare this approach with more well-known models of Access Management, such as ACLs and Security Groups. This blog is first in a series that compares how Access Management was handled in Windows environments prior to the 2012 release with what’s possible now. more “Container-Based Controls versus Dynamic Authorization: The Difference in Windows Environments (Part 1 of 2)”

Is Role-Based Access Control Sufficient?

By Soujanya Madhurapantula.

In SAP’s role-based security architecture, Users and Authorization objects are used to create profiles, such as “buyer” or “payer”, and these are used to define functional roles.

As a counter measure for potential fraud, the GRC Access Control Segregation of Duties can dictate that a user should not have, for example, both a buyer profile and a payer profile simultaneously.  In simple cases like this, SAP’s authorization concept works great!  It’s able to distinguish which user can perform a specific function by limiting their access to certain transactions, programs and services.  It even provides an easy way to administrate HR functions like role changes and employee turnover. more “Is Role-Based Access Control Sufficient?”