Bridging the gap with generative AI

Mark Cassetta   ·   Wednesday, October 25th, 2023

One of the common objections that I hear about authorization is that it is hard.

What’s interesting is that every organization has been building authorization policies since they started building applications.

It’s not that authorization is hard.

It’s that shifting to a modern authorization strategy, especially one powered by attribute-based access control (ABAC), is perceived as difficult, and let’s face it, there is probably a good reason for that. 

ABAC is not new. Axiomatics has been in the market for more than fifteen years and we know first-hand what it takes to adopt an enterprise-wide ABAC strategy.

While many enterprises have succeeded, some fall into a chasm where they cannot gain an enterprise-wide understanding and acceptance of why ABAC needs to be adopted or how to do it. 

We also know that with the global urgency to adopt Zero Trust, ABAC is central to a modern cyber security strategy.

As a result, we have focused our product strategy on understanding how we can empower the entire organization to quickly understand and participate in the creation of ABAC policies.

I am not just talking about teaching more developers/solution architects. It’s also about finding the right ways to include and empower business/product stakeholders in the ABAC policy creation process. 

Policy Designer: A stepping stone

Less than a year ago we released Policy Designer, a simple policy creator for those unfamiliar with designing policies to take control of policy creation, moving the policy authoring responsibility from the developer to a business user.

What we learned with this product was that in principle, an easy-to-use rule builder made sense, but it still didn’t solve the true problem. Business analysts don’t want to create policies, they want to create clear requirements that their technical team can pick up and run with quickly.  

Enter generative AI (Artificial Intelligence)…

Closing the gaps with Generative AI

In general terms, generative AI allows users to have a place they can turn to if they want to gain insight on any number of topics.

We know that in everyday life, people have turned to AI to learn new skills previously completely foreign to them, such as designing images, creating bedtime stories, and even writing code.

Why couldn’t that approach be leveraged for those wanting to build their own ABAC policies?

We looked into that question and saw the potential that generative could bring to bridge the gap between authorization and access control.
 
We respect the fact that generative AI should not yet be viewed as an authoritative source for authorization policy creation.

However, initial research suggests it could be a great companion to quickly teach non-authorization experts how to build good authorization policies that align to an ABAC standard.

Once the policies are created, we also saw generative AI being a companion to help convert policies into an initial syntax and accelerate initial policy creation for the technical team.

With the way market and technology advancements are pacing, the bridge to make authorization more attainable using generative AI is being built and we want to lead the construction.

This is, after all, part of the fabric of Axiomatics – more than fifteen years ago, our founders saw where the authorization and access control markets were headed and led the charge in formulating what ABAC should be.

Now, we see the value generative AI gives users by helping them go from barely understanding what ABAC means to bridging the gap of writing policies in minutes. We are driven to be part of building the design, influencing the outcome for our customers and bringing them on the AI journey.

Policy Companion: The bridge

Today, depending on the organization, the authoring process could take days, weeks or months  to learn how to build good authorization policies based on an ABAC standard. We challenged ourselves to shorten the time frame down to minutes.

With Policy Companion, we minimize the number of people involved to one person who can build good policy syntax in a matter of minutes. This is achieved through leveraging the power of generative AI. 

Specifically, with Policy Companion we address three common barriers developing authorization policies and enable enterprises to achieve three critical outcomes:

• Bridging plain human language with machine readable code,
• Automatically converting unstructured policies into structured ABAC code, and
• Ability to understand core ABAC policy concepts in minutes instead of weeks or months.

Throughout the process of this AI journey, we knew there were a number of ways in which we could apply generative AI. But as we continued to speak with our enterprises, partners, customers and others, we knew we wanted to focus on applying this in a way that addressed a common challenge and where we had strong experience – authoring policies and making that process even faster. 

What’s next?

There is an interesting and exciting inflection point happening across all of software and we are thrilled to be able to innovate in ways and speeds we couldn’t before. Shifting our mindset to the opportunity in front of us has driven us to achieve this innovation in a matter of months. We are excited to work with our customers and partners to determine where this takes us next.

Though today we’ve introduced Policy Companion, a product we will productize in H1 next year, it is still in its pilot phase for a core reason – we want to hear from you.

Because generative AI is still relatively fresh in the eyes of global adoption, we really want to take the time to understand all of the bigger conversations happening around AI, including expectations from security and privacy standpoints. 

So, I am presenting all of you with a challenge: While I am already well on my way, I want to get feedback from 224 companies by 2024 about Policy Companion.

Through your input, you’ll have the opportunity to inform our strategy to ensure we build policy-driven authorization solutions to meet your needs. We’re taking the time to not only gain feedback, but to reflect on your feedback and use it to launch Policy Companion in a meaningful way so that not only are we excited to demo it, but so are you! 

Contact me directly at @Mark.Cassetta@axiomatics.com or feel free to request a demo. I look forward to speaking with you further.