My recent vacation had a lot to do with authorization…seriously!
Back in March, I was fortunate enough to get to go on a once in a life trip with my wife and two kids.
We traveled from our small rural town in Canada to visit six different countries in Europe over three weeks.
We saw a lot of the most well-known tourist attractions, met different people and cultures, and learned to appreciate what we have and appreciate what others have as well.
While we got to see a lot, something started to occur to me…
Authorization is everywhere!
The problem is that it’s done wrong almost everywhere.
Authorization in every day life
When we visited places like the Roman Colosseum, the Eiffel Tower, or the Initiation Well in Portugal, we were authorized to visit certain locations within those places, but there were a lot of areas that were off limits.
Many of you are likely familiar with the signs we saw which said things like:
- ‘No unauthorized access’
- ‘Employees only’
- ‘Stay behind the velvet rope’
All of these signs were a way for authorities to control authorization to only a select few people.
Nothing was actually stopping us from getting past these signs other than a moral obligation to not break the rules.
In most cases, employees are given special permission to go beyond these signs or ropes to get access to other areas that regular users can’t access.
This got me thinking about what I see as organizations struggle with authorization.
The problem I’ve seen with a lot of organizations is that they build authorization into their applications that operates just like the velvet rope.
Users are granted special privileges to access information beyond the velvet rope of the application either on a case-by-case basis or just generically through a role such as ‘Finance‘.
This approach is coarse-grained and doesn’t look at everything known about the user trying to access the information.
Axiomatics can help
With Axiomatics, our solution looks at everything that is known about the user and the resource they are trying to access and make a dynamic and real-time decision to permit or deny access.
A simple example of common user attributes we see organizations leverage are:
- User department
- User role (Manager, Insurance Agent, etc.)
- Security clearance
- Risk score
This small list includes only a few of the countless options available, but even these few attributes can be used to drastically remove the complication of building access controls, while increasing security to ensure only the right user has access to the right information at the right time and place.
If this sounds like a struggle your organization has, if you’re simply curious about authorization, or want to talk more about traveling to Europe, request a demo or contact us to take the step in your journey.