+
Axiomatics Featured in KuppingerCole Market Compass for Policy-Based Access Management (PBAM) Learn more  
access control

Runtime authorization

Make sure access controls are applied on time, all the time, and at all access points, with runtime authorization.

Why do we need runtime authorization?

We are constantly gathering new data and other critical assets, meaning our applications and databases are subject to constant change. New customers, employees and partners all need access to these assets from different locations and different devices. Regulations are changing and so are the requirements placed on your authorization system. Managing this complex web of access controls, at high-velocity and in real-time across an enterprise, requires dynamic run-time authorization.

Our Platform
security camera

Key capabilities of runtime authorization

Run-time authorization replaces the static method of enforcing access controls that relied on roles (RBAC) and had to be coded at the source. Corporate policies are evaluated in real-time before access is granted.

Get the dynamic advantage

Low Latency

Despite authorization being centralized, the powerful policy management server and enforcement engine can handle enterprise-wide access requests, instantly.

Immediate updates

As access is governed by policies, any changes are made centrally and immediately enforced across the enterprise at run-time.

Context aware decisions

As a key part of the Identity and Access Management Framework, the system is in constant contact with authentication systems, attribute directories and other third-party services to make informed, context-aware decisions.

Multi-level security

Since assets are spread across the IT environment in databases and data lakes, and accessed via the cloud, applications, portals, and APIs, run-time authorization is enforced at every level of a stack.

Architecture: Modern policy-based runtime authorization for your organization

Run-time authorization consists of several key architectural elements. Due to the agnostic nature of Attribute Based Access Control, it can be deployed to support legacy on-prem systems, as well as modern cloud and hybrid environments.


Policy management

Policy Management is handled from an intuitive management console where policies can be written, published, reviewed, edited and enforced. At the backend, it comprises of Policy Administration Points (PAPs) and the support elements of Policy Information Points (PIPs), and the Policy Repository.

Policy administration point

In the Policy Administration Point, a user writes the policy in plain language, which is then automatically converted to machine-readable, standards-based code for administration and enforcement by the system.

Policy information point

The policy repository is the secure storage point for authorization policies, which is typically a relationship database. Since policies are converted to code, it’s common practice to use a standards-based code – that can guarantee policy integrity.

Enforcing authorization at run-time

Providing run-time authorization relies on a further two key elements.


Policy decision point

The Policy Decision Point evaluates what’s written in a policy and makes a decision – typically Permit or Deny access – based on what is written in a policy. If the access request is for data in a database, data masking can be utilised to mask or filter data from the user.

Policy enforcement point

With a decision taken, it is then enforced by the Policy Enforcement Point at run-time and the user is granted or denied access to use the data in accordance with the policy. The data transaction is recorded for transparent auditing purposes.

How Identity governance and runtime authorization go hand-in-hand

Runtime authorization offers a richness to policy writing that supports identity governance and enables enforcement of strict regulatory requirements – including Sarbanes-Oxley Act (SOX) and the Health Insurance Portability and Accountability Act (HIPAA) – in real-time. Stating who has access to what in a policy, in accordance with an identity governance framework, is automatically enforced as an attribute in ABAC. Aggregating this through centralized authorization of policies brings simplification to this complex authorization area and supports improved regulatory auditing.

How to choose the right access control solution

No matter where your sensitive assets are stored or how complex or distributed your architecture is, we can help you safeguard and securely share them. Our experts can help you define requirements and tailor an Attribute Based Access Control solution from our dynamic authorization suite to meet your needs.

people collaborating

Have 30 minutes?
Let's show you a demo!

See how Axiomatics enables you to balance the demands of your security team and your business users with the authorization solution that our customers love.

In the meantime, check out this example demo...

Book a full demo