We are constantly gathering new data and other critical assets, meaning our applications and databases are subject to constant change. New customers, employees and partners all need access to these assets from different locations and different devices. Regulations are changing and so are the requirements placed on your authorization system. Managing this complex web of access controls, at high-velocity and in real-time across an enterprise, requires dynamic run-time authorization.Our Platform
Run-time authorization replaces the static method of enforcing access controls that relied on roles (RBAC) and had to be coded at the source. Corporate policies are evaluated in real-time before access is granted.
Despite authorization being centralized, the powerful policy management server and enforcement engine can handle enterprise-wide access requests, instantly.
As access is governed by policies, any changes are made centrally and immediately enforced across the enterprise at run-time.
As a key part of the Identity and Access Management Framework, the system is in constant contact with authentication systems, attribute directories and other third-party services to make informed, context-aware decisions.
Since assets are spread across the IT environment in databases and data lakes, and accessed via the cloud, applications, portals, and APIs, run-time authorization is enforced at every level of a stack.
Run-time authorization consists of several key architectural elements. Due to the agnostic nature of Attribute Based Access Control, it can be deployed to support legacy on-prem systems, as well as modern cloud and hybrid environments.
Policy Management is handled from an intuitive management console where policies can be written, published, reviewed, edited and enforced. At the backend, it comprises of Policy Administration Points (PAPs) and the support elements of Policy Information Points (PIPs), and the Policy Repository.
In the Policy Administration Point, a user writes the policy in plain language, which is then automatically converted to machine-readable, standards-based code for administration and enforcement by the system.
The policy repository is the secure storage point for authorization policies, which is typically a relationship database. Since policies are converted to code, it’s common practice to use a standards-based code – that can guarantee policy integrity.
Providing run-time authorization relies on a further two key elements.
The Policy Decision Point evaluates what’s written in a policy and makes a decision – typically Permit or Deny access – based on what is written in a policy. If the access request is for data in a database, data masking can be utilised to mask or filter data from the user.
With a decision taken, it is then enforced by the Policy Enforcement Point at run-time and the user is granted or denied access to use the data in accordance with the policy. The data transaction is recorded for transparent auditing purposes.
Runtime authorization offers a richness to policy writing that supports identity governance and enables enforcement of strict regulatory requirements – including Sarbanes-Oxley Act (SOX) and the Health Insurance Portability and Accountability Act (HIPAA) – in real-time. Stating who has access to what in a policy, in accordance with an identity governance framework, is automatically enforced as an attribute in ABAC. Aggregating this through centralized authorization of policies brings simplification to this complex authorization area and supports improved regulatory auditing.
No matter where your sensitive assets are stored or how complex or distributed your architecture is, we can help you safeguard and securely share them. Our experts can help you define requirements and tailor an Attribute Based Access Control solution from our dynamic authorization suite to meet your needs.
See how Axiomatics enables you to balance the demands of your security team and your business users with the authorization solution that our customers love.
In the meantime, check out this example demo...Book a full demo