New technology is making dynamic, centralized access security a viable option for enterprises
In a recent post, we demonstrated how centralized authorization represents the most efficient access security approach. But that raises a big question: Why aren’t all access management solutions using it?
In this post, we’ll dive into the challenges identity teams face when adopting centralized authorization — and a new approach that eliminates these roadblocks.
Existing access control solutions like ACLs, RBAC, and ABAC will, in complete transparency, require radical changes to their architecture to achieve centralized authorization. While new centralized solutions like ReBAC, PBAC, and NGAC* have emerged, they present their own obstacles, including:
These factors stop many companies from pursuing centralized authorization. But a new approach can overcome these issues and greatly ease adoption of centralized authorization.
A model of centralized access management that doesn’t suffer from the challenges described above is growing in popularity. We call this novel approach to access security an “enterprise-scale access management” platform. It offers a completely different and dynamic approach to access management as a whole.
As your team researches enterprise-scale access management vendors, look for these key criteria:
Instead of directly relying on business systems at the time of decision, enterprise-scale access management continuously ingests data from those systems into a central repository. This reduces latency of decisions and increases reliability. The graph database powering continuous data ingestion should provide a response to >95% of the queries within 100 ms, redundancy, and local fallback for resiliency against failures.
Administrators won’t need to take any operational steps to adjust user permissions. Enterprise-scale access management leverages established business processes and systems for access permission modifications already embedded in your normal systems of record (e.g., ITSM, CSM, CRM, etc.) or existing RBAC systems and directories.
Complex policy administration shouldn’t be limited to a handful of technical employees. Enterprise-scale access management providers take a different approach to policy management by:
Enterprise-scale access management platforms continuously make decisions based on current conditions. This approach stops users from accumulating vast permissions over time, shrinking the potential blast radius.
At the same time, these platforms are always considering the context of the access request. For example, when a user is attempting to access a customer’s data, what exactly is the user trying to do? Is the device they’re using compliant with organizational policy?
Finally, enterprise-scale access management must apply access policies consistently across all systems and applications, eliminating exceptions that threat actors target.
To learn more, check out SGNL CTO Atul Tulshibagwale’s latest white paper that offers an in-depth look at preventing catastrophic identity breaches with centralized access security. Atul breaks down Google’s centralized access management system to show how it has scaled to trillions of access control lists and millions of authorization requests per second while maintaining <10 millisecond latency at the 95th percentile and availability of >99.999% over three years of production use. Download the white paper today.
Want more of the latest identity-first security topics and trends delivered to your inbox? Helpful and insightful content, no fluff.