All Research
Buyer's Compass

Why don't you like this?

I like this
I don't like this

Policy Based Access Management

Martin Kuppinger
Efficient, effective management of access controls from infrastructure to applications remains an aspiration for enterprises. The main drivers of this goal include the need for strengthening the cybersecurity posture, efficiency gains in managing access controls, the need for consistency in access controls across multiple solutions and layers, and regulatory compliance. Most organizations today struggle with a mixture of point solutions for managing access controls, many of these relying on static entitlements causing massive work and tending to become inaccurate. A consistent, policy-based solution for managing access controls ensures that the right people have the right access, at the right time, from the right place.
Optimize your decision-making process with KC Open Select! Policy Based Access Management is a topic already available as an interactive experience. Configure your individual requirements to find the right vendor for your business or follow the best practice recommendations.

1 The Challenge

Amongst the key challenges within IAM (Identity & Access Management) is access control and enforcement, the “access” part in the term. Enforcing the least privilege principle and restricting access following the need-to-know concept is challenging. Static entitlements are the common approach. These define per application who has access to what. They are stored at the application level, for instance, as ACLs (Access Control Lists). IAM tools can manage and change these entitlements. However, keeping track of changes locally made in connected target systems is challenging. Also, managing entitlements is complex, with the entitlement structures within applications being complex and manifold, and the need for managing access for many users across many applications. RBAC (Role-Based Access Control) has long been a solution, but it brought challenges and complexity. PBAM (Policy-Based Access Management), also known as PBAC (Policy-Based Access Control), provides a leaner approach to entitlement management by shifting away from static entitlements.

There are various challenges that organizations are facing for managing access entitlements across their IT landscape:

1.1 Complexity of Role Management

Role Management in RBAC has proven to be a daunting task. RBAC is commonly used to reduce the complexity of mapping entitlements to persons by using roles as an intermediary layer for grouping. Defining a role model is complex. There are various approaches for such models with different tiers of roles. Figuring out which model fits to an organization and implementing it takes time and requires significant effort. It becomes even more complex to define the roles and their relationships, from technical IT roles that map to system-level entitlements, to business roles that map to business processes and business activities. Organizational changes can trigger massive change requests for role models, adding to the effort in maintaining a RBAC model. Also, in some organizations, the number of roles exceeds the number of users, indicating overly complex role models.

Full article is available for registered users with free trial access or a paid subscription.
Log in
Become a Member and read on!
Create an account and buy a Membership package or use our 7-days free trial period to access this and 900+ other in-depth and up-to-date insights.
Register and request your 7-day free trial
Register
Already convinced? Check out our packages
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use