1 Introduction

Axiomatics is a privately held company headquartered in Stockholm, Sweden and Chicago, USA. Founded in 2006, the company has grown to become a leading provider of dynamic policy-based authorization solutions for applications, databases and APIs. Despite its relatively small size, Axiomatics serves an impressive number of Fortune 500 companies and government agencies, as well as actively participates in various standardization activities.

As the ongoing digital transformation is profoundly changing entire business models and processes for modern organizations, for many of them digital information is becoming the core competence and most valuable intellectual property, which must be carefully protected. Unfortunately, with the growing adoption of new technologies like cloud computing, Big Data or IoT and with the constantly increasing amounts of data spread across heterogeneous IT infrastructures, managing access to corporate data is becoming increasingly complex.

On one hand, each individual information silo, be it a relational database, a Big Data storage or a backend exposed via an API, defines its own data model with a separate set of security controls and technologies to enforce them. On the other hand, many more people need to access the data from any place at any time via a broad range of device platforms. This includes not just the employees, but business partners, remote contractors and even customers, so relying on static AD groups is no longer enough. Each decision to grant access to a particular data must take into account multiple factors like the user’s location and device type, time of the day, as well as the requested document’s classification.

Sometimes, granting access to a set of information is not possible without more fine-grained control; this is especially important for highly sensitive data in heavily regulated industries, such as financial transactions or personally identifiable information (PII). Many government and industry regulations like the upcoming EU General Data Protection Regulation (GDPR) require such information to be redacted before granting access to it.

Data-centric security is a much talked-about alternative to the traditional siloed approach towards data protection. By implementing adaptive policy-based access control based on real-time evaluation of centrally managed business policies, it helps reduce the complexity of data protection infrastructures dramatically, as well as achieve an unprecedented level of control and flexibility to determine precisely the access a particular user should receive to a particular asset in a particular context (that is, a rich set of attributes from multiple sources).

Axiomatics has long been one of the leading developers of attribute-based access control (ABAC) solutions and a major contributor to the OASIS XACML (eXtensible Access Control Markup Language) standard, a key standard for externalized access management for applications. In the recent years, the company has been extending this concept towards data-centric security and is currently offering a number of products for dynamic policy-driven data masking and access filtering for relational databases and Big Data stores. These products implement an additional dynamic security and access control layer around multiple data stores transparently and without any application changes.