CISO Best Practices for Enterprise Enablement
Facebook X LinkedIn

What Ails Enterprise Authorization

Combined Session
Wednesday, May 11, 2022 15:30—15:50
Location: A03-04

Continued advances in authentication technology have made the "identity" part of "identity and access management" more manageable over the years. Access management on the other hand, is still very much a "wild-west" landscape. As enterprises move to a zero-trust network access model, access management is the only way in which attackers can be prevented from gaining unwarranted access to enterprise data. Attackers can include both malicious insiders and those using compromised identities. Numerous organizations have suffered significant financial damage as a result of such unwarranted access from legitimately identified users.

Authorization rules in an enterprise can apply to many types of assets: files on a network drive, cloud resources such as virtual machines and storage buckets and enterprise applications and actions within them. Managing authorization across all these assets is complex in and of itself. Most enterprises also use third-party “Software as a Service '' platforms that maintain their own permissions, further complicating enterprises’ efforts to effectively manage authorization.

This talk identifies common causes of "privilege sprawl" in enterprises, and discusses management techniques that can result in "least privilege" permissions to personnel while ensuring no business disruption

What Ails Enterprise Authorization
Event Recording
What Ails Enterprise Authorization
Click here to watch the recording of this session. You'll need to log in to watch it.
What Ails Enterprise Authorization
Presentation deck
What Ails Enterprise Authorization
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Atul Tulshibagwale
Atul Tulshibagwale
SGNL
Atul is a federated identity pioneer and the inventor of the Continuous Access Evaluation Protocol (CAEP), forming the basis of the Shared Signals and Events working group in the OpenID Foundation,...
Subscribe for updates
Please provide your email address