Do we need to Internalize Authorization Before we Externalise it?

Compared to externalising authentication, externalising authorization has proven elusive. Yet a combination of the rise of advanced threat actors, regulation, compliance and pressures for greater business agility is bringing it back in focus. It is tempting to think of externalising authorization as a technology problem. Technology like policy languages, authorization engines and workflow systems is necessary to enable the externalisation of authorization, but it is not sufficient. Externalising authorization requires three foundational building blocks to be in place, namely value for all stakeholders from engineers to customers, supporting business processes and technology. In this session we explore each of these building blocks should be internalised in terms of mapping value for all stakeholders, the process and culture needed to make authorization policies explicit and finally the need to drive authorization infrastructure, from policy language to enforcement engines, into the compute and network fabric to address greenfield and brownfield deployments in order to remove barriers to externalising authorization.