You have questions, we have answers
As the vice president of customer success, I have the privilege of working closely with our customers to understand the success they’re achieving with our solutions, the access challenges keeping them up at night, and how we might work together to solve those challenges. I love those conversations and the ideas they inspire.
But I also thoroughly enjoy the conversations I have with organizations at the beginning of their authorization journey.
We meet these organizations at various stages of readiness.
Some know what they have isn’t working and want to move from their current authorization model to one that’s more modern.
Others know they have challenges but are completely unsure as to if or why they need authorization. It’s the latter group I want to talk about today.
In conversations with organizations who are on the fence as to whether or not they need authorization, they understandably have a lot of questions.
After all, many of these companies have already invested (both in terms of resources and finances) in a wide variety of security solutions and platforms that promise to deliver on a wide variety of issues.
Though these discussions cover a lot of ground, most of them usually include many standard questions, ranging from why other investments cannot provide authorization to why they need authorization if they’re only focused on Zero Trust.
For example, the vast number of organizations have spent millions of dollars deploying an identity governance and administration (IGA) solution, so it’s no surprise when we hear, “we’re already leveraging role-based access control (RBAC) through an authentication or IGA tool. Why would we need authorization?”
This is a great question because it enables us to share that RBAC and attribute-based access control (ABAC) aren’t mutually-exclusive approaches.
In fact, many Axiomatics customers also use an RBAC tool. They purchased an ABAC solution from us because they found that establishing, implementing and updating roles became a very labor-intensive process.
The purpose of an ABAC solution is to add to existing IGA and/or authentication solutions, delivering assurance that even after someone is authenticated by the organization, proving they are who they say they are, they only have access to the data and processes they require – nothing more, nothing less.
Examining attributes (location, time of access request, type of request, device making the request, etc.) also enables an organization to proactively determine if the access request is potentially concerning.
For example, if an employee who consistently accesses an asset with sensitive information via their laptop in the morning all of a sudden makes a request after midnight from their mobile phone, even if their authentication was verified, it’s fair to assume this request poses additional risk to the organization and may require additional verification.
Leveraging an authorization solution enables your organization’s authentication and IGA investments to do more, strengthening your overall security stance.
This is just one of the questions we hear most frequently from customers looking to improve or expand their current authorization initiatives, or from potential customers looking to embark on their first authorization project.
We want you to have this information at your fingertips, so we’ve pulled together some of the most popular questions we get around authorization that you can download and share today.
We hope this is helpful and I’ll continue to share our thoughts around how our customers address their most pressing access and authorization challenges.
If you have more questions, we’d love to chat! Please feel free to reach out and schedule a conversation or a demo to learn more.
The post You have questions, we have answers appeared first on Axiomatics.
*** This is a Security Bloggers Network syndicated blog from Axiomatics authored by Matt Luckett. Read the original post at: https://www.axiomatics.com/you-have-questions-we-have-answers/
