Ask the CEO: Dynamically Speaking live Q&A highlights – Part 2

by Kelly O'Dwyer-Manuel on July 20, 2022

In a recent episode of our Dynamically Speaking insight series, we conducted a live Q&A on our YouTube channel with Axiomatics CEO Jim Barkdoll, answering questions from viewers.

This article continues from part one with some more highlights from that session where Jim responds to questions surrounding our partnerships, customer success, authorization and Identity Access Management (IAM), and meeting today’s access control challenges.

How Artificial Intelligence (A.I.) will contribute to improving ABAC

Kelly: Do you see A.I. contributing to bettering attribute-based access control (ABAC)?

Jim: It’s a great question. I think you have to kind of break down A.I., right? Right now we don’t have a play or an investment on our own of adding A.I. to say, based on all these factors create a policy because these incidents are occurring. Where I do think that bits of A.I. come into play is what’s coming from our partners already and that’s people like CrowdStrike, for example, that have aI built into their systems. The better we can get a handle on or incorporating, whether it’s big data that’s coming from this that we can use as attributes, or real-time information, or A.I. policy-driven information coming from our partners, incorporating that into sophisticated security policy that say based on all these factors, allow or don’t allow or change the interface – that already happens today.

Sponsorships Available

I see that roll A.I. continuing to help there. In the future, could there be a situation where, you know, we help make suggestive policy based off of all the success of our customers? I could that could happen as well. And I could see A.I. being a strong component there.

Further reading: Policy-based access management and the evolution of authorization

How Axiomatics stands apart from other authorization vendors

Kelly: How does Axiomatics differentiate from other policy-based access vendors? It feels like PBAC (Policy-based access control) is becoming a thing. And certainly we hear the term PBAC a lot. We hear talk about policy, and I know that something that you and the senior leadership team are very passionate about. Looking for your thoughts there, Jim.

Jim: Yeah, again, no disruptions or abbreviations. And you know, some of our vendors go out and try to redefine on what ABAC is, or what PBAC is, or what dynamic authorization is, or orchestrated authorization. We and have for years, we comply and supply all of those things, right. So attribute-based access control is a term of which you would use policy, which has always been at the heart of our solution, to deliver and say, based on these attributes deliver a an outcome. I don’t think there’s a differentiation there on which which terminology you necessarily relate to.

I know that there is a strong differentiator for us on the fact that when you look at the types of the speed at which you need to connect and apply a policy is a differentiator for us and the resiliency of the system itself, for that to always be available. I often talk recently about one of our great customers, they had a they’re a large multinational, global banking institution, millions of of users that we’re fortunate to have, and we provide authorization for them. They had an internal denial of service attack and every system went down except Axiomatics, in that case.

So when you talk about the ability to handle transactions, millions of transactions, and supply that back at the same speed that of which users are used to from an authentication standpoint, that is super important and that’s a huge differentiator for us today. And I would add on to that, the types of policies we can put in place. If you’re a security leader, or an IAM leader, and you’re working with your development organization, and you want to put together a very complex, global policy that brings together multiple attributes and multiple levels, that’s something that we that we thrive in today.

Further reading: Reaching Zero Trust with Orchestrated Authorization

Enhancing secure collaboration with Orchestrated Authorization

Kelly: The next question is a two-parter. The first part is how do we protect against dynamic IPs, which would certainly be a type of attribute. And also, when we talk about secure collaboration? Are you referring to protecting currently used collaboration platforms? Or does Axiomatics provide tools to securely collaborate? By that, do we mean protecting currently used collaboration platforms, or are we talking about axiomatic providing a tool to enable secure collaboration?

Jim: Well, we already provided a tool for secure collaboration based on the fact that we’re, so we’re connecting via API’s to all of your different attribute sources. And then we’re taking that and then we’re intercepting then at the application level to applying that policy. We’re not doing anything to interrupt or un-enhance your your security strategy that way. We are not providing or nor are we looking to provide a separate service that says, bring all these pieces together, and we’re creating one, secure link via these that already exists via the the enterprise or the cloud infrastructure that we’re participating in.

I don’t mean to say when we talk about orchestration, that we’re somehow magically creating one large place where we’re going to bring in all of these approved technologies and say this is the only way to go. That’s not what I’m suggesting. But what we already do today from an orchestration standpoint is bring all the constituents together inside the organization from that has to do with authorization, and then from a partner standpoint, via API’s, make sure that we’re as flexible as possible to work with all the different attributes sources including those real-time events that are happening from, again, people like CrowdStrike, or Sailpoint, for example, and take that information and make policy around it. We do that today, but enhancing those partnerships and making it easier for our customers to consume those is is what I meant by that collaboration.

Further reading: A practical guide to implementing Orchestrated Authorization in three phases of growth

How Orchestrated Authorization compliments Identity Access Management (IAM)

Kelly: Many government organizations have implemented IAM. Is ABAC a good replacement for IAM, or is it complimentary?

Jim: It’s 100% complimentary. I’m glad someone brought up the government we already see that’s part of our base today is government organizations. And so when you look at the types of problems that authorization had had presented itself, certainly governments with the complexity and the need for high levels and different levels of security had this issue for for many years, even before the Cloud transformation. That has continued and you see things like the White House directive around Zero Trust. The amount of inbound inquiries now of government organizations creating access or ABAC programs has probably jumped about 200% in terms of the amount of inquiries that we’re getting just around that space, and part of that could be because of the White House initiative.

But again, this not a replacement for IAM. IAM vendors today are getting asked about dynamic policies that they traditionally have handled, and in some cases used role-based to do or they try to augment that role-based to come up with the solution. IAM and authorization vendors like ourselves should collaborate and enhance and take that next step are the role-based, or RBAC, is a step in the right direction.

And so we can leverage those policies that are created from a static standpoint and now build more complicated or more dynamic policies using ABAC or PBAC around those principles that were already created for for role based. We would never say you need to rip those out. Those are that’s step one. You don’t want to remove that. It’s a maturity.

Further reading: Key Considerations: Why traditional IAM solutions are no longer enough