Controlling access to systems, information and data is the quintessential art of of access management. Making sure the right people have the right access to right stuff is what IAM is all about. In this session, SailPoint's CTO Darran Rolls will discuss how to strike the right balance between the automated assignment of entitlement based on predefined models and rules, and the use of more discretionary access based on comprehensive request and approval flows. This session will discuss the pros and cons of both approaches and will offer a clear perspective on how to design and deploy both models as part of a comprehensive IAM program.
10. Today’s Agenda
• Discretionary Access
- Definition
- Application
• The Spectrum of Authorization
- Static Models
- Dynamic Models
- Blended Models
• Striking the Right Balance
- What Fits Best Where?
- Some General Best Practices…
36. “An application access security
mechanism, controlled by an
external late binding decision
making process”
www.darranrolls.com
37. Dynamic Models
ABAC - Entitlements & Context
PIP Attribute
Provider
VDS
PDP
System
System
Target
Target
PEP
PEP
Environment Attributes
+
Rules…
38. Dynamic Models
ABAC - Entitlements & Context
PIP Attribute
Provider
VDS
PDP
System
System
Target
Target
PEP
PEP
Entitlement
Giving
Attributes…
Environment Attributes
+
Rules…
39. Entitlement Giving Attributes
Creating High Fidelity Attributes…
High Fidelity Attributes provide assurance that controls and
governance are in place to appropriately manage Entitlement Giving
Attributes…
40. Dynamic Models
ABAC - Entitlements & Context
PIP Attribute
Provider
VDS
PDP
System
System
Target
Target
PEP
PEP
Environment Attributes
+
Policies…
Policy
Review &
Attestation…
41. Policy Review & Attestation
Maintaining Integrity…
Policy Controls provide assurance that once developed and deployed,
access policy rules can be considered articles of access attestation
with lifecycle controls & audit
42. Dynamic Models
ABAC - Entitlements & Context
PIP Attribute
Provider
VDS
PDP
System
System
Target
Target
PEP
PEP
Attributes…
Policies…
Governance
Visibility…
Review…
Change Control…
Audit…