As an organization, we've put a stake in the ground on re-framing the way enterprises approach security by placing identity at the center of that framework. We're constantly thinking about how we can better equip our customers with the tools and knowledge they need to embrace the shift to this approach, which we call Identity Defined Security.
To that end, we recently teamed up with National Cybersecurity Center for Excellence (NCCoE) at the National Institute of Standards and Technology to develop a practical resource for identity and access management.
The step-by-step guide focuses on how businesses can apply standards-based, commercially available technologies and products to use Attribute Based Access Control (ABAC), which grants access rights to an organization's network or assets based on a user's attributes, such as certifications, IP address, group, department or employee status. Those attributes, which are available to systems across an organization, or among organizations, can be used to make access decisions about a person, the action she wants to execute, and the resource she wants to access. ABAC reduces administrative burden by providing a centralized method of managing permissions and limitations for multiple systems for each user based on individual attributes. Ping Identity joins Microsoft, NextLabs, RSA and Symantec to demonstrate how ABAC platforms can be implemented at organizations of all sizes.
Most businesses today use Role Based Access Control (RBAC) to assign access to the network and systems based on job title or defined role. But if an employee changes roles or leaves the company, an administrator must manually change access rights accordingly-- often within several systems. As organizations expand and contract, partner with external vendors or systems and modernize systems, this method of managing user access becomes increasingly unwieldy. In fact, Gartner recently predicted that "by 2020, 70% of enterprises will use attribute-based access control...as the dominant mechanism to protect critical assets, up from less than 5% today."
If you're an IT professional or executive, check out the guide's step-by-step recommendations for ABAC deployment, including:
- Communicating the complexity and severity of risk across the enterprise, and help executives better understand the increasing complexity of identity management.
- Centralizing, auditing and managing access policy
- Managing access for an increasingly diverse user base, including digital identities from external security domains while mitigating the risk of "privilege creep"
- Customizing your implementation to fit organizational needs