Andras Cser serves Security & Risk Professionals. See the full Analyst bio.
Visit Forrester.com to learn how we make Security & Risk Professionals successful every day.
How Will The Extended Enterprise And Zero Trust Identities Impact Your Identity Administration Processes?
Posted by Andras Cser on May 31, 2012
We regularly get inquiries from companies that feel the need to restructure their access controls to support extended enterprise user populations: firms have to support employees, contractors, business partners, customers and keep them contained to be able to access resources (applications, data, etc.) that they have a business need to access. Technology and protocols are catching up here: companies (and vendors too!) are moving to finally support SAML, OAuth and OpenID Connect in bulk.
The real question, however, is not just access control, but it's also identity administration and attestation. How do you extend your internal provisioning of entitlements to your employees to your business partners or customers? What is the lifecycle of a data asset or piece of intellectual property in the broader ecosystem of identities? OAuth, Claims-based authorization or SAML attribute value injection will provide the infrastructure for enforcing policy decisions, but how do you extend your identity and access governance to the extended enterprise?
We see companies being interested and starting to build on the following to solve these challenges:
1.) Don't solve the problem but ingest a much richer context in your access control solutions (risk based authentication used for internal workforce user access, context variables being passed on to federated Relying Parties to understand that you're at a coffeehouse in a rogue country vs. you're logging in from your normal office and open up the general ledger with read/write access only if you're in your office).
2.) Providing increased delegated administration and attestation services from the cloud so business partners can also participate in these processes. This has been around for some time and will gain more popularity as firms need to remain compliant in the era of the extended enterprise.
3.) A more futuristic model: provide trust levels and frameworks in federated access controls that ensure that a user has been vetted, attested and authorized to access sensitive parts of an application.
Facebook
LinkedIn
Twitter
Comments
In line with my observation,
In line with my observation, after a in foreclosure home is bought at a bidding, it is common for any borrower to be able to still have a remaining balance on the bank loan. There are many lenders who try and have all rates and liens repaid by the subsequent buyer. However, depending on selected programs, rules, and state laws there may be a number of loans which aren't easily handled through the switch of financial products. Therefore, the duty still rests on the debtor that has got his or her property foreclosed on. Many thanks sharing your opinions on this blog.