Access management is a simple concept. Every business has information
that needs to be protected from unauthorized disclosure. To protect
information, companies define policies that govern who can access
specific classes of business and/or personal information. For example,
if a manager seeks to access the salary of a subordinate, they should
have authorization to do so, however, they should not be authorized to
access the same information about a chief executive. That is, there is a
policy that specifically governs the
release of an employee’s
salary. Or is there? The answer is: “Probably not.” What exists is a
written policy related to disclosure of proprietary business information
(and perhaps even a separate policy related to disclosure of employee
personal information). Because human beings are skilled at
generalizations, we expect someone in authority to be able to classify
the request for salary information and make a decision.
Access Management software has a simple goal. It allows the human who previously acted as a guardian f sensitive information to be removed from the process without loss of access control. This sounds imple, but most businesses are struggling with the implementation of access management as they integrate and extend their applications. This is because machines cannot classify information or make access decisions unless they are explicitly programmed with algorithms to accomplish this. When you take the responsibility for access decisions away from human beings, it becomes necessary to insert software guards into your applications.
A costly problem lurks: The access policy used by software guards is often coded directly into the business application (typically requiring new database tables and/or directory infrastructure). When access policy or audit requirements change, application software must be modified, tested and redeployed. Additionally, when access policy needs to be examined or applications audited for conformance a code review is required.
A service-oriented solution emerges: Access Management solutions, provide an alternative to the costly embedding of access policy. They allow application software guards to leverage services that enable access policy to be modified, tested and deployed dynamically without application code changes. This enables your developers to concentrate on providing business software. Access management solutions efficiently enable high performance access controls in distributed environments while allowing centralized management of access policy. An Access Management solution includes programming interfaces (APIs), policy management tools and auditing capabilities.
As part of your quest for an access management strategy, consider the following questions:
- Who should be responsible for access policy?
- What kind of access policy do you require?
- What resources do you need to protect?
- How do I plug in the access management solution?