Running Axiomatics Policy Server in the Cloud

Part 1: How to Containerize

Containerization is a trend we’ve seen at the enterprise level and among the federal government for some time now. If the term is new to you, here is a simple metaphor that explains why organizations are shifting towards this IT practice:

Imagine the struggle of early importers and exporters, shipping multiple pieces of cargo, all different sizes, shapes and weights, across various water channels. The need for a safe, consistently viable shipping option led to the creation of the standardized shipping container you now see on docks. There is a standard size for objects, a standard place for where the doors go, for how the locks work, and where the mount points are to pick it up, so that they all fit on ships and they can get them on and off efficiently and there’s weight restrictions. The shipping company doesn’t need to know what’s inside, only that it hits all of the specs and adheres to all of the standards.

Continue reading
428 Hits

A GDPR Primer: What You Need to Know

The General Data Protection Plan, known by GDPR, is new legislation that defines data protection standards and laws across the European Union. This regulation effectively repeals the Directive 95/46/EC.

Consistency is the goal for the GDPR; the legislation imposes a uniform security data law on all EU members, therefore removing most of the need for each member state to write its own data protection laws.

The complexity of the GDPR has left organizations that do business with the EU scrambling to identify exactly how they can comply with its strict data security standards while also recognizing what effect compliance has on their overall digital business initiatives. Let’s take a look a quick look into to the GDPR.

Continue reading
303 Hits

The Convergence of Personalization and Authorization

A founder of a former company said something to me as we closed the doors, “I wish I built a tiered subscription model at the start.” He went on to describe how many companies give up too much capability with their initial release, then when it becomes popular, they can’t grow or easily provide limited capability to potential prospects who only need a portion of what the company offers.  

There is a niche of providers that offer personalization engines for e-commerce sites to help craft a shopping experience based on traits of the customer, such as geo-location, browsing history, and previous transaction history. E-commerce companies recognized long-ago that it is not a one-size fits all world and that if the site knows you, you will engage more with the site.

If you compare personalization with authorization, you’ll find that it’s not that much different from a rules standpoint. Let’s take a example tiered subscription plan and model it. Our example will be a financial advisory service with online content. Let’s say the application owner wants to have four levels: Platinum, Gold, Silver and Bronze. Today, each subscription level gets access to different capabilities in the site:

Continue reading
392 Hits

Peer Insights: Wisconsin IAM User Group

We’re always looking for ways to get involved with local colleagues in the IAM space. In a recent session, we met with some of our peers at the Wisconsin IAM Meetup group in Waukesha, WI. I wanted to share some detail on these local Meetups, as there is benefit for technical, business and sales roles within the IAM space.

If you’re not familiar with the IAM Meetups, initially these began as a place for Ping Identity customers to get together. But after several meetings, the groups emerged as partnerships between multiple vendors. Now the goal is to create local communities focused specifically on Identity and Access Management (IAM), and strive to be vendor agnostic and educational to better serve the attendees. They’re also a great forum to get to know other colleagues with similar IAM roles and challenges.

Continue reading
411 Hits

The Power of ABAC for your API Gateway

We’ve been hearing a lot from our customers lately about the power of using APIs and microservices to expand business and speed time-to-market for new offerings. These new projects are almost always built using many different components and with that have complex security requirements – the need to share information, securely, and under the right conditions.

Using ABAC to provide fine-grained access control has become a best-practice. To meet this growing request, Axiomatics can integrate easily with most API Gateways – CA Technologies, Axway, Apigee, Data Power – and the list goes on. Thanks to the agility of our authorization solutions, we are able to work with many other configurations as well.  Integrating the authorization is a matter of configuration, no need to write any code or install separate components.

Are you looking to provide this necessary level of access control to your API or microservices project? We’d like to talk to you further about adding ABAC to the mix.

This email address is being protected from spambots. You need JavaScript enabled to view it..

You may also be interested in reading more on APIs here.

Continue reading
389 Hits

How Using ABAC Can Improve API Security in 2017

During Gartner’s recent IAM conference, I noticed an emerging conversation around the issues of API usage at the enterprise level. Enterprise adoption of APIs is viewed as an inevitable consequence of the ongoing digital transformation many IT professionals are managing.

API stands for Application Programming Interface and they help developers create applications that communicate easily with other applications and services. APIs are the backbone of any application ecosystem, which are a huge part of the trend towards digital transformation. All of those applications talking to one another are generating a huge amount of user data that enterprise companies need to be prepared to manage and secure.

Continue reading
738 Hits

Top Five Trends to Transform Enterprise Security in 2017

Our experts at Axiomatics got together at the end of the year to take a look at the trends in store for 2017. Some of these may sound familiar, as the era of digital transformation continues to expand. But you'll find a common theme: Marty Leamy, our Americas President said it best, “This year’s trends examine the evolving ways organizations can realize better enterprise-wide security with the exploding amounts of data that enterprises need to protect. Business executives are demanding better enterprise-wide security for all of their data, not only for regulatory compliance but also to protect their most critical assets.”

Attribute Based Access Control can help you address these areas that will challenge access control across your enterprise. Read on for the Top Five! 

Continue reading
649 Hits

How can many complex permit rules for the same policy be managed?


XACML, the eXtensible Access Control Markup Language, is an authorization language that implements Attribute Based Access Control (ABAC). As the name indicates, XACML uses attributes inside policies to convey authorization statements. Policy authoring can be an art form, and we won’t get into every aspect of policy authoring today. For a brief overview of what a policy is, click here.

Continue reading
863 Hits

The Data Access Filter for Multiple Databases just got better.

I'm happy to share that we're ending the year with a release of the Axiomatics Data Access Filter for Multiple Databases. If you're not familiar with this solution, ADAF MD provides the ability to apply an Attribute Based Access Control approach to relational databases, featuring both Dynamic Data Masking and Data Access Filtering to ensure only authorized parties can view data retrieved from databases such as Oracle, IBM DB2, Microsoft SQL Server, or Teradata.

This release adds several technical enhancements for using the product in large-scale deployments. The feature set includes:

  • Multi-table attribute mapping to avoid duplication of XACML attributes and rules in customer's policies when protecting two or more tables.
  • The ability to fetch table definition information from the database when configuring the SQL Filter Service Agent.
  • Support for SQL statements containing synonyms (referred to as aliases in DB2).

This release also adds support for Red Hat Enterprise Linux 7.1 and 7.2 and Teradata 15.10, and also packages the latest version of Axiomatics Policy Server Express Edition.

Read more about ADAF MD here.

You may also enjoy this white pape on next generation data-centric security


Continue reading
322 Hits

Going on vacation, how can I implement delegation in XACML?

Delegating access: the proxy-delegate pattern

Sometimes, as users, we want to delegate access to our resources. For instance, an account manager may want to delegate access to their accounts to another account manager. This typically happens when the first account manager, Alice, is on vacation or unavailable, and she wants to make sure another manager, Bob, can handle her accounts.

Continue reading
681 Hits