Homegrown access control is limiting business agility - the ability to share data with those who need it, engage in joint ventures and B2B partnerships, protect PII and open up APIs to employees and customers alike. As such the market for authorization has increased substantially in the last 36 months. Funding rounds for the likes of Styra, PlainID and SGNL to name but a few indicate increased venture expectation that access control has a long tale of growth.
Security starts when authentication ends. It's a line I have used a few times over the years as it is one I actually quite believe in. In an era where firewalls are derided as being pretty toothless in the fight against omnipresent complex cyber attacks - and the concept of trusted networks quite rightly become obsolete in the world of "zero trust" - it always seemed odd to me, to put such a large emphasis on stringent authentication services. Clearly authentication is hugely important don't misunderstand, but my point really was that authentication (even with a strong MFA component) becomes less relevant if a) it is not continuous and b) not part of a more holistic approach focused on the access control of services, data and APIs.

Join our founder Simon Moffatt on September 15th where he will join PlainID on a discussion around external authorization platforms.

The modern digital native enterprise is facing a number of emerging and incumbent challenges - from increased competition and demand for a more agile service deployment model through to needing the ability to share more data to more people, all under a competing climate of increased security threats coupled with a lower risk appetite.

A long read post investigating the evolution of decoupled authorization platforms - including use case and capability analysis and brief vendor review including Axiomatics, PlainID, Styra and Scaled Access.
To access this post, you must purchase Member Content.
What is driving the demand for new authorization models, software vendors and emerging authorization design patterns? This discusses previous failures of RBAC and XACML as well as modern architecture patterns such as identity centricity and the business mesh.
Our Declarative Authorization Signals tracker focuses upon software based providers that support embedded rules based authZ. Vendors Missing? Let Us Know Aserto Cerbos DataWiza oso permit.io Styra Venture Capitalist Funding Source: Crunchbase Employee Count Source: LinkedIn Social Reach Source: LinkedIn & Twitter Company Age Source: Crunchbase Vacancies Source: LinkedIn
A review of authorization related features added to the Auth0 platform between 2019 and 2022.
To access this post, you must purchase Member Content.
An overview of the authorization related features added by Okta between 2019 and 2022
To access this post, you must purchase Member Content.
Access control has very much been centred around models. Who should have access to what, when (and maybe more importantly why) has fascinated computer security researchers since the 1970’s. There have been several models for describing access over the years – many unfortunately lost to the academic past – being taught but never used. However, […]
A review of authorization related features added to ForgeRock's Identity Platform between 2019-2022.
To access this post, you must purchase Member Content.