Join us for our next free industry webinar in April: The Evolution of Authorization: How To Achieve Zero Standing Privileges. Organisations are struggling to deliver applications and services on time, often due to hard coded permissions and access control components. Coupled with that, emerging threats and a lack of dynamic and contextual policy controls are increasing risk to key data assets.
Homegrown access control is limiting business agility - the ability to share data with those who need it, engage in joint ventures and B2B partnerships, protect PII and open up APIs to employees and customers alike. As such the market for authorization has increased substantially in the last 36 months. Funding rounds for the likes of Styra, PlainID and SGNL to name but a few indicate increased venture expectation that access control has a long tale of growth.
Security starts when authentication ends. It's a line I have used a few times over the years as it is one I actually quite believe in. In an era where firewalls are derided as being pretty toothless in the fight against omnipresent complex cyber attacks - and the concept of trusted networks quite rightly become obsolete in the world of "zero trust" - it always seemed odd to me, to put such a large emphasis on stringent authentication services. Clearly authentication is hugely important don't misunderstand, but my point really was that authentication (even with a strong MFA component) becomes less relevant if a) it is not continuous and b) not part of a more holistic approach focused on the access control of services, data and APIs.

Join our founder Simon Moffatt on September 15th where he will join PlainID on a discussion around external authorization platforms.

The modern digital native enterprise is facing a number of emerging and incumbent challenges - from increased competition and demand for a more agile service deployment model through to needing the ability to share more data to more people, all under a competing climate of increased security threats coupled with a lower risk appetite.

A long read post investigating the evolution of decoupled authorization platforms – including use case and capability analysis and brief vendor review including Axiomatics, PlainID, Styra and Scaled Access.

This post is only available to members.
What is driving the demand for new authorization models, software vendors and emerging authorization design patterns? This discusses previous failures of RBAC and XACML as well as modern architecture patterns such as identity centricity and the business mesh.

A review of authorization related features added to the Auth0 platform between 2019 and 2022.

This post is only available to members.

An overview of the authorization related features added by Okta between 2019 and 2022

This post is only available to members.
Access control has very much been centred around models. Who should have access to what, when (and maybe more importantly why) has fascinated computer security researchers since the 1970’s. There have been several models for describing access over the years – many unfortunately lost to the academic past – being taught but never used. However, […]

A review of authorization related features added to ForgeRock’s Identity Platform between 2019-2022.

This post is only available to members.