888-4 BITKOO | 888-424-8566 24/7 Phone Support

• Home
• Products
  • Keystone
  • SecureWithin ™
• Solutions
  • Fine-Grained Authorization Management
  • Regulatory Compliance
  • Enterprise Single Sign-On
  • Enterprise SOA Security
• Services
  • Implementation
  • Training
  • Support
• Partners
• About BiTKOO
  • Company Overview
  • Management Team
  • News & Events
  • Resources
  • Demos/Webinars
  • Careers
  • Contact Us

Solutions

• Fine-Grained Authorization Management
• Regulatory Compliance
• Enterprise Single Sign-On
• Enterprise SOA Security

Fine-Grained Authorization Management

Around 2002, enterprises began shoring up identity management, role management and provisioning systems, and all these years later, the trend is still going strong. But for too many organizations, the expected results fell short, and IT executives were left scratching their heads. Millions had been spent on products and services designed to address concerns with multiple identities and regulatory pressures, and these products and services were supposed to ensure a dramatic reduction in development and maintenance costs. IT leaders are recognizing that role based access control alone is flawed. Without a formal definition of what each role entails, RBAC allows merely descriptive attributes. Using RBAC alone only scratches the surface.

Traditionally, roles have been hard-coded into the logic of every business application. But hard-coding each application makes it overly rigid, and repeating the process perpetuates disjointed security controls. The end result is inefficiencies across application development, security audits/controls, and user administration.

When the functions of each role are hard coded into the source code, even the smallest adjustments require expensive and time-consuming code changes. And even after code changes are made to accommodate a new business requirement, no consistent way exists with which to report what those roles mean, or to specify who can perform which function.

To create the full picture, you need fine-grained access control. It’s the only way roles can be fully described and be instantly understood, even by people not intimately involved in the initial development of applications. In an RBAC environment that doesn’t include fine grain authorization mechanism, a single auditor, administrator or operator cannot know what access a user has. No single individual has an understanding of what each role means in the context of all the applicable applications.

With fine-grained authorization , you can have the ability to know instantly what roles a particular individual has been granted, for which exact operations the user is responsible, and what data can and cannot be accessed. Prior to fine-grained authorization, organizations obtained user reports that only revealed roles, but not the specific functions assigned to those roles. Additionally, fine-grained authorization allows application developers to never concern themselves with roles or role management. Once an application is enabled with fine-grained authorization, it won’t require modifications even when authorization rules change.

To read more on IAM issues facing IT organizations, visit our Resources to download Keystone – IAM Technology Innovation and obtain a copy of an interview Doron Grinstein, CEO of BiTKOO, gave to Business Management magazine on the Challenges with Implementing IAM Solutions.

© Copyright 2008. All rights reserved. Sitemap | Legal

Home | Contact Us | About BiTKOO