Simple Solutions to Complex Problems

BM. What challenges do organizations face in terms of implementing an IAM solution?
DG. Many IT executives don’t recognize the value of a holistic identity and access management (IAM) solution, and they’re unaware of its capabilities. There is also a misperception that an IAM solution will introduce further complexities and take too much time (and money) to implement. BiTKOO’s authorization management solution, Keystone, addresses these concerns by simplifying the access management approach, increasing flexibility in controls, and ensuring savings in administration and implementation.

The first step for IT/security leaders is identifying the issues they’re trying to remedy. It might be regulatory compliance requirements, implementing efficiencies in authorization and access administration, or improving the approach for security in enterprise applications. They must also understand the full range of capabilities of IAM solutions. If executives aren’t aware of what’s possible, they’re vulnerable to vendors who tend to overcomplicate what should be a straightforward approach, and they risk ending up with expensive solutions that don’t go far enough, or that create additional (and unnecessary) administrative burdens.

Access control is not rocket science. BiTKOO’s philosophy is based on simplicity. Keystone doesn’t introduce further complexities to access management, but places the finishing touches on the IAM systems already in place, cohesively enabling true fine-grained and federated authorization. It’s an innovative, simple solution to a complex situation.

BM. Why is role-based access control (RBAC) inadequate for most organizations?
DG. Traditionally, roles have been hard-coded into the logic of every business application. But hard-coding each application makes it overly rigid, and repeating the process perpetuates disjointed security controls. The end result is inefficiencies across application development, security audits/controls, and user administration. Keystone addresses this in a comprehensive way by abstracting the hard-coded authorization controls from applications, and in so doing provides the opportunity to centralize access controls.

There’s also a question of visibility. What functionality can each user perform across all applications? This is information that should be easily and quickly accessible, but it isn’t if your organization is dependent on RBAC. There has been no standard for controlling access to systems and data. BiTKOO revolutionized this space with an identity-centric solution that empowers enterprises to quickly determine what function the user performed, from which work station, who granted the authorization to perform those functions, and to audit even more granular activities.

BM. Compliance is another hot ticket right now. In what ways is Keystone helping firms meet their compliance requirements?
DG. There are two major forces pushing organizations to move towards an identity-centric architecture (ICA): compliance and security.

There are numerous regulatory pressures from government entities requiring the data in systems to be highly secured and access rights auditable. These pressures intensify and change along with evolving technologies, so organizations with an identity-centric solution are best positioned to be compliant. ICA simplifies compliance, which in turn makes prevention and response activities much easier and more flexible. For example, Keystone creates an audit trail for every single change from any source, revealing how a user was authenticated, which authentication provider was utilized, source IP address, and the exact nature of the transaction.

The second major force, security, is obviously the result of the internet: computers are accessible from anywhere. The world is hostile, so systems must protect themselves from unauthorized use, and must protect functions from internal users. This means they have to be flexible enough to allow one user to perform Function X and another user to perform Function Y, regardless of their titles or roles or any other unstable variable. Again, ICA just makes security simpler, and organizations with an eye towards the future are recognizing this.

BM. You keep touting identity-centric architecture. What is ICA?
DG. Imagine your kitchen with each appliance dependent on its own individual power generator. It could work, but it would be absurdly clumsy. That’s sort of how the world of identity and access management looks today. Applications use their own user stores, passwords may or may not be encrypted, that sort of thing. It’s often a big mess, but it doesn’t have to be. Identity-Centric Architecture is a distributed computing architecture that basically plugs the dishwasher, the toaster, and all the other appliances into the same power source. That is, identity is conveyed from one computing service to another quickly and securely.

For most organizations, security hasn’t been addressed head-on for years, so their system has been cobbled together over time using various software and services. It’s clumsy, unreliable and worse, often lacking basic functionality, like reporting across systems who can do what, or the immediate deprovisioning of all rights when a user leaves or is reassigned. But as the need for increased – and increasingly fine-tuned – security grows, so has the number of available solutions. The larger goal is to pursue that which works best for your organization. The ideal solution should introduce flexibility and speed to meet the dynamic demands of IAM. It should result in savings in ongoing administration, expedite implementations and provide opportunities to centralize control administration.