Establishing, monitoring and managing access control is a basic requirement for information security. Ultimately no matter what firewall, IDS or authentication mechanisms you’ve deployed – enterprise servers and systems must decide ‘should this request for a sensitive resource be (approved || blocked || flagged)?’.
Other industries have incorporated data analytics and intelligence into their decisioning systems. Ironically, IT servers and systems rely on static lists (i.e., LDAP & ActiveDirectory) to decide if a user should be granted access to a resource. They don’t make decisions based on factors that are readily available including past user activities, endpoint characteristics, data content – or input from other security components such as firewalls, IDS or VPN.
The panel will discuss how different enterprises think about data access control; the practical challenges they’ve faced deploying these solutions; and the compelling need for both enterprises and vendors to focus on building intelligent data access control capabilities. Intelligent data access controls enable an enterprise to monitor and manage risk better – and to adopt new technologies faster.
The panel will introduce, highlight and encourage audience participation in an open source project based on NIST’s Policy Machine, a novel framework for defining and managing access control policies.
Founder of 2BSecure LLC, and former CISO for the CIA
Director of Technology Risk & Strategy for Pacific Gas & Electric
Manager of NIST’s Secure Systems and Applications Group
CEO, Mobile System 7