Identity & Access Management (IAM) is an "old" topic for companies. Virtually all major groups have already carried out several IAM projects, often with the growing aim of pooling, centralizing and standardizing. And while those involved in these projects are…
In a previous article, we discussed the main motivations behind the implementation of an authorization model and answered a first set of essential questions one should think about when setting up or redesigning a model. Let’s continue here with a…
Introduction DAC, RBAC, OrBAC, ABAC or GraphBAC? Flagship authorization models evolve regularly and each one brings its share of challenges, promises, and complexity. Over the last twenty years or so, during which the RBAC/OrBAC models seem to have prevailed, the…
As we’ve seen in the previous article, a serious consideration of "permissions" (also known as rights, authorizations, roles, and access profiles) should significantly reduce the risk of fraud and human error, and contribute to the company’s compliance with relevant legislation.…
Enterprise Resource Planning (ERP) applications support businesses’ most critical processes and workflows. As such, it carries many inherent risks—the main ones being internal fraud and human error. And statutory auditors, internal controllers, and auditors, are only too well aware of…
We’re using more and more online services—both at home and at work. This transformation in usage calls for a review of authentication methods—and there are two main needs that must be balanced: the user experience (and how to maintain it),…
