Pining For the Fjords: The Role of RBAC in Today's Applications

Presented at AppSec USA 2012, Oct. 26, 2012, 4 p.m. (45 minutes).

Is role-based access control (RBAC) really dead? It has a few snipers lined up to take it out, but it's still a fixture in legacy applications, and the need to abstract and organize permissions isn't going away. The move to third-party application services is both creating a topological crisis for the enterprise and driving its further abstraction as an organization: when there is no more "central control" of an application infrastructure, how are roles supposed to maintain security? This talk describes current issues with RBAC and explores options for the future, including multi-contextual roles and identities, provider-centric roles, and role risk assessment. We promise not to call it RBAC 2.0.


Presenters:

  • Wendy Nather - Research Director, Enterprise Security Practice - 451 Research
    Wendy Nather is Research Director, Security, within 451 Research's Enterprise Security Program, providing analysis on the current state of security from the perspective of a veteran CISO. Wendy's primary areas of coverage are on application security and security services. Wendy joined 451 Research after five years building and managing all aspects of the IT security program at the Texas Education Agency, which serves 4.6 million Texas students. In that position, she directed multimillion-dollar initiatives for a statewide external user base of over 50,000. She also provided security guidance for the datacenter consolidation of 27 Texas state agencies. Wendy previously worked in various roles in the investment banking division of Swiss Bank Corp (now UBS), including helping to build Europe's then-largest private trading floor. Based in Chicago, Zurich and London, she also served as the first IT Security Director for the EMEA region, managing the security aspects of various mergers, IT operations outsourcing and the division's first Internet presence. Wendy is coauthor of the book The Cloud Security Rules, and was named one of Tripwire's "Top 25 Influencers in Security You Should Be Following." Wendy is based in Austin, Texas. You can follow her on Twitter at @451Wendy.

Links:

Similar Presentations: