Bright Shiny Things = Why We Need Intelligent Data Access Controls presented at Shmoocon 2013

by Mark Mcgovern, Bob Bigman, Craig Rosen, David Ferraiolo,

Summary : Establishing, monitoring and managing access control is a basic requirement for information security. Ultimately no matter what firewall, IDS or authentication mechanisms you’ve deployed – enterprise servers and systems must decide ‘should this request for a sensitive resource be (approved || blocked || flagged)?’.
Other industries have incorporated data analytics and intelligence into their decisioning systems. Ironically, IT servers and systems rely on static lists (i.e., LDAP & ActiveDirectory) to decide if a user should be granted access to a resource. They don’t make decisions based on factors that are readily available including past user activities, endpoint characteristics, data content – or input from other security components such as firewalls, IDS or VPN.
The panel will discuss how different enterprises think about data access control; the practical challenges they’ve faced deploying these solutions; and the compelling need for both enterprises and vendors to focus on building intelligent data access control capabilities. Intelligent data access controls enable an enterprise to monitor and manage risk better – and to adopt new technologies faster.
The panel will introduce, highlight and encourage audience participation in an open source project based on NIST’s Policy Machine, a novel framework for defining and managing access control policies.
A panel of experienced security professionals, respected for their work defending enterprises and driving innovation: