After sitting down with Jim Barkdoll, CEO of Axiomatics, Aviva Zacks of Safety Detectives learned about his company’s Orchestrated Authorization strategy.
Safety Detectives: Tell me about your company’s services.
Jim Barkdoll: Axiomatics is a leading provider of runtime, fine-grained authorization delivered with attribute-based access control (ABAC) for applications, data, APIs, and microservices. We’ve been around since 2006 and were founded by folks who not only created this market but also foresaw the way the market would evolve, which is why we have customers who stay with us and continue to find new ways to leverage our solutions.
Our Orchestrated Authorization strategy enables enterprises to effectively and efficiently connect Axiomatics’ authorization platform to critical security implementations, such as Zero Trust or identity-first security. We have customers all over the world who work with us to protect sensitive assets, data, and processes, ensure continuous compliance, reduce costs, and deliver critical business outcomes.
SD: What is your customer base?
JB: Over 30 percent of our customer base are global Fortune 1,000 companies in the banking and finance, automation, aviation, and government sectors. A key piece of our partnership with customers is addressing the challenges they face, now and in the future, and ensuring we work together to address these challenges head-on. This translates into clear value for our customers through our deployment methodology. This methodology has been developed and fine-tuned through successful engagements and implementation of our solution with global enterprises over the last 15 years. It offers a consistent approach to guide customers through their authorization adoption and maturity. With customers facing an uphill battle in implementing various security strategies like Zero Trust, that they can look to a tried-and-true approach saves time and resources, but also provides peace of mind, which is an often underrated benefit.
SD: What makes your company unique?
JB: Authorization isn’t new. For years, organizations implemented their own, homegrown authorization strategies. This often meant authorization policy hard-coded into each application as it was developed, creating a patchwork system of authorization policies with no centralized view for the identity or security team. The result – these policies could conflict with one another, might or might not adhere to compliance regulations, and require manual intervention to be changed or updated.
Our approach differs from this in that it is externalized, moving from the tedious customization of policies within individual applications to a scalable, flexible approach that ensures policies are consistent across the organization and can be easily changed to reflect adherence to the latest compliance regulations or a move to a Zero Trust strategy.
We built our solution on attribute-based access control (ABAC), which enables organizations to ensure access decisions are made in real time. Leveraging our platform, organizations ensure critical corporate applications, data and processes are only accessed in adherence to corporate policies that specify what a user has access to, how much access they have, when they get access, and under what conditions. We recently introduced Orchestrated Authorization, a modern approach to ABAC that leverages the maturity of the identity and access management (IAM) market to solve the most complex access challenges. Other solutions on the market tend to look at authorization from a purely technical or developer-centric perspective, or from a purely business perspective. But access control is not a technical or business challenge – it’s an organizational imperative. Orchestrated Authorization is a methodology that ensures both technical and business stakeholders play a critical part in a successful authorization implementation, which is at the center of strategic security initiatives including Zero Trust, or as part of a cybersecurity mesh architecture (CSMA). Having a robust solution within these now industry-standard frameworks is essential. We go above and beyond in offering a robust solution that also offers high levels of resilience and availability, which is unique differentiator.
Finally, enterprises choose us over competitors because we offer more advanced policy capabilities along with a policy engine and process that operates as fast as their business requires. This is especially important for large enterprises with complex architectures that may include legacy applications, public- and private-cloud architectures, and more. They simply don’t have the time to slow down their journey to modernization and lose market share to digital- or cloud-first competitors.
SD: How does your company handle its customers’ security?
JB: We know that when it comes to security, enterprises want the best solutions that also work together. First, our solution enhances our customers’ overall security posture, by enabling them to develop and enact complex policies aligned to risk management and mitigation. Second, our platform integrates with our customer’s existing infrastructure and application stacks to simplify the ability to infuse authorization within applications and reduce the complexity of authorization deployment tasks.
Our pioneering attribute-based access control (ABAC) approach has helped organizations worldwide successfully roll out authorization initiatives to achieve their unique access management goals and requirements. Finally, our solution can pull attributes from any IAM source, so whether there’s a massive IGA deployment or a broad access management system already in place, we work to optimize that investment for our customers.
SD: How is the pandemic affecting your industry?
JB: Before the pandemic, many enterprises talked about digital transformation, but after March 2020, they had to accelerate those plans to accommodate a remote workforce and customer base. That also meant deploying a new approach to access control, moving from a “verify once via the corporate VPN” approach to a strategy that looked at access in real-time, both during the authentication process and after. That’s why you’re seeing such a demand for authorization solutions like ours. Enterprises understand they need to have robust authentication, but they also need authorization. It’s no longer enough to permit or deny access. Enterprises must look at what a user – either a person or a machine – can do once they’re granted access and continue to assess that in real-time. I think this is only the beginning of the demand we’re going to see for more modern access control and, specifically, authorization solutions.