{"id":6836,"date":"2023-09-18T14:03:36","date_gmt":"2023-09-18T18:03:36","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=6836"},"modified":"2023-09-18T14:06:10","modified_gmt":"2023-09-18T18:06:10","slug":"pbac-why-policy-based-access-control-is-the-future-of-identity-management","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/","title":{"rendered":"PBAC: Why Policy-Based Access Control is the Future of Identity Management"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-6837\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2023\/09\/PBAC-Why-Policy-Based-Access-Control-is-the-Future-of-Identity-Management.jpg\" alt=\"PBAC\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2023\/09\/PBAC-Why-Policy-Based-Access-Control-is-the-Future-of-Identity-Management.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2023\/09\/PBAC-Why-Policy-Based-Access-Control-is-the-Future-of-Identity-Management-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2023\/09\/PBAC-Why-Policy-Based-Access-Control-is-the-Future-of-Identity-Management-768x384.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p><em><strong>Solutions Review\u2019s\u00a0<a class=\"fui-Link ___1idfs5o f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1hu3pq6 f11qmguv f19f4twv f1tyq0we f1g0x7ka fhxju0i f1qch9an f1cnd47f fqv5qza f1vmzxwi f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh ftqa4ok f2hkw1w fhgqx19 f1olyrje f1p93eir f1h8hb77 f1x7u7e9 f10aw75t fsle3fq f17ae5zn\" title=\"https:\/\/solutionsreview.com\/solutions-review-contributor-guidelines\/\" href=\"https:\/\/solutionsreview.com\/solutions-review-contributor-guidelines\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Link Contributed Content Series\"><u>Contributed Content Series<\/u><\/a> is a collection of contributed articles written by thought leaders in enterprise software categories. Oren Ohayon Harel of <a href=\"https:\/\/www.plainid.com\/\" target=\"_blank\" rel=\"noopener\">PlainID<\/a> argues why RBAC and ABAC are dead, and PBAC is the future of identity management.<\/strong><\/em><\/p>\n<p>Ten or fifteen years ago, cybersecurity was a (relatively) placid affair. There was, for one thing, simply less data circulating, and the data that was circulating was doing so within a fairly limited perimeter: servers were more often than not located on premises. Hackers, meanwhile, were less sophisticated than they are today and evolved at what now looks like an almost leisurely pace\u2014 keeping up with their tactics was not a 24\/7 job.<\/p>\n<p>All of that, we know, is now different. The rapid proliferation of multi-cloud computing, SaaS applications, microservices, API gateways, and more over the last decade \u2014 and especially in the years since the pandemic \u2014 has exponentially increased each business&#8217; potential sabotage points, and hackers have evolved to meet the moment. The IDSA reports that identity-related security breaches have affected 70 percent of enterprises in just the last two years\u2014a harrowing statistic in light of the fact that the cost of the average data breach is now estimated at $9.44 million.<\/p>\n<p>Passwords are the primary way through which bad actors access complex environments: a single password dump unrelated to your company can sow the seeds of your company&#8217;s demise. Given that fact, the standard identity management solutions that businesses have deployed over the years \u2014 primarily Role-Based Access Control (RBAC) and, more recently Attribute-Based Access Control (ABAC) \u2014 can no longer be relied on for comprehensive protection. Only Policy-Based Access Control (PBAC) can grant businesses the flexibility and transparency needed to keep their assets out of the hands of bad actors.<\/p>\n<br \/>Widget not in any sidebars<br \/>\n<h2><strong>PBAC: Why Policy-Based Access Control is the Future of Identity Management<\/strong><\/h2>\n<hr \/>\n<h3><strong>Why RBAC and ABAC No Longer Cut It When It Comes to Cybersecurity<\/strong><\/h3>\n<p>RBAC was first invented in 1992 and was steadily refined through the start of this century. For decades, it has been the gold standard in identity management, widely deployed by some of the biggest businesses in the country. It is a coarse-grained, static approach, the digital equivalent of a rudimentary keycard\u2014the employee inputs their username and password, and if their name is on the appropriate list, they are granted access. It is a blunt tool, insensible to the rapidly shifting facts on the ground\u2014all it can do, essentially, is say &#8220;yes&#8221; or &#8220;no&#8221; based on permissions assigned days or months in advance. For obvious reasons, then, RBAC is more than ready for retirement.<\/p>\n<p>In recent years. ABAC has become a popular alternative, and with good reason. ABAC is a significantly more sophisticated, fine-grained technology, able to factor in attributes like user, resource and environment when making permissions decisions. At a minimum, businesses should be deploying ABAC over RBAC. But ABAC comes with its own major problem: namely, its complexity. Its rules cannot be written in plain language\u2014 they have to be written in eXtensible Access Control Markup Language (XACML), which makes ABAC far too complicated for anyone outside of the IT department to properly use. Given the speed at which business moves \u2014 not to mention the speed at which security incidents occur. This is a real problem. Things will be slowed down significantly if a manager has to wait for the right IT department member to change this or that permission.<\/p>\n<h3><strong>Why Policy-Based Access Control (PBAC) is the Solution<\/strong><\/h3>\n<p>PBAC is a lot like ABAC: it offers fine-grained access control (or coarse-grained, when desired); it factors in environmental and contextual factors like the time of day, the employee&#8217;s location, and the asset they are attempting to access; it allows managers greater visibility into what people are accessing and when.<\/p>\n<p>But it also comes with one key difference&#8211; namely, it does not require users to encode policies with XACML. Instead, users can use a Graphical User Interface (GUI) to code policies in plain language, which means complex policies can be written, revised, and put into practice without the need for extensive IT knowledge. This allows managers to assert much more control over the permissions process\u2014no small thing at a time when more people than ever are working remotely and much more flexibility is needed when it comes to accessing company resources. It is important to note, too, that PBAC functions with every single component of the current technology stack, from data lakes and warehouses to APIs, microservices, cloud infrastructure, external and internal applications, and beyond.<\/p>\n<p>Think of PBAC as the next chapter in the identity management solution story, a story that began many decades ago when the US Department of Defense first employed logical access control, and which is still ongoing today. Really, it would not make any sense if our identity management solutions had not changed significantly in even just the last few years alone. After all, every other aspect of the digital sphere has grown more complex\u2014 so why wouldn&#8217;t our access management solutions, too?<\/p>\n<br \/>Widget not in any sidebars<br \/>\n","protected":false},"excerpt":{"rendered":"<p>Solutions Review\u2019s\u00a0Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Oren Ohayon Harel of PlainID argues why RBAC and ABAC are dead, and PBAC is the future of identity management. Ten or fifteen years ago, cybersecurity was a (relatively) placid affair. There was, for one thing, simply [&hellip;]<\/p>\n","protected":false},"author":909,"featured_media":6837,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5,1],"tags":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>PBAC: Why Policy-Based Access Control is the Future of Identity Management<\/title>\n<meta name=\"description\" content=\"Oren Ohayon Harel of PlainID argues why RBAC and ABAC are dead, and PBAC is the future of identity management.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Oren Ohayon Harel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/\",\"name\":\"PBAC: Why Policy-Based Access Control is the Future of Identity Management\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2023\/09\/PBAC-Why-Policy-Based-Access-Control-is-the-Future-of-Identity-Management.jpg\",\"datePublished\":\"2023-09-18T18:03:36+00:00\",\"dateModified\":\"2023-09-18T18:06:10+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/57a2413c08281b7187ea1a908ca728be\"},\"description\":\"Oren Ohayon Harel of PlainID argues why RBAC and ABAC are dead, and PBAC is the future of identity management.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2023\/09\/PBAC-Why-Policy-Based-Access-Control-is-the-Future-of-Identity-Management.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2023\/09\/PBAC-Why-Policy-Based-Access-Control-is-the-Future-of-Identity-Management.jpg\",\"width\":800,\"height\":400,\"caption\":\"PBAC\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PBAC: Why Policy-Based Access Control is the Future of Identity Management\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/57a2413c08281b7187ea1a908ca728be\",\"name\":\"Oren Ohayon Harel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/336b8ccc41abfcdd2f6514f30dd5018e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/336b8ccc41abfcdd2f6514f30dd5018e?s=96&d=mm&r=g\",\"caption\":\"Oren Ohayon Harel\"},\"description\":\"Oren Ohayon Harel is a co-founder and the CEO of PlainID. Oren brings substantial knowledge and experience in cybersecurity, with a special focus on user identity management, standards and regulations, technology implementation, and cross-organizational project development and deployment. In his previous role, Oren served as Deputy CISO at one of Israel\u2019s largest banks.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/ooharel\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PBAC: Why Policy-Based Access Control is the Future of Identity Management","description":"Oren Ohayon Harel of PlainID argues why RBAC and ABAC are dead, and PBAC is the future of identity management.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/","twitter_misc":{"Written by":"Oren Ohayon Harel","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/","url":"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/","name":"PBAC: Why Policy-Based Access Control is the Future of Identity Management","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2023\/09\/PBAC-Why-Policy-Based-Access-Control-is-the-Future-of-Identity-Management.jpg","datePublished":"2023-09-18T18:03:36+00:00","dateModified":"2023-09-18T18:06:10+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/57a2413c08281b7187ea1a908ca728be"},"description":"Oren Ohayon Harel of PlainID argues why RBAC and ABAC are dead, and PBAC is the future of identity management.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2023\/09\/PBAC-Why-Policy-Based-Access-Control-is-the-Future-of-Identity-Management.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2023\/09\/PBAC-Why-Policy-Based-Access-Control-is-the-Future-of-Identity-Management.jpg","width":800,"height":400,"caption":"PBAC"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/pbac-why-policy-based-access-control-is-the-future-of-identity-management\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"PBAC: Why Policy-Based Access Control is the Future of Identity Management"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/57a2413c08281b7187ea1a908ca728be","name":"Oren Ohayon Harel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/336b8ccc41abfcdd2f6514f30dd5018e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/336b8ccc41abfcdd2f6514f30dd5018e?s=96&d=mm&r=g","caption":"Oren Ohayon Harel"},"description":"Oren Ohayon Harel is a co-founder and the CEO of PlainID. Oren brings substantial knowledge and experience in cybersecurity, with a special focus on user identity management, standards and regulations, technology implementation, and cross-organizational project development and deployment. In his previous role, Oren served as Deputy CISO at one of Israel\u2019s largest banks.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/ooharel\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/6836"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/909"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=6836"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/6836\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/6837"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=6836"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=6836"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=6836"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}