Conferences co-hosted by NIST and Tetrate
DevSecOps and ZTA for multi-cloud environments
The conference program featured presentations by experts on service mesh architecture and national leaders in DevSecOps and ZTA deployment and demonstration of proof of concept use cases in multi-cloud environments.
Identity Management & Access Control in Multiclouds Workshop and Conference
The conference program featured experts on service mesh architectures, identity, and access control in modern-day cloud architecture and addressed the following themes:
- Mitigating insider threat
- Service mesh use cases, tools, analysis, and deployment experience
- Enforcing next-generation attribute-based access controls in the multi-cloud
NIST Zero Trust standards
By executive order, federal agencies have until July 2021 to respond with plans to implement Zero Trust Architecture with standards and guidance from the National Institute of Standards and Technology (NIST).
This is Zero Trust demystified.
Next-generation access control (NGAC)
NGAC is a fundamental reworking of traditional access control into a form suited to the needs of the modern, distributed, interconnected enterprise. NGAC is based on a flexible infrastructure that can provide access control services for a number of different types of resources, accessed by a number of different types of applications and users.
In this joint talk with David Ferraiolo from NIST, we introduced NGAC and did a live demo showing how it can be applied to augment traditional RBAC with high-level concepts such as time and location in an efficient and scalable way.
Different companies or software providers have devised countless ways to control user access to functions or resources, such as Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). In essence, whatever the type of access control model, three basic elements can be abstracted: user, system/application, and policy.
In this article, we will introduce ABAC, RBAC, and a new access control model — Next Generation Access Control (NGAC) — and compare the similarities and differences between the three, as well as why you should consider NGAC.