Original Article (registration required)

An annual snapshot of the trends and issues impacting authorization and access control, the 2023 State of Authorization Report focuses on critical topics including identity threat detection and response (ITDR), authorization and the cloud, data authorization, policy-as-code and the emergence of the cybersecurity mesh architecture (CSMA).

The report takes an in-depth view as to how authorization influences these topics and how this will impact the overall access control market in the year ahead…

The Cyber Hut Comment: An annual long read reporting looking at some key trends in the authorization space. First up is a mention of increased cloud adoption and the rise of CIEM (cloud identity entitlements management). However this is not enough to manage complex access control issues - with on prem requiring dedicated authZ solution to allow a zero trust model to be fulfilled according to the report.

Next up the report mentions risk - and how things like consumer identity and hybrid environments require a more centralised and consolidated approach - with access control being left-shifted earlier within risk management processes.

The report continues with a mention of the rise in policy-as-code, where IAM teams must enable other parts of the application life cycle (such as app owners and devops engineers) with tools and processes that can allow access control logic to be created and managed in a range of different settings.

The report continues with a link to data governance - and how essentially data is the object most organisations wish to protect and how authZ has a huge role to play.

Another two buzz acronyms the report highlights are ITDR (identity threat detection and response) with the access control function essentially acting on intel from different parts of the enterprise and CSMA (cyber security mesh architecture). The latter being a Gartner term that is gaining some traction with respect to the complex fabrics of cyber security components being needed to secure the modern enterprise. Essentially another area where access control should be intergrateable.