Introduction to Knowledge-based Access Control

Modern approach to access control

At IndyKite, we see a significant opportunity around the use of knowledge to form the policies that govern access. What if we applied machine learning and AI to the information? What if we used a flexible data structure to identify connections and patterns? What could this mean, not just for individual users but also for smart devices and IOT? 

Broadening our understanding and use of access management and identity data can present an untapped opportunity for businesses, not only providing security but value.  
Lasse Andresen

Knowledge-based Access Control (KBAC), employs knowledge harnessed by the underlying knowledge graph, to express relationships and context present in the real world. This creates smarter, more adaptive and dynamic access control policies. By interrogating the continuously changing context, KBAC can unlock higher risk protection, enhance security, drive more intelligent decisions and uncover new insights for product creation or value realization.

Using the identity data, context, and relationships, IndyKite offers a progressive approach to authorization access controls with its Knowledge-based Access Control (KBAC) solution.

Connected graph-based data models have been in use for decades, yet applying them to authorization is quite new. 

At the core of the IndyKite Platform, is the Identity Knowledge Graph, which enables organizations to aggregate data from multiple sources, building an operational data layer that supports innovative and sophisticated use cases - going well beyond traditional IAM usage.It provides a real-time view of your identity landscape that holistically captures the identities of customers and IoT devices along with the rich relationships between them.

Organizations can populate IndyKite’s Identity Knowledge Graph with their specific business domain data, to create a “map“ of all the identities and their relationship with various business resources, devices and people. 

The Identity Knowledge Graph also allows flexibility in a data structure so you can change while running. This means the model of ‘Nodes‘, ‘Relationships‘, ‘Properties‘, and ‘Metadata‘ can be used to describe and store a highly contextual representation of an organization’s “real world“. The flexible and intuitive graph model helps to balance the complexity as the scope grows. 

KBAC is implemented on top, leveraging the connected and enriched data, enabling contextual and real-time decisions from data modeled on your business domain. This advanced authorization tool allows you to intuitively design granular, secure and intelligent authorization decisions.

Simply design your authorization policy with our drag and drop tool, with reference to your users, systems, entities and the relationships between them. This policy will remain responsive to your real-time data and user context, the addition of new data points, and adjustments to your policy logic. 

Benefits 

Authorization that reflects the real world

By capturing data reflective of the real world, where context is king and relationships exist in every direction, we gain new insights, discover new opportunities to create business value while ensuring a high level of assurance and trust. For example, the data can be used to drive hyper personalized experiences, recommendation engines, buyer behavior analysis, up-sell or cross-sell.

Real time risk identification

By constantly interrogating the context, knowledge driven authorization can identify risks based on user data patterns, providing a higher level of security and response.

Enhances the query context

By performing semantic extraction from The Digital Twin (attributes, relationships) and accessing resources (keywords, metadata and ontologies), you can uncover hidden insights that can create business value.

Connects siloed data and removes fragmentation

Knowledge driven authorization can connect disparate data from multiple sources, enabling orchestration across all platforms and systems. This means simple and flexible management, while providing granular and intelligent access control, and a frictionless user experience.

Access control that enables growth

Applying KBAC to authorization can ultimately drive incredible value across your business, improving user experience, creating opportunities for growth and getting granular data analytics to learn from and improve your offering. This is a new way of thinking about identity solutions, moving beyond a security focused, cost prevention strategy, to how identity can achieve greater security while enabling business growth and value creation.

To learn more, download the KBAC product sheet here.

Have more questions?

We can help! Drop us an email or book a chat with our experts.