Access control is a fairly broad category that includes identification, authentication and authorization.
Access control is a fairly broad category that includes identification, authentication and authorization.

Access control is a fairly broad category that includes identification, authentication and authorization. These three areas need to be covered but with the growth of the enterprise and the blurring of the perimeter other considerations impinge on the simple act of controlling access to systems, data and applications.

For example, we see greater emphasis on access to applications that are, themselves, internet-facing. In days past we had simple architectural ways to craft a network that let a few authorized users gain access, however indirectly, to backend data stores. Today we have perimeters that range from semi-permeable to almost non-existent. Rafts of relatively unknown users seek legitimate access to sensitive backend data and we must provide that access – safely, efficiently and easily – if we are to remain competitive in our businesses.

Add to those, the challenge of provisioning huge numbers of users – many of whom are completely unknown, but important nonetheless – with access controls that work, are easy to use and effective, and you have a set of Herculean challenges. What is most important, however, is the very strong emergence of access control as much of a business challenge as a technical one.

As we move the user closer to the application and, thus, the data, we find that business issues not only drive but complicate the mechanics of access control. Now we must determine who should access what and why. That is as it always has been to a point but now there is an added dimension of complexity brought on by widely dispersed locations, users at all levels (from employees to customers), access directly to applications without any firewall to intervene, and the need to protect critical and sensitive data while allowing this extremely granular access.

The answer – as is quite common now – is to move to the cloud. Access control and many other security functions, as we will see, may actually work best in a SaaS environment. Centralized control of a very decentralized process used to feel like an oxymoron, but with SaaS we can achieve it and manage it well. That is the type of innovation that this year's access control Innovator has brought to bear on a very tough challenge.