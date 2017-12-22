Each year we opine that the nature of access control has changed and evolved. Well, not to sound like a broken record, but we must say that again this year. Part of the reason that we are seeing these changes is the same reason we are seeing changes in the Perimeter Defense category: the dissolution of the perimeter. But at the same time, while perimeter defense is wandering about lost looking for a perimeter to defend, access control tools are working overtime for the same reason: access control is becoming less and less centralized on the perimeter.

Now, instead of simply guarding the gates to the enterprise, we have a wide variety of accesses that need controlling. Now single sign-on, a dicey and somewhat controversial form of access control back in the day has become the order of business and Kerberos, a technique that was difficult to understand for many and more difficult to deploy for most, has become a standard. So, what's left? Have we solved the access management problem in one (or two) fell swoop? Hardly. But what we have done is shrink the body of innovators significantly.

As you will see from this year's one company participant, it takes a heap of thinking to innovate in the space. We like to think that our innovators always are looking ahead to things that we mere mortals have yet to consider. And, usually, they are. But nowhere do we feel that forward thinking is more important than today where the threatscape is changing constantly and yesterday's solutions to the access control challenge are hopelessly outmoded almost before they hit the streets.

The adversary focuses on access control for one reason: it usually is hopelessly inadequate. Even with decades of warning we still see that the majority of access control is single factor and the factor is the tired old username/password combo. To exacerbate the problem, the typical user can't seem to get it through his or her head that fido123 is a terrible password. There are worse, of course, and periodic surveys remind us of just how bad people's password selections really are. But we giggle and use the same old tired access control.

So, with that in mind, we take a look at this year's innovator in this space.