Universities, RBAC, and Regulations

I recently had a short piece published in the Fall issue of the ACUTA Journal. It doesn’t look like they make the journal available to non-members but I got permission to share just the portion that I wrote. It is a high-level summary of role-based access control (RBAC) and how it relates to some of the emerging regulatory requirements for higher-education networks. Here’s the opening paragraph:

As recently as 10 years ago, we had it easy: Users stayed put at desktop machines, IP addresses never changed, and IT wasn’t on any lawmaker’s agenda. Solutions focused on the threats of the time, which, compared with today, weren’t many. But now technologies and threats are changing so fast that it’s hard to keep up. We can no longer count on a fixed IP address or even on a single device for a given user. We all want network access from the increasingly large pool of devices and access methods, and this has dramatically complicated the security task.

Technorati Tags: ,

Leave a Reply