Ward Duchamps is CEO of Scaled Access. After about two decades of consultancy in Identity & Access he thought it was time to build an advanced authorisations platform that lets people securely access and share protected content, data or tools.
In this short interview he tells us more about his vision on access management.
Scaled Access is maybe not that known (yet) for the audience. What could you tell us?
Well, maybe that might be because IAM is 80% about identity and only 20% about access. On top of that, access management has a bad reputation. Computer says no. Scaled Access was born from the idea that access management needed to be more user-centric. So we invited relationship-based access control, allowing people to gain and grant access to applications, resources and services. We now have over 30 million users and customers such as Coca-Cola, Michelin, Roularta, to name a few. Oh, and we’re based in Leuven, Belgium, which is similar to let’s say Leiden in the Netherlands.
Standardization for authorization management is key, people say. Organisations could benefit from this because it will take less time for integration with backend systems and thus will a positive influence on e.g. ROI. Do you agree? If so, how does this reflect using Scaled access?
Yes and no. This makes sense for staff working in a corporate environment, and this is covered by Role-Based Access Control (RBAC). But access for the extended workforce, think about partners, part-time freelancers, etc., do not fit these roles. You can’t say they do not need access to the backend systems, for example, logistics information. Access rules – instead of roles – offer the flexibility required to work with external identities.
You can’t fit consumers into standardized roles either. Authorization management for consumers goes completely the opposite way of standardized roles. Each consumer is unique, and so are his access rights. Consumers are not part of companies but of families, sports clubs, friends, or interest groups. Interpersonal relationships determine what a consumer is allowed to do.
Great that you will be presenting at the annual IDnext event. What will be your main message?
Stop looking at access management only from a security perspective, and understand that it can become significant to build new business models.