* One reader is amazed how vendors use the words "Policy" and "Rules" interchangeably The discussion we’ve been having on the term “policy” has been generating quite a bit of traffic for my inbox. I’m going to share a fair amount of that with you while trying to avoid the activity colloquially known as “kicking a dead horse.”Jeff Davis, a director of product architecture at Safestone Technologies (https://www.safestone.com/) mentioned that before being directly involved in the world of identity management, he was “… always amazed about how vendors use the words Policy and Rules interchangeably.”He explains: “The Policies I was involved with in my former life at a bank were very high-level and were supported by more stringent rule sets. It was the rule sets that could be ‘codified’ or ‘enforced’ electronically. Other policies could not be supported by rules but supported by practice and the practice was subject to providing an audit trail to ensure compliance.” Policies, points out Davis, should be paper-based (like the original example of a “dress policy” see https://www.nwfusion.com/newsletters/dir/2004/0830id2.html. Rules are then codified to support the policy.Davis gives as an example a corporate policy (i.e., one written in a policy manual) that might state “You must change your password at regular intervals.” Rules of the form “You must change your password every XX days” could then be instituted electronically where the number of days (“XX”) would differ for different groups and roles. One of Davis’ points is that policies should be harder to change than rules and that rules are used to support policies. He concludes: “I would prefer the vendors use the term Rule Based IAM [Identity and Access Management] rather than policy based as an IAM solution is quite specific in its approach and a tool to support/enforce policy. As for acronyms – maybe BRML and XBRML.” (As a security guru, Davis uses IAM where many of us would use Identity Management.) I certainly can’t disagree with the broad outlines Davis presents. If you can, or if you can bolster his argument, drop me a line and let me know. Related content news EU approves $1.3B in aid for cloud, edge computing New projects focus on areas including open source software to help connect edge services, and application interoperability. By Sascha Brodsky Dec 05, 2023 3 mins Technology Industry Technology Industry Technology Industry brandpost Sponsored by HPE Aruba Networking Bringing the data processing unit (DPU) revolution to your data center By Mark Berly, CTO Data Center Networking, HPE Aruba Networking Dec 04, 2023 4 mins Data Center feature 5 ways to boost server efficiency Right-sizing workloads, upgrading to newer servers, and managing power consumption can help enterprises reach their data center sustainability goals. By Maria Korolov Dec 04, 2023 9 mins Green IT Servers Data Center news Omdia: AI boosts server spending but unit sales still plunge A rush to build AI capacity using expensive coprocessors is jacking up the prices of servers, says research firm Omdia. By Andy Patrizio Dec 04, 2023 4 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe