If you’re unfamiliar with dynamic authorization, be prepared for an epiphany of sorts. It could very well be the biggest little secret you’ve never heard of with respect to data security. What with all the cloud apps, mobile devices, Big Data, and productivity tools that consume our professional lives these days, legacy access control solutions are having a difficult time keeping pace.
Passing of the Baton
Since the mid-1990s, role-based access control (RBAC) has been the de facto standard for managing access to business-critical data, which was often held in massive enterprise resource planning (ERP) applications. Within these ERP applications, you could find sensitive HR, financial, and planning data like social security numbers, payroll numbers, and inventory forecasts.
However, attribute-based access control (ABAC) has emerged as the heir apparent to RBAC as the former is better equipped to deal with the complexities of today’s IT landscape. Behind the scenes of ABAC is a technology called dynamic authorization, where authorization and access rights to your organization’s network, applications, data, or other sensitive assets are granted dynamically in real-time based on attributes.
These attributes could be based on user status, data classifications, and environment information. That’s just a fancy way to say that policies can be sliced and diced on items such as citizenship, department, geographic location, device type, file type, actions like uploads, downloads, edits, etc. It’s a far more flexible way to control access to sensitive data, especially given the distributed nature of today’s business.
Case in point: global collaboration is increasingly the norm to get things done. Supply chains are spread out across the globe. Exchanging information with colleagues and partners is essential for seeing projects through to completion. However, in doing so, you have to be mindful of the potential security risks of sharing confidential or sensitive data.
Protecting the Crown Jewels
Whether you work in manufacturing, aerospace & defense, pharmaceuticals, or high tech, protecting the crown jewels is supremely important to maximizing profit margins, retaining market share, or simply avoiding bad publicity. That’s why it’s so important NOT to overlook technologies such as dynamic authorization. It’s that “behind the scenes” technology you take for granted – like the timing belt in your car, the mag stripe on your credit card, the Enter key on your keyboard.
In the context of access control, dynamic authorization takes the pain and stress out of managing role-based policies (i.e., RBAC). With RBAC, any time a new variable is introduced (such as a new geographical location or a new project assignment), the company needs a new set of roles to account for each change. Given the complex ecosystem of users, devices, clouds, partners, customers, and supply chains that is characteristic of today’s companies, the number of roles can increase exponentially, making it extremely difficult to manage going forward.
With ABAC, hundreds or perhaps thousands of roles can be replaced by just a few policies. These policies are managed centrally across all applications and systems, providing a single pane of glass over all the attributes of an organization. Centralized management makes it easy to add or update policies and quickly deploy them across the enterprise.
Moreover, these policies are managed externally from the protected application (aka “Externalized Authorization Management”), so they can be modified without requiring code changes or application downtime. This enables organizations to react quickly to changes in business or regulatory requirements, greatly increasing agility and flexibility and enhancing overall data protection.
Dynamic authorization has benefits on the risk management side, too. By tracking and logging user activities and data access events in real-time, security and compliance teams can gather analytics on user behavior and access patterns to identify suspicious activities that might indicate a potential security breach.
Happy Stakeholders Across the Board
So, at the end of the day, dynamic authorization brings a wide range of benefits to the table. From protecting sensitive data to keeping compliance officers happy to simplifying IT administration, dynamic authorization best positions companies to succeed in an increasingly globalized and collaborative business environment.
If you want to learn more, check out our white paper on how to implement an ABAC-based data security strategy, or you can read it from NIST itself, the industry-standards body that NextLabs collaborated with in defining the ABAC solution.