SAP Field Level Security – Augmenting Roles with Attributes

By Ashwin Bhaskar, Senior Software Engineer at NextLabs

In the first part of the blog Series, we discussed the importance of ABAC (Attributes Based Access Control) as a way to augment traditional RBAC (Role Based Access Controls) for field level security.

Let us now analyze how we can go about implementing field level security using a combination of RBAC and ABAC approaches. more “SAP Field Level Security – Augmenting Roles with Attributes”

Data Security in the Cloud – beyond Encryption

by Sudhindra Kumar, Principal Software Engineer at NextLabs

Kentucky recently joined 46 other states in the U.S. that enacted a data breach notification law.  California is the vanguard – enacting the first such law in 2002.  And now, the high profile data breaches of retailers Target and Neiman Marcus are serving as stimulants for revisions to and improvements of the breach notification laws. more “Data Security in the Cloud – beyond Encryption”

DFARS Subpart 204.73 – SAFEGUARDING UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION

By Dennis Andrie,

On November 18, 2013, The Defense Acquisition Regulatory Council (DARC) issued its final ruling for Defense Acquisition Regulations System (DFARS) Subpart 204.73 and associated contract clause 252.204-7012, Safeguarding of Unclassified Controlled Technical Information.The new subpart presents a high level guide to actions that need to be undertaken by companies that contract or subcontract with the U.S. Government to protect Unclassified Controlled Technical Information in the course of executing the U.S. Government contracts. more “DFARS Subpart 204.73 – SAFEGUARDING UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION”

SharePoint 2014 Key Security Takeaways – Our Top 5

By Mandy Pang, Senior Product Manager

SharePoint 2014 Key Security Takeaways – Our Top 5

  1. The conference attendees were buzzed on Attributes.  Specifically, attribute-based security models for SharePoint.  Role-based models are no longer making the cut – they leave collaboration vulnerable.  Attribute-based solutions have fine-grained control.
  2. Clouds, of course was big, even bigger was the topic of protecting data in-transit to/from cloud and at rest in the cloud.  Securing Office 365 was another hot topic.  There was a great deal of discussion around the need for comprehensive end-to-end protection of intellectual property while satisfying the regulations set forth by a company’s compliance office.  If the data or IP was to be accessed by or transmitted to an employee or contractor outside of the company’s firewall, then concern was expressed on how to safeguard the data.
  3. SPC14 was global with a good portion of attendees coming from Europe.  Interestingly enough, a lot of European companies are looking to the U.S., particularly Silicon Valley, for solutions on automated information rights management.
  4. The architects, developers, and I.T. leaders with which I spoke were eager to learn about how to automate fine-grained access control for all work-product in a SharePoint environment.
  5. Extensibility was also discussed.   At SPC14 the conversations were about information rights management extensibility – starting off with one Microsoft solution such as SharePoint, then extending the same information rights management solution to Office 365 and other products.

more “SharePoint 2014 Key Security Takeaways – Our Top 5”

Cloud Security – Protecting data at rest and in transit – Information Risk Management for the Cloud

By Sudhindra Kumar, Principal Software Engineer at NextLabs

In my previous blog, we discussed about Data Governance Policies and Regulatory Compliance.

In this post, we’ll see some of the options available to protect data at rest and in transit. A few years ago, protecting data in transit was considered more important than protecting data at rest. However, with the proliferation of Internet and cloud technologies, and the subsequent issues related to data breaches have put the spotlight on protecting data at rest as well. Let us take a look at different solutions for protecting data at rest and in transit: more “Cloud Security – Protecting data at rest and in transit – Information Risk Management for the Cloud”

Can we turn off Snowden’s access after the fact?

By E.K. Koh

In my last blog, Would data-level controls have stopped Snowden, I highlighted the importance to separate system rights from data rights. But what if Snowden was using a login credential that in fact grants him rights to sensitive data? Accounts vary, but in the blog What the Snowden affair taught us , Anand alluded to the fact that Snowden gained access by stealing credentials of users with higher privilege. Unfortunately, even a system with fine grained data entitlement capabilities will not be able to stop Snowden, under his new identity, from copying sensitive data. more “Can we turn off Snowden’s access after the fact?”