By Sandeep Chopra.
“Attributes” is the new Role?
In the last Gartner Identity and Access Summit in Nov 2013, Gregg Kreizmann, Research VP in Gartner, made a prediction that by 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today.
In Oct 2013, NIST published their report titled “Guide to Attribute-based Access Control Definition and Consideration”, which we discussed in an earlier blog. This is recognition that organizations, including the federal government, need to govern how information is shared across systems, applications, and organizations. more “Attributes is the new role?”
by Sudhindra Kumar
In my previous blog, we took at peek at the key challenges that confront anyone who’s moving their data to the cloud. Let us see how to mitigate some of those challenges. Protecting data in the enterprise comes before protecting it in the cloud. If you don’t have the right data governance policies within the organization, then protecting data in the cloud is going to be a nightmare. Ensure that you have well defined data classification, data tagging and access control guidelines in place before moving your data to the cloud. more “Data Security in the Cloud – Data Governance Policies and Regulatory Compliance”
by Andy Han
The National Institute of Technology and Standards (NIST) held a conference a few months back on Attribute Based Access Control (ABAC). The primary objective of the conference was to promote a special publication on ABAC and the event brought together leaders from various government programs, technology vendors, industry analysts and subject matter experts on authorization and access control. The event and paper are recognition that the adoption of ABAC is accelerating and that we needed to put in writing a shared understanding of when and how to deploy ABAC. more “NIST Report Reflects Increasing Need for ABAC…but Over-Engineers Its Deployment”
By Andy Han.
I have been following the blog debate over the death of XACML spurred by Andres Cser at Forrester. The conversation reminded me of a similar debate we had here at NextLabs over eight years ago. In 2004, XACML was dead. I think there was one commercial product. But the security market was starting to shift its focus from securing the network and applications to securing the data (for example the early DLP companies were getting traction). It was clear that the model companies used to secure their data was so manual and inflexible that it would never scale to meet the demands of future regulations, mobility, cloud, and hyper collaboration. So the big idea: “What if you could write a policy about how your information should be protected and it would be enforced universally?” An obvious good idea and a hard problem – Sign me up! more “XACML is Growing Up”
By EK Koh.
Many companies need to protect sensitive intellectual property (IP) as they collaborate globally on product designs and across multi-level supply chains. They also need to comply with cross-border export regulations even as they collaborate and share technical data with global customers, partners and employees. more “Industry Spotlight: How does GE Oil & Gas manage operational Information Risk?”
By Soujanya Madhurapantula.
Recap from my previous SAP Security post:
As we discussed last week, traditional authorization models like role based access control (RBAC) were never intended for complex use cases. These models focused on static job roles or work-group use cases and assigned permissions to data. more “How to do Data Level Control without the Constraints of RBAC”