Data Retention and Disposal in the cloud

By Sudhindra Kumar, Principal Software Engineer at NextLabs

In this blog series, we’ve discussed some of the key challenges impeding adoption of the cloud. In this instalment, we’ll talk about Data Retention and Disposal in the cloud. A lot of attention is paid to cloud data protection, regulatory compliance for cloud data, and how to handle data breaches. Of equal importance are the Data Retention and Disposal requirements. Both of them are key components of a good information security strategy. more “Data Retention and Disposal in the cloud”

What are the Financial Costs of Data Loss?

By E.K. Koh, VP of Solutions at NextLabs |

The direct financial costs include future loss of revenue when trade secrets are stolen today. According to the Battelle Foundation report “2013 Global R&D Funding Forecast”, the financial costs of intellectual property theft – internal and external – are compounded over time. When trade secrets are stolen, so is the future revenue that would come from licensing and sales of the research and of the products created. more “What are the Financial Costs of Data Loss?”

SAP Field Level Security – Augmenting Roles with Attributes

By Ashwin Bhaskar, Senior Software Engineer at NextLabs

In the first part of the blog Series, we discussed the importance of ABAC (Attributes Based Access Control) as a way to augment traditional RBAC (Role Based Access Controls) for field level security.

Let us now analyze how we can go about implementing field level security using a combination of RBAC and ABAC approaches. more “SAP Field Level Security – Augmenting Roles with Attributes”

Cloud Security – Protecting data at rest and in transit – Information Risk Management for the Cloud

By Sudhindra Kumar, Principal Software Engineer at NextLabs

In my previous blog, we discussed about Data Governance Policies and Regulatory Compliance.

In this post, we’ll see some of the options available to protect data at rest and in transit. A few years ago, protecting data in transit was considered more important than protecting data at rest. However, with the proliferation of Internet and cloud technologies, and the subsequent issues related to data breaches have put the spotlight on protecting data at rest as well. Let us take a look at different solutions for protecting data at rest and in transit: more “Cloud Security – Protecting data at rest and in transit – Information Risk Management for the Cloud”

Can we turn off Snowden’s access after the fact?

By E.K. Koh

In my last blog, Would data-level controls have stopped Snowden, I highlighted the importance to separate system rights from data rights. But what if Snowden was using a login credential that in fact grants him rights to sensitive data? Accounts vary, but in the blog What the Snowden affair taught us , Anand alluded to the fact that Snowden gained access by stealing credentials of users with higher privilege. Unfortunately, even a system with fine grained data entitlement capabilities will not be able to stop Snowden, under his new identity, from copying sensitive data. more “Can we turn off Snowden’s access after the fact?”

Attributes is the new role?

By Sandeep Chopra.

“Attributes” is the new Role?

In the last Gartner Identity and Access Summit in Nov 2013, Gregg Kreizmann, Research VP in Gartner, made a prediction that by 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today.

In Oct 2013, NIST published their report titled “Guide to Attribute-based Access Control Definition and Consideration”, which we discussed in an earlier blog. This is recognition that organizations, including the federal government, need to govern how information is shared across systems, applications, and organizations. more “Attributes is the new role?”

Is Role-Based Access Control Sufficient?

By Soujanya Madhurapantula.

In SAP’s role-based security architecture, Users and Authorization objects are used to create profiles, such as “buyer” or “payer”, and these are used to define functional roles.

As a counter measure for potential fraud, the GRC Access Control Segregation of Duties can dictate that a user should not have, for example, both a buyer profile and a payer profile simultaneously.  In simple cases like this, SAP’s authorization concept works great!  It’s able to distinguish which user can perform a specific function by limiting their access to certain transactions, programs and services.  It even provides an easy way to administrate HR functions like role changes and employee turnover. more “Is Role-Based Access Control Sufficient?”