Attribute-based access control (“ABAC” for short) has reached the point of mass adoption with respect to access control technologies. In fact, the National Cybersecurity Center of Excellence developed a reference design for ABAC that provides organizations “greater efficiency, flexibility, scalability security.” To ensure that those benefits are realized, however, it’s essential to establish best practice guidelines when it comes to implementing ABAC successfully.
ABAC can be instrumental in reducing enterprise risks such as insider threats, loss of customer data and personally identifiable information (PII), leakage of trade secrets and intellectual property, and fraud. The use of context in access decisions can also lead to substantial cost savings since ABAC systems enable more efficient policy management and regulatory compliance. Furthermore, organizations can continue to leverage much, if not all, of their previous investment in existing IT infrastructure. more “Words of Wisdom: How to Ensure a Successful ABAC Implementation”
When you’re driving your car, you view it as something completely protected. You’re driving it, and if you’ve maintained it, it’s going to likely drive as it should. I recently spoke with a friend who said he views his car as a ‘black box’; he drives it, but he relies on his mechanic to tell him if something is wrong with it. The unfortunate reality is that now, even while you’re driving, your car could potentially be taken over by a rogue hacker.
While it may sound like something out of a spy thriller or sci-fi novel, over the last few years, hackers have found numerous ways to hack into a vehicle, from taking over the on-board navigation system through an unsecured WiFi network designed to look like a public network, to hacking into a local mechanic’s diagnostic system then using that system to access the car’s on-board diagnostics. more “Could Your Car Be Hacked? It’s More Possible Than You Think.”
If you’re unfamiliar with dynamic authorization, be prepared for an epiphany of sorts. It could very well be the biggest little secret you’ve never heard of with respect to data security. What with all the cloud apps, mobile devices, Big Data, and productivity tools that consume our professional lives these days, legacy access control solutions are having a difficult time keeping pace. more “Why Dynamic Authorization Is a Big Deal in Data Security”
By EK Koh |
Recently Forrester published a report titled “Twelve Recommendations for your Security Program in 2014”. There are many good recommendations. One of them is: “Define your Data and give it an Identity to better protect it”.
This is timely. more “Give your Data an Identity?”