The Case for Attribute-Based Policies in eDRM

In today’s collaborative world, eDRM (Enterprise Digital Rights Management) is proving to be one of the most effective ways to share documents with partners. EDRM is a technology that enables companies to restrict access to documents containing sensitive information, both inside and outside the corporate firewall. The way it works is documents are rights protected using AES encryption and then policies are applied to control access and usage rights (view, edit, print, etc.). If a user is not entitled to view the document, he cannot open it. If he is entitled to view the document, usage may be restricted. more “The Case for Attribute-Based Policies in eDRM”

Can we turn off Snowden’s access after the fact?

By E.K. Koh

In my last blog, Would data-level controls have stopped Snowden, I highlighted the importance to separate system rights from data rights. But what if Snowden was using a login credential that in fact grants him rights to sensitive data? Accounts vary, but in the blog What the Snowden affair taught us , Anand alluded to the fact that Snowden gained access by stealing credentials of users with higher privilege. Unfortunately, even a system with fine grained data entitlement capabilities will not be able to stop Snowden, under his new identity, from copying sensitive data. more “Can we turn off Snowden’s access after the fact?”

Attributes is the new role?

By Sandeep Chopra.

“Attributes” is the new Role?

In the last Gartner Identity and Access Summit in Nov 2013, Gregg Kreizmann, Research VP in Gartner, made a prediction that by 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today.

In Oct 2013, NIST published their report titled “Guide to Attribute-based Access Control Definition and Consideration”, which we discussed in an earlier blog. This is recognition that organizations, including the federal government, need to govern how information is shared across systems, applications, and organizations. more “Attributes is the new role?”

XACML is Growing Up

By Andy Han.

I have been following the blog debate over the death of XACML spurred by Andres Cser at Forrester.  The conversation reminded me of a similar debate we had here at NextLabs over eight years ago.   In 2004, XACML was dead.  I think there was one commercial product.   But the security market was starting to shift its focus from securing the network and applications to securing the data (for example the early DLP companies were getting traction).  It was clear that the model companies used to secure their data was so manual and inflexible that it would never scale to meet the demands of future regulations, mobility, cloud, and hyper collaboration.  So the big idea: “What if you could write a policy about how your information should be protected and it would be enforced universally?”   An obvious good idea and a hard problem – Sign me up! more “XACML is Growing Up”