Attribute Based Access Control

Attribute-Based Access Control (ABAC) is an authorization model designed to protect the data itself, rather than controlling access via a role, network security or application security. It is being adopted by multiple government agencies and is projected to grow considerably in business usage over the next few years.

Data can be compromised in many ways, including:

  • User error or mistake, such as sending an email to the wrong person
  • Malware sent to an employee’s email
  • Malicious hacking
  • Internal employee or contractor theft
  • Compromised supply chain

…the threats can come from anywhere.

Data compromises are common occurrences with many implications, including:

  • Loss of intellectual property
  • Non-compliance with applicable security-related regulations
  • Inability to execute on strategic initiatives
  • Negative publicity
  • Malfunction or disruption of critical systems that can lead to threat or loss of life

These implications lead most companies to protect their data in the following ways:

  • Access Control Lists
  • Network or perimeter security around mission-critical applications
  • Role-Based Access Control (RBAC)

Unfortunately, these traditional security models are not sufficient to support data proliferation and business requirements for collaboration. The changing business landscape demands more and more global interaction, opening the door for data compromise through the life of a program.

ABAC is based on policies set up by the owner of the data and uses an ‘IF/THEN/AND’ model to ensure the data is unable to be compromised. An example may include a ‘User’ who can ‘View/Edit’ only ‘secret documents’ if they have ‘user clearance,’ and ‘located in the US’ and have a ‘MultiFactor’ authentication type. Failure to meet any of these criteria means the data will be unreadable or unavailable.

Unstructured data can be protected by ABAC leveraging Digital Right Management technology to encrypt the data. To view/edit the data the user will need to be authorized and the data will be decrypted in a controlled way.

ABAC offers many benefits to the user, including:

  • Persistent rights management, so the data is encrypted in perpetuity
  • A single source to control the data
  • The freedom to share the data if the audience meets the policy

ABAC offers many benefits to the company, including:

  • Enabling compliance with regulations such as export control, privacy or other IT-related regulations
  • Quick response to corporate restructuring
  • Increased accountability with audit and reporting
  • Efficiencies with identity and access management to reduce cost and get faster access

Attribute-based access control is a new technology allowing for significant safety, reliability and protection of data and is poised to be the standard for businesses in the near future as more and more companies, including every branch in the United States military, implements this data protection strategy.

Related resources