Attribute-Based Access Control (ABAC) is an authorization model designed to protect the data itself, rather than controlling access via a role, network security or application security. It is being adopted by multiple government agencies and is projected to grow considerably in business usage over the next few years.
Data can be compromised in many ways, including:
…the threats can come from anywhere.
Data compromises are common occurrences with many implications, including:
These implications lead most companies to protect their data in the following ways:
Unfortunately, these traditional security models are not sufficient to support data proliferation and business requirements for collaboration. The changing business landscape demands more and more global interaction, opening the door for data compromise through the life of a program.
ABAC is based on policies set up by the owner of the data and uses an ‘IF/THEN/AND’ model to ensure the data is unable to be compromised. An example may include a ‘User’ who can ‘View/Edit’ only ‘secret documents’ if they have ‘user clearance,’ and ‘located in the US’ and have a ‘MultiFactor’ authentication type. Failure to meet any of these criteria means the data will be unreadable or unavailable.
Unstructured data can be protected by ABAC leveraging Digital Right Management technology to encrypt the data. To view/edit the data the user will need to be authorized and the data will be decrypted in a controlled way.
ABAC offers many benefits to the user, including:
ABAC offers many benefits to the company, including:
Attribute-based access control is a new technology allowing for significant safety, reliability and protection of data and is poised to be the standard for businesses in the near future as more and more companies, including every branch in the United States military, implements this data protection strategy.