According to National Institute of Standards and Technology (NIST), Attribute-Based Access Control (ABAC) is defined as “an access control method where subject requests to perform operations on objects are granted or denied based on assigned attributes of the subject, object, and environment conditions, and a set of policies that are specified in terms of those attributes and conditions.” ABAC increased in popularity over the last decade as it resolves key cybersecurity issues through dynamic and fine-grained access control on-premises and in hybrid cloud environment.
Best Practices for Successful ABAC Implementation
To ensure the realization of these benefits, it is essential to establish best practice guidelines for successful ABAC implementation. This white paper summarizes six key areas to ensure successful ABAC implementation. Download the white paper to read the full explainer, and here is an overview:
- High quality attributes: Attributes are the foundation of ABAC that determine access to business-critical data. They are characteristics about the user, the data, or the environment, such as group, department, employee status, citizenship, position, device type, IP address, or any other factors which could affect the authorization outcome. Choosing the right ones among the numerous available attributes enables organizations to make accurate, real-time business decisions in a dynamic manner.
- Real-time policies: Consisting of different attributes, carefully designed policies save costs and management overhead. A small number of real-time policies suffice to offer simple, flexible, and resilient solutions when applied across applications to address complex internal controls, security, governance, risk, and compliance requirements.
- Consistent access control policies: Applying a consistent set of policies across key business processes and multiple applications provides organizations with more agility to comply with regulatory requirements and respond to dynamic market changes in an ever-changing environment.
- Master data drives attributes: Nowadays, data becomes a valuable corporate asset of strategic and functional importance. Essential to operations in business processes, master data forms the foundation for a reliable source of attributes used to derive and implement ABAC policies. Its quality is instrumental to a successful use of ABAC.
- ABAC for structured and unstructured data: Applications manage 75% of unstructured business-critical data such as documents and files. They are shared extensively both internally and externally, calling for a consistent approach in access management to enable secure collaboration and persistent protection of the data. That’s where ABAC comes in with its real-time policies, which are applicable to both structured and unstructured data and facilitate work efficiency in multiple business departments.
- Co-existence of RBAC and ABAC: ABAC complements the traditional Role Based Access Control (RBAC) but doesn’t always replace it. Attribute-based policies help avoid role explosion commonly seen in RBAC, and it can be used with RBAC to derive more value out of existing applications and avoid migration headaches.
For more detailed explanations, examples, and scenarios, please download the white paper.