Nowadays, data has become a valuable corporate asset of strategic and functional importance. The globalization of supply chains and various organizational consolidations call for a more flexible and agile solution to data protection that allows communication and information sharing. The white paper, “Dynamic Data Protection using Attribute-Based Access Control (ABAC)”, discusses the importance of dynamic data protection in relation to Attribute-Based Access Control (ABAC). Starting with the comparison between the mechanisms of Role-Based Access Control (RBAC) and ABAC, this paper elaborates how ABAC offers a more scalable solution to companies in a capricious environment. Applying ABAC, Data Access Enforcer (DAE), NextLabs data access security solution dynamically protects data through data masking, format preserving encryption (FPE), segregation, and data manipulation. Download the white paper to read three use cases of the range of scenarios DAE is suitable for.
RBAC vs. ABAC
RBAC is an access control mechanism that assigns multiple access privileges to roles, which is in turn assigned to a user. It is the most used access control method in companies today, but facing today’s dynamic business and digital environment, it lacks flexibility and scalability in data protection and segregation and can easily result in a role explosion.
In comparison, ABAC offers an alternative approach with more scalability, simplicity, and consistency across applications. It relies on runtime determination of access using predefined policies that evaluate different attributes of the user every time a user attempts to access the data and applications. Nowadays, ABAC has growing popularity among companies looking for more secure and flexible solutions for access control.
NextLabs Data Access Enforcer (DAE)
Nextlabs DAE provides dynamic data-level security controls and fined-grained data access governance to a variety of applications. Through NextLabs’ patented Dynamic Authorization platform, organizations can leverage attribute-based policy and centralized policy management to improve their security and compliance posture by relying on the three key features of DAE:
- Data Masking: NextLabs DAE supports two types of data masking, Dynamic Data Masking and Format Preserving Encryption (FPE). FPE protects data at rest while Dynamic Data Masking protects data on the fly. FPE obfuscates sensitive information at the database level and data is only decrypted to authorized users, whereas dynamic data masking is applied at the data access level, and masking of data is managed in real-time based on policies.
- Dynamic Data Filtering: DAE provides the option to filter data by granting access to view the data only to authorized users with the assigned attributes, such as industry, location, positions, etc.
- Data Manipulation Controls: DAE also helps organizations to control the authorization of data manipulation at both application layer level and at the database level.
Download the white paper to learn more about how NextLabs Data Access Enforcer (DAE) can be used to dynamically protect data using ABAC to ensure that data remains secure through multiple use cases.