One of the biggest issues facing government and industry in a digital age is how to securely share sensitive and valuable information. While securely sharing information comes with benefits for productivity and service outcomes, it does come with risks. Foreign actors and cyber criminals are targeting this information, which can threaten national security and lead to financial and reputational harm. In an attempt to address this threat, many organisations add layers of security that often slows productivity and increases complexity.
Attribute Based Access Control (ABAC) is a security model that allows individuals to define the rules of who accesses information. Controlling who accesses information and under what conditions enables the right people to access the right information at the right time. ABAC allows individuals, government and industry to safely share with confidence that the conditions they set will be respected.
The ABAC model applies attributes to things like documents and users. A dictionary of attributes are created to build precise access control policies. Here is a simplified example of ABAC applied to document sharing and collaboration.
The attribute of geography is applied to the document
User attributes are defined based on department and clearance levels.
The policy would read, "If User A has geography = Australia, Clearance = NV1 and Department = 1, access is granted." If all rules within the policy are not met, access is denied.
An attribute is anything you can describe. Security is built around the combination of different attributes, such as security level or a specific device. Here are some examples:
ABAC can be applied to many different scenarios and organisations to facilitate trust and confidence when it comes to securely sharing information. Here are some examples of its applications to government and industry.
ABAC helps governments to facilitate safer and more productive inter-agency collaboration.
ABAC helps facilitate trust between government and industry by providing a common standard for the security of information.
ABAC facilitates a granular level of control, needed to protect the TOP SECRET and critical work of Defence.
ABAC helps Defence protect the nation’s most important information, across the supply chain.
ABAC enables financial services of all sizes to better protect client information and ensure compliance at all levels.
ABAC helps personnel to securely share valuable information needed to provide critical health and response services.
ABAC helps facilitate secure collaboration for big and complex projects, for increased productivity.
ABAC facilitates a greater level of protection over confidential documents and data, to uphold important justice systems.