#

Back to Blog

What is Attribute-Based Access Control or ABAC?

by | Mar 30, 2021

One of the biggest issues facing government and industry as digital transformation accelerates is how to securely share sensitive and classified information. While information sharing and collaboration comes with tremendous benefits for productivity and service outcomes, it does come with risks. Learn about ABAC, the security model underpinning our solutions, and how it can be applied to secure collaboration of sensitive data.

Digital Transformation’s Impact on Information Security

Foreign actors and cyber criminals are targeting our sensitive information from intellectual property (IP) to nation-state secrets, which can threaten national security and lead to financial and reputational harm. A new threat vector closer to home has also emerged with digital collaboration. Globally, careless or negligent employees and contractors account for 62% of insider security incidents, and malicious insiders 23%.

Security that addresses insider threats and external threats is paramount for government, defence industry, research, intelligence and supply chain collaboration, as well as enterprise collaboration. In an attempt to address this threat, many organisations add layers of security that often slows productivity and increases complexity.

How do we enable systems to enforce the information access and handling rules that we need to ensure trusted users only share information with those that should have access and have control over what users and information recipients can do with that information—proactively and without impacting productivity?

A new security model is needed to enable this. A model that allows information owners to easily set access and sharing conditions (policies) on the content, and dynamically control whether other users can edit their information, share it, or discover it through search.

ABAC Offers a Solution

Attribute-based access control (ABAC) is a security model that allows individuals to define the rules of who accesses information and under what circumstances. Controlling who accesses information and under what conditions enables the right people to access the right information at the right time. ABAC allows government and industry to safely share with confidence that the conditions they set will be respected.

How Does it Work?

The ABAC model analyses the attributes of documents and users. A dictionary of attributes is used to build precise access control policies. Here is a simplified example of ABAC applied to secure document sharing and collaboration.

ABAC:: How Does it Work?

What Is an Attribute?

Attributes are the characteristics or values of a component involved in an access event. With ABAC, security is built around the combination of different attributes including: user attributes, environmental attributes and resource attributes. Here are some examples:

User Attributes

  • Name
  • Nationality
  • Security Clearance
  • Organisation
  • Group

Environmental Attributes

Location

  • Country
  • State
  • Address

Device

  • Name
  • MAC Address
  • Credentials

Network

  • Name
  • Credential
  • Classification

Resource Attributes

  • Documents
  • Videos
  • Raw Data
  • Images
  • Classification
  • Sensitivity level

The ABAC methodology is designed to reduce risks due to unauthorized access, and control security and access on a more fine-grained basis. For example, instead of a user always being able to access sensitive information based on their security clearance, ABAC can place further limits on their access, such as only allowing it during certain times of day or only if they are in a certain country. This can reduce security issues and can also help with auditing processes later.

Solutions for Secure ABAC Driven Collaboration & Sharing

For Microsoft 365 and File Share users who want policy based access and protection

NC Protect is both content and context aware to automatically find, classify and secure unstructured data on-premises, in the cloud and in hybrid environments. It protects against breaches, sensitive data misuse and unauthorized file access enabling enterprises to fully take advantage of the intelligent workplace. NC Protect dynamically adjusts file security based on real-time comparison of user context and file content to make sure that users view, use and share files according to your business’ regulations and policies.

Learn more

For Government and Defense Industry with Classified and Top Secret Information

Kojensi is a highly secure and trusted platform for sharing sensitive and classified files and document collaboration. It employs ABAC policies to ensure only authorized users have access to information under the right conditions and controls what they can do with that information. Organizations no longer need to add layers of security as an afterthought, which slows productivity and complicates processes. With Kojensi, create, co-author and share documents in real-time, all in a secure and intuitive platform that empowers collaboration and is highly secure-by-design.

Learn more

 

Share This