+

ABAC, part and parcel of an effective anti-fraud program

So how should financial institutions act? Well, in its 2015 report “Current Fraud Trends in the financial sector”, PwC identified the key components of an effective anti-fraud program. Not surprising, the focus is on three areas intrinsically linked to the battle against internal fraud, namely: People, Processes and Technology.

So where does Axiomatics come into this? As a company that facilitates secure data access we are not involved with the people financial institutions employ (although we can help with access control-related training). But we do help with processes and technology components that contribute to secure access control. And this is how:

Policies and procedures: Attribute Based Access Control (ABAC) is also commonly referred to as Policy-Based Access Control, due to its ability to strictly enforce business policies. This can be a real help if you are responsible for developing business policies on any level, but particularly those that concern access to sensitive or business critical data. ABAC will give you peace of mind that policies can be enforced no matter how complex they are, or what they are related to, be it product, service, location, or user access permissions.

Effective data: Captured data is only valuable if you can use it effectively, which means being able to share and process it. Equally important is the ability to ensure the data isn’t compromised. ABAC supports this by ensuring data is only accessible to users who require it and that it only can be viewed or edited under the right conditions. On top of this, Axiomatics’ authorization services filter out or mask data that a user or application should not have access to. Your policies are enforced and only those who have the approval to do so can touch data. In this way, data will only be compromised if a user abuses his or her position.

Technology framework: The technology solutions you choose have to sync with your business, and support constant availability of data – as long as only the right user is accessing the right data. ABAC is an industry-standard access control model that has been approved by the National Institute of Standards and Technology (NIST). It can span multiple technology frameworks and can be used across different IT environments, no matter how complex or disparate they are. And thanks to the ease of scalability it can be deployed on a single application or database and rolled out progressively across an organization.

Periodic review: Reviewing who can access what information is an important part of any anti-fraud program. The Axiomatics Review Manager allows you to ask the conditions under which a person, team or department, etc. can view sensitive data and compare it in relation to the business policy. By the same token, you can check the conditions under which and by whom a particular piece of data can be access. Additionally, all questions posed are saved in the system and can be asked again periodically or when policy changes are made.

In Conclusion…

ABAC is the ideal authorization model for securing sensitive data, and thus an essential tool for reducing exposure to insider fraud. But the benefits of it don’t end there. It also reduces security overheads and development costs, as policy changes only have to be made at one central point, before being rolled out across the enterprise – rather than every related application or database. Finally, it enables firms to be compliant in all market served, as fine-grained access controls can be enforced per jurisdiction.

Find out how ABAC can help solve the burning security issues in the financial services sector.

Related Articles

You could build your own Authorization solution…but should you?
Dynamic Authorization
Having spoken with many customers about the challenges around authorization, one of the themes that has come up time and time again is whether an...
The one about ISO certifications | Dynamically Speaking
Dynamically Speaking
Recently, Axiomatics announced we’d achieved ISO 9001 and ISO 27001 certifications. But…what does that really mean? In this episode of Dynamically Speaking, Axiomatics COO Alexander...
What happened to Robinhood?
Business
Recently, Robinhood shared they experienced a data security incident whereby someone gained access to the personal information of some customers. The attack stemmed from a...