In the past, protection of sensitive data has revolved around a patchwork of complementary methods and technologies. Transparency is compromised as complexity increases and the overall solution still suffers from severe blind spots. In a database stored procedures and triggers may be used to compensate for gaps created by the role based access control (RBAC) model of the application. Data masking may be used to filter out sensitive information after it has been retrieved from the database, (although the user didn’t have sufficient permissions to view this in the first place). In the application, developers may need to introduce intricate application logic to balance the effects of a coarse-grained role model. In the end, the mutual dependencies between compensatory measures become yet another challenge. No one really knows how a change in one place impacts another.
Attribute Based Access Control (ABAC) offers immense benefits in these situations. Instead of constantly mending gaps between point solutions, you focus on centrally maintained corporate policies. Consistent enforcement of these policies is ensured at many different access points and levels in your infrastructure. Sensitive data remains in the database unless the user explicitly has been authorized to retrieve it. Rather than being distracted by the overwhelming technical complexity of combinatory protection efforts, security architects and managers can focus on the corresponding business rules.
The Axiomatics Data Access Filter (ADAF), presented in this session, inserts policy-driven database security between the application and the database layer. Business rules expressed in the XACML policy language are used to control who gains access to what data, where, when and how cell-level. With this model, XACML can be used to revolutionize database security.
Following the webinar you will have an understanding of:
- The benefits of dynamic authorization
- The need for greater protection of databases
- How the Axiomatics Data Access Filter can effectively stop security breaches of your database systems
- How customers are utilizing this solution today