Protect Sensitive Data(bases): Enforce Compliance at Any Access Point

In the past, protection of sensitive data has revolved around a patchwork of complementary methods and technologies. Transparency is compromised as complexity increases and the overall solution still suffers from severe blind spots. In a database stored procedures and triggers may be used to compensate for gaps created by the role based access control (RBAC) model of the application. Data masking may be used to filter out sensitive information after it has been retrieved from the database, (although the user didn’t have sufficient permissions to view this in the first place). In the application, developers may need to introduce intricate application logic to balance the effects of a coarse-grained role model. In the end, the mutual dependencies between compensatory measures become yet another challenge. No one really knows how a change in one place impacts another.

Attribute Based Access Control (ABAC) offers immense benefits in these situations. Instead of constantly mending gaps between point solutions, you focus on centrally maintained corporate policies. Consistent enforcement of these policies is ensured at many different access points and levels in your infrastructure. Sensitive data remains in the database unless the user explicitly has been authorized to retrieve it. Rather than being distracted by the overwhelming technical complexity of combinatory protection efforts, security architects and managers can focus on the corresponding business rules.

The Axiomatics Data Access Filter (ADAF), presented in this session, inserts policy-driven database security between the application and the database layer. Business rules expressed in the XACML policy language are used to control who gains access to what data, where, when and how cell-level. With this model, XACML can be used to revolutionize database security.

Following the webinar you will have an understanding of:

  • The benefits of dynamic authorization
  • The need for greater protection of databases
  • How the Axiomatics Data Access Filter can effectively stop security breaches of your database systems
  • How customers are utilizing this solution today



Other Resources

The Convergence of Cloud, DevOps and Access Control
Security experts from industry-leading NTT DATA and Axiomatics are making a deep dive into migrating access control to the cloud. Follow the demonstration of how to set up a project for containerization using ALFA and Jenkins.
ABAC as code – Applying Modern DevOps to Policy Authoring
A DevOps approach to externalized business policy engineering can ensure modern CI/CD processes help IT adoption of access control policy authoring.
Taking an identity-centric approach to a modern security architecture
Federal agencies invest heavily in protecting data from external threat actors, but the insider threat problem requires a new approach to access control. While protecting data is paramount, that requirement must be balanced with the need to share certain information across a variety of use case scenarios within and across agencies/departments.