Requirements for securing data often pass down from C-level executives through multiple layers: from security architects out to the teams and systems administrators responsible for implementing security requirements. At each step, different tools are used to achieve the objectives, making it difficult to trace the security configuration back to the original requirements. This results in poor security practices, an increased risk of security gaps, and systems that are difficult to keep up-to-date.

Bridging the gap Between the C-Level and System Administrators

Requirements for securing data often pass down from C-level executives through multiple layers: from security architects out to the teams and systems administrators responsible for implementing security requirements. At each step, different tools are used to achieve the objectives, making it difficult to trace the security configuration back to the original requirements. This results in poor security practices, an increased risk of security gaps, and systems that are difficult to keep up-to-date.

In this session we’ll present an approach that can work across multiple databases (and even across other layers). This approach is policy-based, context-aware, and standardized. In this session on using an Attribute-based Access Control approach for data access and securing the contents of databases we’ll discuss:
  • Combining Attribute-based Access Control and policy-driven security for increased security, scalability and ease of maintenance
  • Using policies and attributes to leverage contextual information or device information to control access to sensitive data
  • How a standardized approach drives a future-proof technique