Authorization for Data
The amount of data that large enterprises accumulate is growing exponentially. With that, the need to consume and share this data has grown too - and along with it, the challenge of making sure sensitive data is not accessible by unauthorized users.. Axiomatics data-centric security solutions applies dynamic authorization directly to the data itself - beyond just protecting the container or perimeter.
Policy-based authorization applied on data stores derives user permissions are derived from real-time evaluation of policies, and can filter, mask or redact based on these same policies. This data-centric approach provides the visibility and control required in today's complex environments. Here's a simplified example of the flow of a data request using the Axiomatics Data Access Filter for Multiple Databases.
ADAF MD - Authorization for Multiple Databases
The Axiomatics Data Access Filter for Multiple Databases (ADAF MD) uses a generic proxy to protect multiple database types, such as Oracle, IBM DB2, Microsoft SQL Server, or Teradata from a central point. The proxy component intercept requests to all of these databases and queries the core ADAF MD engine for authorization of intercepted SQL statements. The combination of Dynamic Data Masking and Data Access Filtering brings database security to a new level.
More people need access to more data than ever before. By providing protection at the very source, within the data layer itself, the Axiomatics Data Access Filter (ADAF) cost-efficiently and fast fixes leaking information pipes to ensure that each and every user has access to all the details they are authorized to see - but nothing else.
Data filtering versus data masking
The Axiomatics Data Access Filter (ADAF) introduces data access filtering as a new security mechanism for data access. Data Access Filtering is used to ensure no data ever leaves the data source unless the user has been authorized to access the information according to corporate policies. Data masking techniques "hide" the protected information. These two related techniques can sometimes be complementary so one should be aware of the different types of use cases for which the are intended. The Axiomatics Data Access Filter product offers both data access filtering and dynamic data masking capabilities.
Axiomatics Data Access Filter (ADAF) for virtual private databases
The Axiomatics Data Access Filter (ADAF) intercepts incoming data retrieval requests on different types of data storage systems. The request is evaluated against corporate policies and, if needed, changed on-the-fly so they comply with mandated policies. If the sales manager for region NW asks to see all entries in the customer database, a policy could for instance lead to an added condition, "WHERE Region=NW", so the resulting data set automatically filters out records for which the sales manager has no authorization.