How Big Data is Driving Evolution in Identity and Access Management
What is Big Data and Why You Should Care
In a previous post, I discussed some of the security challenges awaiting companies looking to leverage the explosion of Big Data. The term itself – “Big Data” – is sort of vague. What do we mean when we say Big Data? Is it the size of the data files? The number of files?
For those readers new to the conversation, I should clarify that Big Data describes not only large sets of data that are available to be analyzed in order to make business decisions, but also the ongoing harvesting of client data that many enterprises are engaging in daily. In addition, Big Data systems also offer an alternative to the relational database products that have been dominant in the marketplace for decades.
As more organizations leverage digital tools to drive business operations and engage with clients, businesses find themselves responsible for an increasing amount of sensitive customer information. This information could be anything from a credit card number to a patient’s health records to sensor data from manufacturing equipment to data generated by a wide range of wearable or embedded devices.
While companies and customers alike are enjoying the fruits of automation, targeted interactions, and improved experiences, it’s easy to forget that data doesn’t just exist for any purpose. It’s important that companies begin implementing operative models like Identity and Access Management (IAM) that account for the complexity and volume of Big Data without sacrificing functionality. IAM technologies have the capability to navigate the complex relationships between generating business value while addressing concerns such as intellectual property protection, individual privacy and regulatory requirements.
Attribute Based Access Control (ABAC) and IAM
One model many organizations are assessing is Attribute Based Access Control (ABAC). This approach allows companies to restrict (or open up) access to systems and data based on certain attributes that align with a company’s security policy. ABAC allows for a particularly scalable approach to IAM when dealing with large populations of users as well as massive amounts of data..
The most well-known area of traditional IAM is basic authentication, whereby a user validates who they are to gain access to a system. ABAC is the next step in flow – dynamic authorization for access to specific applications, databases, and for this discussion, Big Data. ABAC considers a multitude of factors such as IP address, user location, file types within that system, and so on before determining access to data. These are just examples; the beauty of ABAC is its comprehensiveness.
However, ABAC is only one tool in the IAM arsenal. Industry analysts are now suggesting that companies consider moving to a model like ABAC to protect their most critical assets. Below are a few of the benefits I’ve seen result from ABAC implementations.
Four Benefits of Using ABAC for Big Data
1. Cost Effective Way to Meet Compliance Standards
Instead of applying compliance restrictions at the application level, businesses can use ABAC to set a foundation for securing big data content in a centrally managed program. Once you’ve established an ABAC model, ongoing compliance initiatives due to changes in industry regulations, company re-organization or employee turnover can be met without having to heavily draw on IT resources – you can write the policy once and implement across the big data environment.
2. Easier to Demonstrate Security Controls to Regulators
In the same way that a centralized ABAC model allows companies to stay on top of compliance requirements, it also provides an easy access point for auditors and other regulatory officials. Instead of walking auditors through every application, you can walk them through your ABAC solution; thus creating a more cohesive experience for a typically complex process. Ad hoc or routine reports on who has access to what can be easily generated, to satisfy these internal or external access certification processes.
3. Allows Companies to Explore New Business Models
Innovation is not without its risks, but organizations want to manage risk more efficiently using agile and devops approaches. New applications, products and services can be implemented quickly – and shut down quickly if they are not successful. Because of ABAC’s inherent flexibility, trying out a new way of doing business becomes more turn-key and exposes less data to potential risks. Plus, because you aren’t managing access by implementing authorization code at the individual application level, it’s easier to scale or reduce teams to meet the needs of your new strategy or model.
4. Coordinate Access Controls Across Your Application and Data Landscape
ABAC is a model that is applicable to protecting resources up and down the typical application stack. Historically, ABAC is used to dynamically grant access to web resources, APIs, microservices, enterprise service bus and other middleware components. More recently ABAC has been adapted to protect content in relational databases and big data systems. With this kind of range and reach, you can see how centrally managed policies can be coordinated across the environment, ensuring a consistency of control and service that was previously unattainable.