Solving the Manufacturing Data Protection Triangle

Axiomatics   ·   Monday, June 27th, 2016

How ABAC Can Help Protect IP and Speed Time-To-Market.

Manufacturers face unique challenges when it comes to data protection. With digital transformation upon them, many manufacturers are literally awash with terabytes of data that needs storing, mining – and equally important – safeguarding.

Attribute Based Access Control presents an opportunity to help these enterprises manage how access to this data is authorized – and introduces control, visibility and compliance management as tangible benefits. Read about the “Data Protection Triangle” and how ABAC can help reduce the mystery of how to solve it.

The New Data Collection Security Challenge

According to the 2015 Verizon Data Breach Report[1], manufacturing is the third most-breached industry, after the public and financial services sectors respectively. Sixty percent of manufacturing breaches in 2015 were the results of cyber espionage. However, this figure is diminishing, as manufacturers become the owners of new data.

The data streamed from machinery, parts and consumer goods, to corporate data lakes and warehouses, is not only valuable to manufacturers but also to existing and potential partners as well as nefarious third parties. This has led to a change in the type of breaches affecting manufacturers. According to the 2016 Verizon Data Breach Report[1] privilege misuse and web application security have increased more than five-fold from 4% to 24%, and 4% to 21% respectively in the last year.

The new data security challenge can put great strains on manufacturers, specifically on the way access to this information is managed. The data is only worthwhile if it can be used, but it also needs protecting. Encryption therefore is not the answer, as it puts unnecessary constraints on sharing data. The best way to resolve, and share sensitive data securely, is by applying dynamic authorization at data layers. This only allows a user or application to access relevant data under the right conditions. It filters out (or masks if preferable) all other sensitive information. which always remains secure in the database or data warehouse.

Share Intelligence and Protect IP

Intellectual Property is a manufacturer’s most valuable asset.  It‘s also highly sought after. According to the 2013 IP Commission Report[2] on the Theft of American Intellectual Property, “Annual losses are likely to be comparable to the current annual level of U.S. exports to Asia – over $300 billion.” In fact in 2012, the then Commander of the United States Cyber Command and Director of the National Security Agency, General Keith Alexander, referred to the ongoing theft of IP as, “The greatest transfer of wealth in history[3].”

Getting the balance right between sharing and protecting IP at each milestone in product lifecycle management is critical for global manufacturers. If employees, suppliers, producers, wholesalers, and distributors can only access relevant data as and when authorized, IP theft becomes much harder. And if this authorization is policy- and context-based, it can get as fine-grained as needed, taking into account what information each party needs, when they need it and why they need it.

Attribute Based Access Control (ABAC) looks at multiple factors, and compares them to a corporate policy before granting or denying a user or application access to data.

Enforce Controls and Regulations

The Export Control Reform Initiative was set-up to overhaul the US’s national export control system, which was deemed overly complicated with too many redundancies[4]. In this three-phase program, continuous changes and amendments are being made to export control regulations to bring and keep them up-to-date with the changing global economic and technological landscape.

Global manufacturers that enforce hundreds if not thousands of controls, also require a flexible system that can implement relevant amendments to regulations once they are passed.

A typical example might be when internal controls stipulate that European citizens based in the US cannot view category Red data when working on a project in Asia. But let’s say this is amended to include Blue data, and is effective immediately. A fine-grained authorization solution could enforce such an amendment to ensure regulatory compliance by changing relevant access rights, if a change is made in the policy. The policy is simply adjusted once, but implemented across all databases, applications and APIs that are part of the dynamic authorization service.

User permissions can then be reviewed and audited on a regular basis to prove that compliance is met.

[1] www.verizonenterprise.com/verizon-insights-lab
[2] www.ipcommission.org
[3] www.foreignpolicy.com
[4] www.export.gov/ecr/