How many data breaches\nneed to occur before companies take real preventative action? While hotel\nchains, retail stores, and Facebook are likely to grab headlines, companies of\nall sizes, across all industries, face the same threats. If you work with\nintellectual property, handle sensitive materials, or are subject to regulatory\ncompliance, you need to safeguard your digital assets.<\/p>\n\n\n\n
Pernicious attacks\ndon\u2019t always come from the outside. According to JAMA Internal Medicine<\/a>, 53 percent of the 1,138 instances of a data\nbreach at medical facilities they analyzed originated from inside the\norganization. Overall, 15.1 million patient records were compromised in 2018, a\nnear three-fold uptick from 2017.<\/p>\n\n\n\n Unprepared companies\nfind themselves on newsfeeds for both negligence in combatting a breach and the\nresulting punishment levied by regulating bodies. Despite this, most companies\ntrying to manage their data are using increasingly unreliable methods such as:<\/p>\n\n\n\n Chasing\ndynamic data with static security models will not support a fast-moving\ncompany. As more data becomes available for sharing across a variety of\nnetworks, these security measures are proving ineffective at stopping data\nbreaches. Using a network, an ACL, or RBAC simply can\u2019t stop malicious attacks\nor internal threats. <\/p>\n\n\n\n The\nparadigm is shifting to Attribute-Based Access Control (ABAC) to redefine data\nprotection. ABAC has been developed to address the most stringent security\nrequirements of the most important government entities on the planet. ABAC is\nthe platform of choice for the US DoD, the UK MoD, and has quickly become a\nNIST standard.<\/p>\n\n\n\n At its basic level,\nABAC uses an \u2018IF\/THEN\/AND\u2019 model to protect the data itself. This model is then\napplied to data via policy, checking attributes and applying the appropriate\npermissions (aka \u201cdigital rights\u201d).<\/p>\n\n\n\n Imagine a US State Department official carrying a laptop into a\nforeign country notorious for its ability to hack and steal data from the open\nweb. This official heads into a Starbucks, opens his or her laptop, and\nconnects to the public WiFi. It\u2019s hard to argue that this may be one of the\neasiest ways for data to be compromised, but if this official\u2019s data is\nencrypted via ABAC, data safety is assured regardless of how open the network\nmay be. Regardless of the location, encrypted data is protected by an ABAC\nschema that guarantees appropriate access or denial of access.<\/p>\n\n\n\n ABAC puts the\nencryption and safety measures inside the data itself, ensuring that even if\nhacked or flat-out stolen (e.g. a thumb drive stuck into the side of a laptop),\nthe encryption prevents the data from being compromised and utilized outside of\nits intended use.<\/p>\n\n\n\n Attributes are the\nfoundation of ABAC. Factors such as program, citizenship, location, clearance\nlevel, even time of day, can be used to protect the data. If the user violates\nany parameter, the ability to access is lost.<\/p>\n\n\n\n Continuing from the\nabove example about an official opening his or her files in a Starbucks in\nSlovakia, the policy may allow this user to access the data based on multi-factor\nauthentication, United States location, and clearance level. The fact that the\nofficial is trying to access the data in another country violates the policy,\nwhich then denies access to the data and reports the attempted use to the\npolicy management system. All elements of the policy must be met. This official\ncould copy\/paste the information into a separate application or right into\ntheir personal email address, but the encryption inside the data itself prevents\ntheir ability to access it and protects the information.<\/p>\n\n\n\n Moving information\naround the globe on a second-by-second basis while maintaining control of the\nintellectual property or sensitive data is more important than ever. An ABAC\nsystem can be set up as a centrally located security measure, independent of\npeople, geography, and network perimeter security, and provide a single data\nsafety infrastructure around multiple applications. Users will have persistent rights\nmanagement regardless of the application they use to access ABAC-encrypted\ndata.<\/p>\n\n\n\n When you put the encryption inside the data and metadata itself, companies can seize control of their data and prevent a breach from internal or external threats. The Department of Commerce has made this a mandatory practice and the adoption is spreading throughout several governmental and military agencies. There isn\u2019t an industry that couldn\u2019t benefit from implementing an ABAC solution, especially in a world where data is dynamic, information moves across the world in real-time, and breaches can ruin company reputation and trust. <\/p>\n\n\n\n To learn more about securing your data with digital rights management, please visit our Teamcenter DRM site<\/a>.<\/p>\n\n\n\nA Starbucks in Slovakia<\/h2>\n\n\n\n
Live inside the data itself<\/h2>\n\n\n\n
\n\n\n\n