3 reasons why it’s difficult to implement ABAC data access in a cloud-based system

As we have discussed before, Attribute-Based Access Control (ABAC) is an established approach for controlling access rights based on matching a combination of criteria about users such as location, how long a person might need access for, teams the person works alongside, their environment and so on.

However, current ABAC approaches are being held back when it comes to controlling access in dynamic cloud-based unstructured information systems such as MS Teams, Sharepoint, Google Drive and Microsoft 365.

Let’s take a look at the three key issues limiting the applicability of ABAC to a cloud-based information management systems:

Issue 1: False assumption of a vertical organisational structure

Current ABAC systems assume that the structure of the customer organisation is only vertical. For example it might assumes that an employee will only ever have more than one assignment or job role at a time. This assumption ignores the reality that organisations are often very fluid environments. When people change assignments, there are handover periods. Employees often cover for each other, temporarily assuming the roles of others. Changes in assignments realistically happen all of the time and are not well defined.

Issue 2: False assumption of access requirements by technical administrators

Current ABAC systems assume that technical administrators or IT teams have perfect knowledge of ‘who should have access to what’, in every single file and folder and are qualified to make decisions and rules pertaining to each an every piece of organisational information.

The reality is that when it comes to cloud-based information systems, the volume of information for which data access decisions and rules must be made is overwhelmingly large. Also, within a dynamic cloud-based information system, administrators or IT teams cannot be informed about changes to files and folders that are happening at a rate considerably beyond what could be manually overseen.

Issue 3: Cloud-based systems do not support integration at the authorisation layer

Cloud-based information systems do not typically support integration at the authorisation layer, despite their widespread and growing use by organisations. It is at this layer where current ABAC systems typically integrate which means they technically cannot work with many cloud-based systems.

Torsion solves each of these problems with a unique ABAC engine that satisfies the requirements of a cloud-based system. In our next blog we will take a look at how Torsion achieves this. In the meantime email info@torsionis.com for more information or a free trial.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.