There are two main ways of controlling the authentication of who has access to what within an organisaion: Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC).
Here we look at ABAC in a bit more detail and how Torsion automatically applies the core features of ABAC to data access governance.
Whereas RBAC provides access to resources or information based on user roles or job titles, ABAC provides access rights based on the user or environment or what resources they actually need. ABAC essentially adds more layers of authentication, more of a granular approach to access rights.
The following might all be characteristics taken into account if using ABAC:
- User attributes e.g. user’s name, role, organisation (could be external), security clearance.
- Environmental attributes e.g. time of access, location of the data, current security levels.
- Resource attributes e.g date (temporary access), data owner, file name, and sensitivity.
Torsion applies ABAC to its machine learning technology to automatically assign access based on why people need access, rather than name based permission access. This reduces risks by limiting unauthorised access. For example, instead of people in finance roles all having access to the same files, sites and folders, ABAC and Torsion add extra layers of security, such as only allowing access to files with specific sensitivity levels or only for a specific period of time (Torsion than automatically revokes access when it is no longer applicable).
One downside sometimes associated with ABAC is that because of it being more complex in nature, it can often require more resources and budget to implement. However, because Torsion already features an ABAC style of assigning access rights and applies it automatically on business users behalves, organisations get all the benefits of ABAC with zero set up or IT resources.