Blog

Why a Traditional Attribute Based Access Control Approach Can’t Compete with PBAC

Oren Harel
May 4, 2020

As we move further away from traditional working arrangements and physically move further apart from each other, with the world adopting the practice of social distancing, the Coronavirus (COVID-19) pandemic has pushed businesses to adapt to a new reality. Survival is now based on the preparation and implementation of contingency plans and an evolving perspective of how to stay safe and how to securely keep a remote business running. The spotlight is now on Authorization Management solutions, out on the virtual world’s frontline, to ensure secure access for remote workers.   

Attribute Based Access Control - The Popular Choice

One of the most popular approaches to Authorization and Access Management is Attribute Based Access Control (ABAC). ABAC is a fine-grained access control approach which uses the assigned attributes associated with a user, object or environment, to determine whether access should be granted or denied, within the set policies. ABAC generally uses XACML and Boolean logic. i.e. can only evaluate Permit and Deny.

The ABAC approach is made up of Attributes which define the characteristics of a user, object or environment (e.g. position, type, location), Subjects like a person or resource that can perform actions that are assigned attributes (e.g. user), Objects including network data, devices, applications or services that are assigned attributes, and Policies where a set of rules determine whether or not to grant access.

Read the Blog: Protecting your Most Valuable Assets With PBAC

Attribute Based Access Control is based on the attributes of each user and not solely on the user role, whilst able to take into account context and environmental factors. ABAC adopts a more fine-grained and scalable approach that focuses on these attributes, allowing for even the most complex of rules to be formed. Once created the policies can then be copied for each new user. It is a dynamic system offering real time access and response to system requests.

However, difficulties arise when configuring the Attribute Based Access Control system which can be time consuming. It can be problematic to evaluate and define the attributes of each specific user manually especially as the quantity of attributes continues to increase. A skilled IT team is therefore required for deployment and system maintenance. The complexity of the ABAC system can prevent the measurement of risk exposure and inhibit the performance of a prior audit for permissions.   

Ideally an Access Management Solution should be able to adapt to necessary access changes and new needs within real-time. Easy to use and not requiring a ton of IT knowledge, managers should be able to implement new policies remotely inline with the dynamic working environment especially now. Fortunately, such a solution exists. Introducing Policy Based Access Control (PBAC). 

How PBAC Solves ABAC's Common Issues

PBAC offers a more flexible Access Control solution where roles and attributes are combined allowing permissions to vary with circumstances, such as time of day. The complexity of access control management can be streamlined, making it plain and simple. Access to data can be restricted without the need for IT intervention. As the system is easy to use, process and permissions can also be handled without possessing advanced technical knowledge. For example in the Insurance industry, there are stringent rules regarding who should have access to client data and how that data can be accessed. A claims agent would require access to customer records and previous insurance claims but more restrictions would apply to accessing claims investigation files. PBAC is able to produce that policy in plain language, simple for a manager to do themselves.  

As the COVID-19 outbreak continues to take hold around the world, and more countries are facing the prospect of unknown lengths of quarantine or lockdown, the long-distance working relationship is gaining importance, as more employees than ever are working remotely from their homes. Many are also having to adapt to a routine of flexible hours to fit around their home lives. PBAC can be especially useful in these times by offering the capability to control who sees what information, as well as when, and from where they are able to access data. Policies can be easily updated, even remotely, through dynamic, real time access, and because PBAC is an automated process the risk of human error is alleviated. As times continue to change it is vital that policies are capable of being just as flexible. 

Productivity can be boosted by creating consistent policies, ensuring all policies work together and don’t cause conflict. With PBAC it is easy to manage when and where employees can access data, whether at work, working remotely from home or abroad, and even only during specific hours. An IGA (Identity Governance and Administration) solution is also key to ensuring IAM (Identity and Access Management) processes integrate fully with business processes, helping employees to simultaneously work faster and more efficiently with clarity of access rights.

By combining roles and attributes PBAC offers the most efficient solution anytime and from anywhere. Creating a direct link between the user and the data, PBAC offers a more contextual, fine-grained approach which is scalable for business growth. PlainID condenses the technical know-how into an easy to use, intuitive Access Management interface which doesn’t require previous technical experience for operation. Managers are then able to access the system both on site and virtually through the cloud to create and change policies in natural language with full visibility of a secure authorization control process.

Want to learn more about our PBAC solution?

Click here to schedule a demo with a member of the PlainID team.

Most popular posts