As the Coronavirus (COVID-19) forces us to rethink our traditional office based working arrangements and move drastically towards an almost only remote workforce, our access needs are changing too. Many enterprises still rely on traditional Role Based Access Control (RBAC) to manage Authorizations. While we’ve covered some of the main challenges posed by RBAC in the past, working remotely only exacerbates some of these issues.
For example, the limitation of permissions that can only be assigned to user roles and not to objects, operations, or specific data is extremely problematic when considering sensitive data that should not be accessed from home. All parameters for a rule set up must be known before a user starts working and it is not possible to restrict access to select data only to specific actions. Further, RBAC requires manual input and maintenance management thus introducing human error and unsustainable scalability into an equation already fraught with role explosion and complexity. IF RBAC was merely “problematic” in the past, it’s totally untenable now.
Understandably, the first option IAM and Authorization managers turn to is the more fine grained Attribute Based Access Control (ABAC) model.
ABAC offers the ability to grant access based on the attributes of each system component, and not just by user or role. Attributes can then be modified as needed for each user, offering a more fine-grained authorization model than RBAC and allowing for more complex rules to be introduced. It’s also easier to create more Authorizations in less time, because they can be replicated for each new user. ABAC also allows you to assign multiple roles per user, ultimately giving IAM managers more control than they ever had with RBAC.
However, ABAC is also not without its limitations. The attributes described above are not written in plain language, but generally using XACML (eXtensible Access Control Markup Language) which requires a skilled IT Team for both policy creation and maintenance. Business leaders are unable to make policies in real time when needed without having the technological capability and know-how for configuration. Working from home, without direct access to IT teams highlights the need to be able to make changes yourself.
What is next after ABAC? Policy Based Access Control (PBAC) offers unified policies that combine both Role Based and Attribute Based Access Control with the capability to create fine-grained authorization policies. In contrast to ABAC, authorization in PBAC does not require standards like XACML and can be written in plain language. It is therefore considered to be the evolution of other access control methods.
PBAC is scalable and accessible both to a company’s computing infrastructure and in the cloud where policies can be built on and approved so the business is given complete control over their administration authorization, decision making and enforcement of permissions to access resources. This creates a dynamic system with a direct link between the user and the requested data.
In these uncertain times, where working from home has become not only a necessity but also the new reality for the majority of companies worldwide, and as we fight the COVID-19 pandemic by staying home, PBAC is especially useful right now in offering flexible and real time access. For companies with RBACor ABAC solutions, management needs to ask IT to code all the permissions, consuming precious time that could be invested elsewhere.
With PBAC, business owners can define their own permissions without coding and require no previous technical background.Using PlainID’s Policy Based Access Control, access management is simple, and can be done by anyone. In addition, PBAC policies may be updated easily, to reflect the new remote working conditions.
Want to learn more about our PBAC solution?
Click here to schedule a demo with a member of the PlainID team.