Evolving beyond RBAC: Why ABAC is the future

2021-10-01 04:00

Axiomatics has identified four limitations to an RBAC-centric security approach and suggests enterprises evolve their RBAC model to an attribute-based access control model.

Four RBAC limitations Role explosion: RBAC is limited to defining access permissions by role as each user often requires entirely unique access rights, one user may be assigned several roles, creating a 'one size fits all' solution that can result in too much access.

Administrators must constantly be aware of changes to both users and roles to ensure role assignment combinations are current, accurate and do not conflict with other roles a user is assigned.

ABAC is the future of access control Roles are still - and always will be - an integral part of a successful access control strategy, but to address critical enterprise needs these roles must be extended using attributes and policies derived through ABAC. ABAC adds context, ensuring authorization decisions can be made not only on a user's role, but also by considering who or what that user is related to, what that user needs access to, where that user needs access from, when that user needs access, and how that user is accessing the requested information.

"Dr. Srijith Nair, Chief Strategy Officer, Axiomatics:"Whether it's zero trust or another approach, more enterprises understand that a modern workforce requires a modern approach to security, which means evolving beyond RBAC. Modern data sharing and collaboration scenarios must provide access to the right user, at the right time, in the right location, and by meeting regulatory compliance.

"By evolving RBAC with ABAC, administrators provide well-rounded access control that builds on RBAC while harnessing ABAC's context to address today's requirements and future needs."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/kqBm5lxk6d4/