SecuPi Data Access for Zero Trust: Imperative for Adaptive Authorization Based on Dynamic Attributes
A key takeaway from recent Federal directives is the imperative for evolving to highly tailorable adaptive authorization for data access, based on verification of user attributes such as credentials, data attributes like sensitivity or location, and situational attributes like threat level.
Also noteworthy is the identified need for continuous re-authorization of access permission based on real-time state of attributes enabling dynamic authorization.
“Currently, many authorization models in the Federal Government focus on role-based access control (RBAC), which relies on static predefined roles that are assigned to users and determine their permissions with an organization. A Zero Trust architecture should incorporate more granularity and dynamically defined permissions, as attribute-based access control (ABAC) is designed to do.” (DoD ZT Ref. Arch)
Learn More Here: https://secupi.com/zero-trust-dod-nsa/
Comprehensive Instrumentation Requirements for Zero Trust Implementation
A premise of the Zero Trust Security concept is to proactively assume that the perimeter will be breached and that insider threats will be present. Consequently, the focus of security needs to shift internally to protecting individually, all the Data, Applications, and Services.
Given the inward shift in zero trust security objectives, the range of software elements that needs to be protected and monitored expands comprehensively to include elements for which there needs to be data access security
- Business Intelligence tools like Tableau or Qlik
- DBA Tools like dBeaver or Toad
- Big data applications Hive, Spark, Impala
- Data catalog and orchestration products, like Collibra or Denodo
- “ETL” middleware such as Kafka/Confluent, Qlik Replicate, or Informatica
- And even proprietary operational applications themselves.
This objective translates into a need for a zero-trust solution to be able to comprehensively instrument the software infrastructure accessing and moving data.
To accomplish this instrumentation, the zero trust solution needs to distribute its controls and monitoring functions throughout the software infrastructure, and interoperate universally the diversity of applications, tools, data repositories, and attribute sources.
Further, since continuous verification is required, the distributed instrumentation architecture must be capable of continuously synchronizing its data access and data protection policies with the centralized policy server, and do so with near zero latency.
Finally, due to the scope the needed instrumentation, the architecture must be inherently scalable across an entire organization including geographically remote offices.
SecuPi is designed to meet all these requirements taken together:
- Comprehensively instrument the data processing infrastructure,
- Provide universal interoperability across numerous technologies
- Achieve continuous verification for attribute values and policy with zero latency