In this chapter we’ll provide information about Data Access Control, and cover the following topics::
Introduction to data access control:
- What is Data Access Control?
- What is the Main Purpose of Access Control?
- How Does Access Control Protect Data?
- The Three Types of Access Control
Access Authorization:
- What is authorized access?
- What does unauthorized access mean?
- What are some examples of unauthorized access?
- How can you protect data from unauthorized access?
Enterprise Data Access Control:
Introduction
What is Data Access Control?
Data Access Control allows organizations to authorize users, employees and third parties to access company data in a manner that meets security, privacy and compliance requirements. These requirements are set by security best practices and official regulations, such as GDPR, HIPAA and NIST. These regulations often require organizations to audit and place controls over the entities that can access sensitive information.
What is the Main Purpose of Access Control?
The main purpose of access control is to ensure that access to resources within an organization complies with the company’s policies and official regulations. While access policies are driven by many considerations, they largely fall under the category of security, privacy and compliance. Restricting access to PIIs on a need-to-know basis is a common example of leveraging access control to protect sensitive data.
How Does Access Control Protect Data?
Access control protects data by ensuring that only authorized entities can retrieve data from an organization’s data repositories. When effectively implemented, access controls prevent unauthorized and compromised users from accessing sensitive data.
The Three Types of Access Control
There are three types of access control:
Role-based access control
Role-based access control is centered around the role of the entity. For example, a user assuming an administrator role will be granted access to user management functions but not to data. The main advantage of role-based access control is that it allows business owners and team leaders to control access in the context of their organizations’ respective role structures. The main disadvantage of role-based access control is that the definition of roles might not be sufficiently granular and might change frequently.
Data-centric access control
Content-centric access control is centered around the type of data being accessed. For example, sensitive data should not be retrieved by any entity unless they are using a specific application. The main advantage of data-centric access control is that such controls provide a simple way to achieve requirements around data access across users and systems. The disadvantage of data-centric access control is that it requires organizations to map and classify all of their data as a prerequisite for implementing such controls.
Context-centric access control
Context-centric access control is centered around the nature of access. For example, prohibiting access to large quantities of sensitive data outside of business hours. The main advantage of context-centric access control is that it prevents known threats in a simple and effective manner. The disadvantage of context centric access control is that it requires mapping all possible threats and might leave gaps in access control policies.
Satori combines role, data and context-based access controls to leverage the advantages of each approach while eliminating their respective disadvantages, providing the most comprehensive means to control organizational access to data on the market. Read more about Satori’s approach to data access control here.
Access Authorization
What is authorized access?
Authorized access means that an entity has permission to access a resource. An entity can be a user, employee, software component or any other person or system that can be identified and assigned access permissions.
What does unauthorized access mean?
Unauthorized access refers to entities who are not permitted to access a resource.
What are some examples of unauthorized access?
There are many ways for someone to gain access to resources without proper authorization. In the context of data and databases, here are a few examples:
- A developer that needs to copy data from a table that she is unauthorized to access uses credentials from an application she is working on to retrieve the data.
- A data analyst that is unauthorized to access customer data generates a report by extracting data from the orders table while unaware that this table contains customer data and that proper access controls have not been set.
- An external security researcher connects to an organization’s cloud data lake that was misconfigured to allow direct access from external networks and extracts sensitive data.
- A piece of malicious malware leverages a security vulnerability in the organization’s database and bypasses the authentication and authorization modules to extract data from the database.
How can you protect data from unauthorized access?
There are a few key principals involved in protecting data from authorized access:
- Strong authentication is required for any access to data. This means that every data transaction can be associated with the entity that is executing that transaction.
- Access authorization for each entity to each data type can be determined. This means that given an authenticated entity and data type being accessed, it can be determined whether this entity is permitted to access the data.
- Patching and configuration management are essential to ensure that authentication and authorization processes are enforced and cannot be bypassed.
While maintaining strong authentication is often straightforward in most major data platforms, understanding the type of data stored, maintaining permissions and keeping systems patched and properly configured remain open issues.
Enterprise Data Access Control
What are access control methods?
Access control methods are means by which access to data is either allowed or prevented. The methods themselves vary based on the technology used to store and access data, as well as the company’s internal processes. Three common examples of data access control models can be found in this chapter of our guide.
The challenges of data access controls
While every organization is different and follows its own respective data access philosophy, a universal set of challenges tends to plague the majority—stalling their data-driven innovation in the process.
Lets review three core teams that are typically involved in data access control:
- Data teams, who want to innovate faster with data and create more value for their organization. This means ingesting, storing and analyzing more data by more people.
- Security teams, who want to ensure that access to data is not abused. This means ensuring that the company only stores the data it absolutely needs and restricts its access on a strict need-to-know basis.
- Privacy teams, who want to ensure that the company adheres to privacy laws and has processes and technologies in place to ensure the maintenance of data subject rights. This means that data subject information collection, storage and processing needs to be strictly controlled.
These three perspectives around data demand different capabilities from the company’s data architecture that often contradict each other. The main challenge in access control is creating and maintaining the balance between enabling access to data in a manner that encourages innovation and drives growth while keeping it safe and remaining compliant.
Monitoring Data Access
Monitoring data access typically requires a combination of native database tools and third party software. It also requires a number of different approaches:
- Monitoring identities: this requires the monitor to establish the identity of the entity accessing data, such as a user, application or partner.
- Monitoring data types: this requires the monitor to establish the type of data being accessed. This requires delving beyond the traditional database, schema and table and identifying the specific type of data. For example a social security number or email address.
- Monitoring behaviour: this requires the monitor to establish how data is being accessed beyond identity and type of data. For example, the specific tool, endpoint and network as well as comparing access to historical patterns.
Most tools provide monitoring to one or two aspects of data access, but not to all three. This means that a combination of multiple tools is required for complete access. Learn how Satori provides complete data access monitoring here.