Need-To-Know Protection for the Enterprise
The central objective of information access security is to provide users with access to data they need to know, while preventing access to data they don’t need to know. Given that Enterprise data structures consist of thousands of components (servers, files, databases, documents, and data elements), attaining this objective is a complex, costly, and management-intensive undertaking.
SBX Enigma™ provides the necessary tools and functionality to enable an Enterprise to achieve fine-grained, Need-To-Know control over access to its sensitive information assets.
Centralised vs Fragmented Management & Control
Access control mechanisms and audit capabilities are standard requirements in essentially all IT security frameworks and are commonly available as features in many IT system components such as databases. The fundamental shortcoming of such component technologies, however, is that they operate independently. When anything changes, e.g., a user’s access privileges, each component must be adjusted individually.
Similar to adjusting each and every clock in your home when the time changes, each and every IT component managing access to information must be adjusted when a single user’s access privileges are changed. In complex Enterprise IT environments where constant change is the rule, a fragmented, component-by-component approach to access control and audit can have seriously negative impacts on security, accountability, and costs.
SBX Enigma™ provides a consolidated resource that simplifies access management across complex Enterprise environments by enabling centralised administration. As a result, accuracy, control, assurance, and timliness are enhanced while on-going administrative costs are reduced. An example...
Fine-Grained Data Protection
An important challenge to effective access control arises from the fact that Enterprise data structures frequently co-mingle sensitive and non-sensitive information. Because of this co-mingling, achieving the objective of Need-To-Know protection involves a much greater level of “fine-grained” access control: i.e., control over access must be extended to specific data elements inside the data structure itself.
For example, a typical Enterprise database is secured with controls that limit access to a specified group of users. Based on these conrols, particular users will or will not have access to the database depending on their membership in the authorized user group.
The challenge arises when the Enterprise seeks to further limit access to sensitive components within the database to those users with a need-to-know. This may involve limiting access to specific categories of data (components such as tables or fields), specific records (actual data elements), or some combination of both. To achieve this objective, fine-grained access control such as that provided through the primary functionality of SBX Enigma™ is required. An example...