Fine-Grained Data Protection - An Example
Enterprise IT environments consist of a mixture of sensitive and non-sensitive information. For example, a customer database may be considered sensitive because it contains personally identifiable information (PII). While the fields for Name, Address, and Telephone Number are publicly available elsewhere and are not considered sensitive, the fields for Tax ID, Date of Birth, and Credit Card Number are confidential and must be protected.
The security problem that can arise in such an instance is due to the absence of granular, fine-grained access control. In this case, the Marketing department might be running a promotion and needs a list of customer names and addresses for a mailing. All too frequently, the typical response may be to provide blanket access to the entire customer database, including the confidential fields. It is this type of routine security breakdown that leads to subsequent problems such as identity theft and fraud.
The primary functions of SBX Enigma™ enable fine-grained protection of sensitive information, and in the example of a customer database might be employed in two separate ways to provide the granular levels of data security required.
Resource Function – As described in the previous section, the SBX IT directory can be used to provide fine-grained information about which users have access to specific information assets. In this example, SBX might stipulate access permissions to the customer database and, additionally, access permissions to specific fields within the database.
In responding to Marketing’s requirement, therefore, information from SBX might indicate to an application that users from Marketing have access privileges to the customer database, but only to the Name and Address fields. In this way, the routine requirements of Marketing are met without compromising customer confidentiality.
Secure Storage Function – As stated above, in instances where high-value information may be at risk of compromise, SBX Enigma™ can provide a unique level of fine-grained protection through the secure storage of data within SBX’s internal datastore.
Returning to the customer database example, assume that data in the Credit Card field is considered high-value and requires exceptional protection. Additionally, assume that a prominent celebrity is a customer and all information associated with his record requires exceptional protection.
To meet these two separate requirements for exceptional protection, two optional approaches are discussed below that employ the secure storage function of SBX in separate ways. In both instances, SBX Enigma™ enables fine-grained access control down to the level of individual data elements.
Illustration #1 - Access to Credit Card Data
The Credit Card numbers could be removed from the customer database and placed in the SBX datastore as separate data elements, each with its own discrete access control. In this instance, therefore, the sensitive data no longer resides in the customer database and is no longer exposed to unauthorised access.
A user seeking to access a Credit Card number(s) must have access privileges to, first, the customer database and, second, the Credit Card field. Third, if field access is authorised, the user must additionally have access privileges to each of the individual Credit Card numbers being sought. Only when these authorities are in place is the user granted access to the actual Credit Card number(s).
Illustration #2 - Access to Prominent Celebrity’s Record
All data in the prominent celebrity’s record could be encrypted, with the decryption key subsequently being stored in the SBX environment as a data element with its own discrete access control. The encrypted data, which continues to reside in the customer database, is potentially exposed to unauthorized access but remains protected by encryption.
A user seeking to access the celebrity’s data must have access privileges to, first, the customer database and, second, each specific field (Name, Address, etc.). Third, if field access is authorised, the user must, separately, have access privileges to the decryption key. Only when these authorities are in place is the user granted access to the decryption key and, subsequently, the prominent celebrity’s decrypted record.
