A self-service data access model is key to enabling a business to take advantage of the value that information provides to the enterprise, but it needs to be implemented in a fashion that ensures fundamental security controls and methodologies. In this analysis, we will explore how to implement self-service data access in ways that balance the benefits of decentralization with the need for centralized governance and security measures.
Self-Service Data Access and Security
Organizations are increasingly striving to implement self-service data access models to facilitate smoother processes, improve business outcomes, and create less friction within the organization.
Traditional data access processes encompass workflows involving an access request, approval workflow, and ultimately a decision to provide data access or not.
To alleviate this burdensome and manual approval process, organizations often utilize role-based access control (RBAC), which involves assigning roles to groups of individuals based on their responsibilities. This allows staff members to access the data they need, when they need it.
Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist.
However, these legacy approaches to access control fail to take into account situations such as account compromise and don’t facilitate contextual-based access control using signals such as device posture, geolocation, user behavior, and more, all of which are seeing growth in the industry-wide push for zero trust.
The traditional methods often rely solely on individuals for managing access control, which can create obstacles and slow down the process of access and flow.
Organizations pushing for self-service data access often are also conducting cloud migration in order to take advantage of benefits including elasticity, automation, and data analytics, as well as the streamlining of access to data and analysis. The cloud offers innovative machine-learning-driven capabilities that can facilitate activities such as data loss prevention (DLP); it can also automate activities involved in the identification and protection of sensitive data within the organization.
Cloud-Enabled Data Access and Governance
It’s one thing to make data available to your users as needed, but it is another to do so securely, which is what self-service data models enable. The good news is that innovative cloud platforms, such as Microsoft Azure, offer conditional access control capabilities, which leverage a rich variety of signals to aid access control decisions, all facilitated by automation to minimize the burden and friction on the business.
As you can see in the image above, these capabilities leverage additional context such as what data or application a user is trying to access, along with information such as the user and location, device posture, and real-time risk associated with the user’s behavior within the cloud environment. All of this can facilitate self-service automated access control decisions for data but do so in a manner that also mitigates risk to the organization.
Where Zero Trust Comes In
These sort of dynamic access control capabilities and practices align with guidance for zero trust from organizations such as the National Security Agency (NSA). In its recent publication, Advancing Zero Trust Throughout the User Pillar, the NSA discusses how to develop and implement mature zero-trust practices associated with users and identity while still allowing access as needed.
As you can see, the zero-trust user access control advanced tier involves dynamic, risk-based attributes similar to what we discussed above, powered by platforms such as Azure.
Remember that achieving a mature self-service data access model is a journey that takes time and iteration. That said, by leveraging emerging technologies and leading cloud platforms, organizations can achieve the desired data outcomes while mitigating risk.
Want more cybersecurity insights? Visit the Cybersecurity channel: