Is the access control model you choose really that important? It turns out, the answer is an emphatic yes.
Data access control models, which refer to the system of controls put on data and technology assets to determine who has permission to access them, continue to evolve alongside modern data use.
Models like discretionary and mandatory access control are restrictive and monolithic, which worked when there were fewer data users, sources, and data compliance regulations, but hinder fast-paced, decentralized data use. A role-based approach provides more flexibility, but is inherently relatively static and difficult to manage at scale.
Today’s most adaptable, scalable access control model is attribute-based – but confusion remains about what ABAC is.
In this white paper, we’ll explore:
- The evolution of access control models over time
- The successes and struggles of RBAC (role-based access control)
- The future-proof qualities of attribute-based access control
- A head-to-head comparison of RBAC vs. ABAC