Data access right management and data encryption is the yin and yang of data protection. Encrypting data is a means to the end, a way to ensure only the right users can access the right data. The access control list (ACL) works when it involves tens of users and hundreds of data, but scaling up to an environment with hundreds of thousands of users to access billions of data is an entirely new challenge. The current solutions simply trade granularity for scale by giving access to hundreds of thousands of data to hundreds of users all at once in a system like SharePoint and cloud-based solutions like S3 and Box. With this system, it is no surprise that massive data breaches can happen to any organizations, including those that have implemented “the best” encryption and Zero Trust Architect.
Realizing the shortfall of right management, APF developed the disruptive “Intelligent Data Right Management” (IDRM) for UDS-DS to manage the access right for every data individually using AI and access policies. With cloud native design, IDRM can scale up almost indefinitely to dynamically assess access rights to almost unlimited data in real time.
UDS-DS’ design of “Zero Trust” embraces real-time access control on every request for data access using the “least privileged” rule. The persistent protection forces the user to request access privilege to every data every time he needs to access, and IDRM determines if the user is authorized to access the requested data in real time based on man factors including properties of the data and the user. The IDRM weighs those factors using access policy and AI model to validate the request and decide if the access should be granted. This unprecedented blanket per data level access authorization is the core of “Data-Centric Security Model” and will stop future data breach.
Impersonation attack using stolen credentials is the most common tactic by cyber criminals. The attack is effective to inflict massive data breaches because the current systems give up access to millions of data with only one authentication process. Since we haven’t been able to stop impersonation attacks, the best alternative is to enforce right management on every data access. This is why we designed UDS-DS and the Intelligent Data Right Management. Powered by AI and enriched data properties, IDRM is capable of detecting and stopping impersonation attack before data breach occurs.
At APF, we don’t believe one should have access to the data just because he has access to the file, so we designed IDRM to be a flat, single-layer access structure. Every user is subject to the same access right regardless of his role in the UDS-DS system. The highest admin roles in the UDS-DS have no extra right to data access, and similarly, admin roles in organization’s IT systems has no impact to IDRM decision process. Impersonation of users with admin roles will not break the IDRM barrier.
UDS-DS is designed to follow the principle of “Trust, but verified”. It tracks all the changes and every data access request. The detailed log will then be used to determine the accountability in any unexpected event. This traceability plays big role to deter the misuse of data access privilege by internal users.
Although IDRM is a very powerful tool to manage data access rights, we have done tremendous work to make it easy to implement by using AI and dividing it into layers, because we know complexity is how mistakes are made. IDRM consists multiple access management facilities to address organizations’ needs. Each facility works to cover unique use cases, and in harmony, they keep UDS-DS to provide seamless protection anywhere at any time, and enables dynamic access right management on every data access in real time by users on any device.
Interested in learning more about how APF can help your organization’s data protection and cyber privacy needs?