New attribute-based access controls (ABAC) protect sensitive data to power demanding analytics, data science, and AI use cases
Zero trust at the data level provides better security than zero trust at the application level; and attribute-based access control (ABAC) rather than role-based access control (RBAC) provides more efficient and granular access to the data.
Both are key elements of the Koverse Data Platform (KDP), version 4.0 of which is now launched. The latest version introduces nothing that is fundamentally new to the platform, but concentrates on making it more accessible to more users.
”We’ve separated the functionality into different microservices that are all containerized,” said Aaron Cordova, CTO and cofounder at SAIC-owned Koverse; “and we have a new cloud-centric and flexible method of deployment.”
With microservices, customers can be more cost-efficient with their use of hardware locally or via cloud services such as Elastic Cloud. “If customers are in the cloud and want to scale up temporarily, they can do that; if they’re on-prem and want to share their hardware with other applications, they can do that efficiently,” he continued. It integrates well with customers’ existing security controls.
The new version also adds new out-of-the-box tools for ABAC. “It’s now easy for customers to get up and running with ABAC literally in minutes,” he added. “Formerly, there was a lot of configuration necessary, so we’ve really streamlined the process and made it easier for folks to just try it out.”
KDP uses ABAC to provide zero trust access to data, but also provides rapid ingestion, indexing storage and security for all types of data. That data can be structured or unstructured – it can include customer databases, Word documents, PDF, text, data taken from the web, video and audio and structured sensor data coming from the IoT.
While RBAC is largely limited to allowing or denying access to whole documents, ABAC can efficiently provide authorization to individual paragraphs within documents. A document may contain a single paragraph that is highly sensitive. That one paragraph is restricted to user with top security clearance and US nationality. ABAC can limit access to those qualified for that one paragraph, but allow access more generally to the rest of the document.
While KDP can assist classification, this level of labeling is usually done by the document author. Automatic classification by AI or machine learning is something the firm often discusses internally. “But I think that’s still an unsolved problem because every machine learning algorithm that you look at is going to have some amount of error, and I don’t think folks have fully defined the policy around using a fully automated system to do the classification. But it’s something that is interesting, and we’ve had a lot of discussions about how to do it.”
KDP can provide data-level zero trust to a degree trusted by government. Cordova and cofounder Paul Brown (CPO) worked together on ABAC as contractors for the NSA around 2005 – and the work they did powered NSA’s own data security. “it’s no secret that what Paul and I did at the NSA definitely transformed that organization in terms of what they were able to do with their data.”
But KDP has application beyond its ability to provide zero trust to top secret documents for federal agencies – it largely reduces the need for encryption. The result is that commercial organizations can more easily and effectively process sensitive data such as customer records without getting bogged down in key management.
“Our access control can provide sufficient covenants for accreditors to sign off on it,” said Cordova. Fundamentally, data-level zero trust restricts access to only those – whether inside or outside of the company – who are fully (and lawfully) allowed to access it. That is the purpose of encryption in satisfying privacy and data protection regulations; and it is no longer necessary.
“But we still recommend that data at rest is encrypted to prevent physical theft, such as hard drive theft – and we encrypt it in motion as well.”
Jon Matsuo, president and CEO of Koverse, added, “We know the challenges that security-conscious government organizations and highly regulated industries struggle with when using complex and sensitive data. We understand that often the most sensitive data is the most valuable, yet security and privacy create barriers to use. To that end, we created a platform that enables organizations to use data safely, with security top of mind, for critical mission agility.”
Related: Cloud Data Access Firm Immuta Raises $100 Million
Related: White House Publishes Federal Zero Trust Strategy
Related: Elastic to Acquire build.security for Cloud Security Expansion
Related: NIST Proposes Metadata Schema for Evaluating Federated Attributes