By E.K. Koh, VP of Solutions at NextLabs It’s not your perimeter. It’s not your applications. In an age where there is no perimeter, where data moves from application to application, from servers to desktops to tablets and smart phones that the company does not even own, managing security at the perimeter or application is … More 4 Ways IT must Change to Protect your Business
By E.K. Koh, VP of Solutions at NextLabs There has been a lot of talk about how data breach is exponentially increasing. In a recent NIST cyber security framework, there is an entire segment on “Protecting” Data. To be effective against cyber-breach, we all agree that implementing all elements of the NIST framework is … More Protecting Against Data Breach – what offers the best bang for your buck?
By Ashwin Bhaskar, Senior Software Engineer at NextLabs In the first part of the blog Series, we discussed the importance of ABAC (Attributes Based Access Control) as a way to augment traditional RBAC (Role Based Access Controls) for field level security. Let us now analyze how we can go about implementing field level security … More SAP Field Level Security – Augmenting Roles with Attributes
By Ashwin Bhaskar, Senior Software Engineer at NextLabs Today’s ERP systems demand tight security controls at multiple levels of the application design. Most ERP systems, including SAP, are transactional in nature. Our customers have frequently asked us about extending security controls beyond transactions at a field level. For example, take a digital product catalog … More SAP Field Level Security – what are my options?
By Sandeep Chopra. “Attributes” is the new Role? In the last Gartner Identity and Access Summit in Nov 2013, Gregg Kreizmann, Research VP in Gartner, made a prediction that by 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today. In Oct … More Attributes is the new role?
By Soujanya Madhurapantula. Recap from my previous SAP Security post: As we discussed last week, traditional authorization models like role based access control (RBAC) were never intended for complex use cases. These models focused on static job roles or work-group use cases and assigned permissions to data.
By Soujanya Madhurapantula. In SAP’s role-based security architecture, Users and Authorization objects are used to create profiles, such as “buyer” or “payer”, and these are used to define functional roles. As a counter measure for potential fraud, the GRC Access Control Segregation of Duties can dictate that a user should not have, for example, both … More Is Role-Based Access Control Sufficient?