Employ Least Privilege With Attribute-Based Access Controls
Security best practices begin with employing least privilege. Least privilege is defined as giving users access to only the information and resources needed to execute a particular task. To employ least privilege, organizations are turning to Attribute-Based Access Controls.
Attribute-based access controls (ABAC), also known as policy-based access controls, grants access to users through the use of policies that are automatically enforced using context-aware attributes (e.g., location, time range, days, security clearance level, IP address, max dollar amount allowed to be entered, even require a manager review, etc.) ABAC functions as a preventative control at the business process, transaction, and master data level.
The Appsian Security Platform makes it easy to employ ABAC, while continuing to leverage the Role-Based Controls that are already defined and in-use across the organization.
Enable least privilege for different contexts of user access:
- Restrict high privilege access to your secure network only
- Block the most sensitive transactions (ex. changing direct deposit info) from being executed outside your network
- Implement additional security challenges like MFA or data masking when access occurs outside your network
Key Features:
- Downgrades high privilege users (ex. Administrators) to lower privilege users if PeopleSoft is accessed outside of secure network
- Leverage additional security challenges (ex. MFA) for all users if performing transactions outside of secure network
- Controlled by a configurable rules engine
Key Benefits
-
Enhanced Data & Transaction Security
Execute a robust policy of enforcing data access while ensuring your most sensitive transactions are not executed from an unfamiliar network.
-
Increased User Productivity
Employing contextual security means you can customize security challenges – rather than rely on one-size-fits-all rules that may restrict users from accomplishing tasks.
-
Reduced Complexity
Since Appsian leverages a robust rules engine, creating and enforcing security rules is streamlined and simple. Administration is browser-based, which greatly reduces the complexity of ongoing platform management.
