Dynamic Access Control Scenarios
The team at TechNet have updated their deployment scenario on Central Access Policy. If you have not as yet read this simple step by step guide on utilising Dynamic Access Control to secure and control your companys data, you can find an overview and link here.
The initiative to deploy and enforce an authorization policy may come for different reasons and from multiple levels of the organization:
Organization-wide authorization policyMost commonly initiated from the Information Security office, this authorization policy is driven from compliance or very high level organization requirement and would be relevant across the organization. For example: High Business Impact files should be accessible by full time employees only
Departmental authorization policyEach department in an organization has some special data handling requirements that they would like to enforce. This is very common in distributed organization. For example: the finance department might want to limit all access to finance servers to the finance employees
Specific data management policyThis policy usually relates to compliance and business requirements and is targeted at protecting the right access to information that is being managed. For example: Preventing modification or deletion of files that are under retention or files that are under eDiscovery
Need to know policyThis is a catch all authorization policy type and most probably used in conjunction with the policy types mentioned above. Examples include: Vendors should be able to access and edit only files that pertain to a project that they are working on.
In financial institutions, information walls are important so that analysts do not access brokerage information and brokers do not access analysis information.