Planning Access Policy Deployment using DAC

on Tuesday, 06 November 2012. Posted in Basics

Dynamic Access Control Scenarios

Planning Access Policy Deployment using DAC
The team at TechNet have updated their deployment scenario on Central Access Policy. If you have not as yet read this simple step by step guide on utilising Dynamic Access Control to secure and control your companys data, you can find an overview and link here.
The need to control the information in enterprise-level organizations for compliance and business regulations is one of the drivers in the consolidation trend where large amounts of information from users' desktops and departmental file shares are moved into centrally managed file servers.

The initiative to deploy and enforce an authorization policy may come for different reasons and from multiple levels of the organization:

Organization-wide authorization policy

Most commonly initiated from the Information Security office, this authorization policy is driven from compliance or very high level organization requirement and would be relevant across the organization. For example: High Business Impact files should be accessible by full time employees only

Departmental authorization policy

Each department in an organization has some special data handling requirements that they would like to enforce. This is very common in distributed organization. For example: the finance department might want to limit all access to finance servers to the finance employees

Specific data management policy

This policy usually relates to compliance and business requirements and is targeted at protecting the right access to information that is being managed. For example: Preventing modification or deletion of files that are under retention or files that are under eDiscovery

Need to know policy

This is a catch all authorization policy type and most probably used in conjunction with the policy types mentioned above. Examples include: Vendors should be able to access and edit only files that pertain to a project that they are working on.

In financial institutions, information walls are important so that analysts do not access brokerage information and brokers do not access analysis information.

Leave a comment

You are commenting as guest.