Why Your Organization Needs Rule-Based Access Control

Widely used role-based security offers strong network protection. Lesser-known rule-based access control can provide even more resiliency.

2 Min Read
Why Your Organization Needs Rule-Based Access Control
(Credit: Federico Caputo via Alamy Stock)

Role-based access control allows network managers to personalize a user's access level based on the individual's role within the organization. Rule-based systems, on the other hand, grant access to individuals complying with a specific set of conditions. By establishing a pre-defined rule-based access control setting, an administrator might, for example, grant a person or team access to a specific network resource only during regular business day hours.

Rule-based access control, frequently abbreviated as RuBAC, is often described as an attribute-based control, since end users are given a specific level of system access based on pre-determined criteria, regardless of their role or position within the organization, explains Joe Dowling, Dell Technologies' vice president of cybersecurity, identity, and access management.

RuBAC can be used in a variety of scenarios other than network access control, such as file and directory access control, and application access control, says Alaa Negeda, senior solution architect and CTO at telecommunication service provider AlxTel. “It can also be used in conjunction with other security measures, such as firewalls, intrusion detection systems, and passwords.”

RuBAC settings are typically defined by how much control each user is granted to accommodate their specific role within the organization. “The ability to control access is based on discrete criteria, conditions, or constraints,” says Alexander Marquardt, global head of identity and access management for analytics software provider SAS. “It’s explicit and very granular, focusing on a single attribute or characteristic of a subject, object, or operating environment.”

Jay Silberkleit, CIO at freight and logistics services provider XPO, believes that RuBAC is the best choice for organizations looking for a network access method that offers maximum customization and flexibility.“Rules can be changed quickly without changing the overall definition of the organizational structure,” he notes.

Benefits of RuBAC

RuBAC's central benefit is granularity and clarity, Marquardt observes. “There's no ambiguity when looking at a rule, as it explicitly allows or disallows access to a particular object or execution of a specific operation.”

The lure of increased control and flexibility also draws many organizations to RuBAC. Rule-based access control is an ideal model for any enterprise that requires explicit rules that are relatively static, Marquardt says.

RuBAC also gives adopters virtually infinite user access flexibility with only a minimal amount of overhead. “A small set of rules can be adjusted to enable functionality for a large user base,” Silberkleit explains. The approach also allows multiple network access levels to be rolled out to a subset of users for testing or experimentation. “Having this fine-grained control over access helps keep companies agile and secure,” he states.

Read the rest of this article on InformationWeek.

Additional reading:

About the Author(s)

John Edwards, Featured Contributor

Technology JournalistA veteran technology journalist, John Edwards has written for a wide range of publications, including the New York Times, Washington Post, CFO Magazine, CIO Magazine, InformationWeek, Defense Systems, Defense News/C4ISR&N, IEEE Signal Processing Magazine, IEEE Computer, The Economist Intelligence Unit, Law Technology News, Network World, Computerworld and Robotics Business Review. He is also the author of several books on business-technology topics. A New York native, John now lives and works in Gilbert, Arizona.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights