Context is king – access controls for truly secure data distributionJanuary 18, 2018
Posted in: Blog
Gospel contains context-based access control as part of its Enterprise Data Platform. So what is it? How does it work? And what advantages does it give over roles based access?
Context is king
One of the most important features of the Gospel Data Platform is our context-based access control. In this post, we’re going to have a look at what that means in practice and, more importantly, why roles-based access controls (RBAC) are no longer rigorous enough to control the flow of data between diverse systems or between companies.
Let’s start by describing how a conventional RBAC system works. Users are allocated to roles based on the jobs they need to do or the processes they need to follow. The least possible level of privilege to accomplish that job or process is then allocated to the given role. When a user logs in, they have access to the sum of the permissions of the roles they hold. These privileges are typically allocated at the table or column level within the database behind the system. For example, a member of human resources staff would need permissions to see and edit data about the employees of the company for whom they work.
Gospel’s context-based system moves beyond this by taking into account both the content of the records the user is trying to access and what the user is doing at the time. This sounds simple (and in many ways it is to the end user) but it allows setting of significantly more secure and granular permissions, especially where data is flowing between systems or companies. In addition, it is possible to only display derived or tokenised data to a given group of users – in effect asking the questions about the data that the user is seeking to answer, rather than giving them the data to answer the question. For example, we might show whether someone is over 18 rather than their date of birth.
Keeping control outside of your boundaries
Where this really comes into its own is when data moves out of the owning organisation and hence their direct control. If we take the practical example of data interchange between a GP’s surgery and a hospital; in a roles-based system, a surgeon in the hospital would probably have similar read access to patient data to the GP in the surgery to which the patient is enrolled. With context-based controls, the data they can see can be restricted to what they need to achieve the tasks they’re contracted to provide. For example, our surgeon might only see those patients who have an operation or follow-up scheduled at the hospital with that particular consultant. We can also ensure that information that is not relevant to the surgeon – changes of address, ages of children etc. – is not visible. And once the procedure is complete, access can be withdrawn automatically. By removing access to the data that is no longer needed – and better still never speculatively sharing information that is not – we’re reducing the volume of data ever shared and hence the amount that could possibly be misused or breached.
Consent built in as part of the context
With strict changes to data protection legislation in Europe, Mexico and many other territories either already in force or coming into play in the next few months, it’s also essential to bring notification and consent for data sharing to the fore. With Gospel, we can make consent to share data part of the context which controls access and even gather that consent where necessary.
In addition, read access to data can be recorded within our immutable ledger to ensure there is an auditable log of who did what and when, and users notified as and when legislation requires them to be. If consent is removed, the data will be removed from view as appropriate and external systems can even be notified. Because the context of how the data links together is understood in a meaningful rather than simply relational manner, all subsidiary data about the user will also be removed from view. Also, as we understand how data relates to a particular user, it’s easy to securely give them the legally mandated access to data about themselves.
Reducing unnecessary data overload
Another benefit of this approach, quite apart from controlling access to personal or sensitive data, is reducing the amount of unnecessary noise to which users are subjected. In many systems, simple controls mean that the sheer volume of data which users can see means that identifying the data they need to accomplish their current task is difficult. By understanding the context of what the user is doing at the moment, we can identify the pertinent records and just show those to users. For example, within an airport, teams are constituted to turn around an aircraft. Most of the data about other planes on the ground is not particularly secret, but the sheer volume in a major hub can be overwhelming. By knowing who is bringing a passenger travelling on an aircraft to the gate in a wheelchair, who’s flying the plane and who is filling it with fuel, Gospel can ensure that they see all pertinent information – and no more.
One last aspect of context that we’re working on at the moment is the degree to which we trust that the user is who they say they are and the device that they’re using. By understanding whether difference between a user accessing the system from a desktop on the corporate network they’ve logged in from thirty times before and a mobile phone that has not been used in the past, we can make further restrictions to the data that can be viewed or require additional authentication before allowing access.
In conclusion, context-based controls are more secure and more appropriate to the increasingly challenging data security environment than simple roles-based controls and we’d expect to see more products and platforms follow our lead in this area over the coming months.
What makes Gospel’s implementation special is the combination of this feature with our immutable history of access, Byzantine fault tolerance and a straightforward, easy to use platform.
Reuben Thompson is Gospel’s VP of Technology.
For a far less tech heavy summary of what Gospel is designed to do click here!