Multi-level access controls such as Bell-LaPadula have been in place for government applications for a very long time with good success. Why not implement a similar model for access across the board. A well defined business environment should understand where critical data is located and the risk involved with that data and control access based on area of responsibility or job function. Users and hosts should be limited access based on associated attributes of data, only accessing that data based on “need to know.” Any external entities should be treated as high-risk by default. Implementing tokenized access to data at rest above discretionary access controls would benefit ABAC and access awareness.
Idea No. 153