top of page

RBAC is Dead – Now What?

Adam Fisher in this article is arguing that RBAC (Role Based Access Control) is dead as the practical result of how data is now used in business and society.  There are a couple of interesting statistics in this article that we should all keep in mind.  In 1986, less than 1% of all information was stored in some digital form.  By 2007, that percentage increased to nearly 93%.  I would assume that as of 2015, that percentage is now much higher.  The average person carries 2.9 electronic devices on their person.  Access control has begun to evolve to meet the demands of this level of data usage and consumption.  The answer appears to be ABAC (Attribute Based Access Control).

I am intrigued by this article and the Gartner prediction that by 2020, 70% of businesses will have transitioned to an ABAC model.  I believe that will be a significant transformation that many may find difficult.  Role based or Discretionary access controls models have been ingrained in business and society for many years and like all change, people will resist.  I do believe there is tremendous potential benefit in a transition to ABAC, especially in terms of flexibility and secure dynamic access to information.  This is definitely an area to watch over the next several months.


Recent Posts

See All

Rethinking Software in the Organizational Hierarchy

I very much enjoyed this article from Pieter Danhieux via Dark Reading and this creative approach to the management of applications and hierarchical security. The concept of least privilege and the d


bottom of page