What is RBAC?
MSP security that controls who has access to what system at what time can help ensure no underhanded activity of the cyber-criminal variety goes on. Basically, Role-Based Action Control (RBAC) refers to a means of monitoring network access. That which is monitored includes:
- Means of access
- Identity of users
- Location of access
- Application of policy control
- Application of security level access
Means of Access
How is someone tapping into the network of a business your MSP is securing? Are they doing it internally or externally? Is there anything which can identify them as an employee? Has an SMB port been compromised by a ransomware worm? Is someone using Trojan programming on a portable device to spread protocols through a given system which are toxic to operations? Is the business orchestrating a BYOD (Bring Your Own Device) campaign where users log on from the comfort of their own home? There are many ways networks can be accessed, and you need to know what they are and have protections in place for all of them. IoT is an especially pernicious threat to security in today’s business world, and an MSP who can secure such tech devices will be sought.
Identity of Users
Once you’ve answered the “how,” now it’s time to answer the “who.” Who is accessing a given network and why? Do they need access to integrated systems or should there be some sort of password security? If there is password security, how well is it managed? It’s common for passwords to be poorly designed, so ensure your clients structure their passwords the right way. MSP security should have enough reach to determine who is accessing a network and how they’re doing so. This can be an integral part in keeping cyber-criminals from success.
When it comes to location, you need to have security measures which can trace a given access request. If you can do this successfully even when the request doesn’t go through, this will be good for your client.
Applications of Policy Control
There should be policies in place pertaining to security. Passwords are especially important in this regard. You need passwords that have numbers, letters, and numerals. They should be 6-8 characters, minimum. More is better. Hackers often have military-grade encryption and decryption solutions.
Policies should include rules pertaining to which systems, programs, and databases can and cannot be accessed. Additionally, you need to have training sessions so employees of clients understand what best practices are. A great deal of security breaches are accidental and come from the inside of a given business.
Application of Security Level Access
Part of policy control is who is eligible to see what data. This can even include a “where,” as computers trying to access a network remotely could be making a pretense at authority— they could be “mimicking” or something of the kind. It should be the policy that is defined with your client. Again, you’ll want to have training sessions, and with things like security access, more security is better. Passwords shouldn’t just be made; they should be regularly changed on a monthly or even weekly basis. The list goes on.
Becoming a Security Resource
MSP security that clients can continuously rely on will consider every aspect of operations and continuously look for holes. Penetration tests, or pen-tests, are an excellent way to ensure your security solutions are properly effective. All these things are secured by RBAC, so instituting such solution acts as a win-win time saver for everyone who’s involved with it.