Security "Bits"

You shall not pass - security with contextual access control

By Annie Wang | April 16, 2015 at 7:30 AM

You_shall_notFor those of you who are a fan of The Lord of The Rings, I have a feeling you will appreciate this read. The famous words that Gandalf The Grey boldly yelled during a climactic scene in Lord of The Rings: The Fellowship of The Ring “You shall not pass!” has been memed about, recited amongst friends and even referenced in other films. But it also has a strong meaning for IT teams looking to secure sensitive data.

Gandalf’s brave moment in the movie was performed in order to protect his friends from an evil monster attempting to destroy them. Now there are no two horned fire breathing monsters in our world, but there are cyber criminals. 

As IT securers our job is to protect our customers, and colleagues from cyber criminals attempting to steal their data. But in order to do this we must be able to broker access to the cloud applications that host this data, and determine who shall pass, and who shall not. 

The Morgan Stanley breach provided a prime example of how a lack of access control can place your company at risk. During this breach, an employee who was recently let go still had access to a secure database. The now ex-employee was able to creep back into the company database, download highly sensitive information, and then post it on Pastebin. Not the ideal situation for a major financial institution entrusted to protect billions of dollars. It’s no coincidence that access control is now seen as a major threat to companies. 

In the Cloud Security Survey that was released last month we found that 63% of IT securers view unauthorized access via misuse of employee credentials and improper access controls as the number on threat to cloud applications. The picture below shows you the top 5 overall threats found within the survey. You’ll notice that ALL involve improper use of data by employees.  


By limiting access companies will be able to limit their risk exposure. But companies must keep context in mind. Contextual access control is based on three components.

1. Title – set which titles have access to which application

2. Device type – allow only devices that meet criteria to access data

3. Location – You can set access based on the IP address and geographic location from the attempting to access a cloud application

Learn more about access control and how to achieve greater cloud and mobile security by visiting us at RSA conference! We'll be at booth #S237.

Chris Hines

Product Marketing Manager | Bitglass



see all