Zafepass RBAC & ABAC

The Zafepass Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC) are built-in and tightly paired with the Zafepass Security Policy Engine (SPE), as well as the Least Privilege Access Management.

Privileges don't exist

in Zafepass, thus no

escalation options.

Privileges are configured

from the Provisioning

Console (Admin) based

on the individual, group

or site security policies

being met, and Zafepass

admins or support staff,

can in a few simple steps,

configure access to any

digital resource.

The shift to hybrid and remote work in recent years has rendered the security controls we have spent years refining inadequate. With this shift becoming permanent, now is the time for organisations to review their data security practices and decide if a new approach that employs attribute-based access control (ABAC) is not just a nice to have, but a must have.

Zafepass build on 'Always Verify / Validate', Least Privilege Access, Assume Compromize of everything.

Zafepass extends these and other security principles, by implementing 'Virtual Private Connectivity', 'Ephemeral Connectivity' and 'Guard-Railed Micro-Perimeter' elements (Software Defined Segmentation if you like). In addition, Zafepass support "Black-core and Black-transmission" principles, meaning full encryption of data and transmissions end-to-end. 

Zafepass 'VPC Ephemeral Connectivity' ensure sessions are terminated when idle, but automatically re-established without the user being affected. It's done this way, in order to support users traveling (mobility) being annoyed with logging in again all the time.

Zafepass R-ABAC enables support staff and admins to apply fine grained access control policies without complete prior knowledge of the specific subject. The additional use of data points become a strong indicator of identity, when combined with other attributes.

These indicators form the basis for binary-trust in the device’s, the environment, user identity (support for a range of biometrics) and ownership, for authorization-access to digital resources, service and transactions.