In just 3 years, from 2019 to 2022, spending in the cybersecurity industry nearly doubled, increasing from 40.8 billion USD to 71.1 billion USD, according to statista.com. This is encouraging for anyone working in cybersecurity since organizations have put their money where their mouth is and prioritized cybersecurity. Unfortunately, simply spending more money on security software is not enough.
An important piece of the puzzle is access controls—specifically, what software or entities should users be able to access? That’s where role-based access controls come in.
What is role-based access control (RBAC)?
Role-based access control (RBAC) is closely related to the principle of least privilege (PoLP). This cybersecurity principle states that users should have the bare minimum of access and privileges needed to do their specific job. When role-based access controls are in place, users—whether external or internal—only have permissions to access, perform actions or administrate in specific areas of a company’s digital infrastructure.
In practice, RBAC could look like this breakdown of roles with example access points:
What are the benefits of role-based access control?
The biggest benefit of RBAC is stronger security of the company’s data. Because each account has limited access to specific applications, environments or corporate entities, a hacked or compromised account (or simply a disgruntled employee) can do less damage to a company, its employees, its customers and its reputation. If a cybercriminal gains access to an account with RBAC in place, the damage they can do is limited to the specific entities it can access and not the entire infrastructure of the company.
Other benefits of adopting RBAC include
- Improves compliance to industry standards and regulations regarding privacy and confidentiality of data.
- Lowers costs for software or tools that charge by usage or number of users.
- Reduces redundancy and interference between employees and teams from different departments.
- Minimizes mistakes since employees can only access what they were trained to use.
- Keeps employees focused on the tasks they were hired for.
How does role-based access control work in Thru?
Thru is a cloud managed file transfer (MFT) solution that includes RBAC as part of its security posture. Administrators are able to control access based on a user’s role, which is configured in the GUI admin section or via APIs.
Automated File Transfer Roles
In our automated file transfer admin portal, we initially implemented four user roles:
System Roles and Granular Permissions
Furthermore, admins can create new roles by assigning desired permissions from the available list. For example, in the screenshot below, a custom role named Monitoring Role was created:
For more information, see our user guide about Granular Permissions »
Ad Hoc File Sharing Roles
Our file sharing portal also has administrators choose from four roles:
Group Permissions in Ad Hoc File Sharing Portal
Numerous default/built-in groups are available to manage different parts of the Thru file sharing system. Administrators can provide a user with additional capabilities and limitations by assignment to any of these groups. New groups, such as a Sales group for all sales representatives, can be added and their roles and capabilities defined by the admin.
Beyond RBAC: Thru’s Zero Trust Security Strategy
Role-based access controls help prevent unauthorized users from modifying endpoints or accessing data in Thru’s cloud MFT service. However, Thru doesn’t stop there. We incorporate multiple levels of security—cloud infrastructure security, application security and data security—so your files are always protected.
Learn about the additional measures Thru takes to ensure data security by going to our secure file transfer page »
[Note: This blog was first published on October 27, 2021, and continues to be updated to align with current product offerings.]