What Is Mandatory Access Control in Cybersecurity

It’s difficult to keep sensitive data safe from strangers. Employees can become negligent while threat actors continue to come up with new ways to steal information. That’s the main reason why the number of data breaches continues to increase. Using mandatory access control could protect your data. So, what’s mandatory access control in cybersecurity?

Mandatory Access Control (or MAC for short) is an information security strategy that protects data by restricting access to it. Under MAC, users must get permission to access certain files, and this permission is only granted by the administrator. MAC comes with disadvantages and several advantages.

Finding a way to keep sensitive data protected is tough: restricting access is often the perfect first step. Understanding whether implementing mandatory access control will help or hinder you is key to figuring out if you can use it to your advantage.

Table of Contents

What’s Mandatory Access Control (MAC)?

Mandatory access control is a restrictive strategy that assigns access to files and information under a centralized authority. In other words, it puts an administrator as the front and center of data, someone who will assign employees the ability to access information based on how important said information is.

So, for example, someone who needs to access a confidential report has to request access from the administrator. Once access is granted, that person can read the report – but they can’t share it with other people who don’t have access.

MAC prevents people from leaking documents or sharing them (and leaking them by mistake). It also prevents hackers from accessing information via a privilege escalation attack.

A Quick Example To Understand MAC

Military branches and federal agencies often employ mandatory access control. They do so online and offline: this type of system is often the reason why dossiers are marked as top secret or similar.

That’s what MAC is: branding different information so it never falls under the wrong hands. Instead of putting a stamp on a folder, mandatory access control administrators rank files in importance and assign access to users (depending on their task and role in the company).

Imagine company executives released a classified report on Q1 earnings. It’d be terrible if everyone in the company could access it, though it should remain in the company’s data center for security reasons.

How can you deal with that scenario? Simple! Mark the report as top secret under MAC and grant access to top-tier executives alone.

Mandatory Access Control vs. Least-privilege Principle

  • Mandatory Access Control. MAC restricts user access to privileged information and sensitive data. It’s a barrier that prevents users from reaching above their heads and grabbing something they shouldn’t see, so to speak. It’s a great tool to prevent privilege escalation attacks as well as damage caused by threat actors with stolen credentials.
  • Least-privilege Principle. LPP is a segmentation strategy. It divides a company’s structure into different departments and prevents users from one department from accessing the files of another. At the same time, it restricts several faculties when necessary.

It’s important to note some companies implement both MAC and LPP – but they’re not the same thing.

The Main Difference Between MAC and LPP

MAC restricts vertical access, while the least-privilege principle restricts vertical and horizontal access.

Mandatory access control and the least-privileged principle sound similar – because they are. They both limit user access in one way or the other. However, MAC prevents people from accessing sensitive information above their heads.

In contrast, the least-privilege principle prevents users from accessing files they don’t need (e.g., stops someone in sales from accessing an HR report). At the same time, it also reduces user faculties (e.g., allowing users to read a report but preventing them from editing or deleting it).

In short, MAC deals with vertical access, and LPP deals with horizontal access and segmentation.

How Do Companies Set Up Mandatory Access Control Policies

Most places choose to set up MAC policies in three tiers. These security tiers have different names, though most companies choose the following terms: confidential, secret, and top secret. You can get access if you’re cleared to do so by management.

These tiers are names that help allocate resources better. Nothing happens if the name changes as long as the meaning behind them remains the same. For example, IBM prefers other terms, such as restricted, confidential, and internal. These three names, albeit slightly different, mean the same thing under a MAC system.

Who gets access to each tier depends on how the company runs things – and the type of employee we’re talking about. However, a need-to-know basis is always the core element behind mandatory access control implementation.

5 MAC Disadvantages

1. Clearing Users Takes Time

You can probably tell implementing mandatory access control is time-consuming. Managing permissions is not something to take lightly: you can’t juggle them every now and then, hoping things run smoothly.

Requesting and assigning one access clearance can take a long time, considering how bureaucracy moves when it comes to sensitive data. Not only that, but your company will deal with plenty of requests every week (sometimes every day), meaning things will slow down for a bit.

That issue will be even bigger when you roll out your new MAC system: people will have to get used to it, the admin will need some time to understand how to hand permissions, and so on.

2. Requires Constant Maintenance

Mandatory access control has another significant issue. It requires a team of people to be on top of it all at all times. Why is that necessary? Because granting and revoking permissions is a bureaucratic process!

Let’s clear something up: mandatory access control should be implemented for sensitive information alone. There’s no need to implement this protocol when handling low-level information.

So, bureaucrats will take a little time to view and review permissions requests before granting them. They’ll also review already existing ones. It’s all in the name of safety – but constant maintenance is time and energy consuming.

3. It May Reduce Productivity

Yes, MAC consumes time and energy. That very same time and energy could be spent elsewhere. In other words, productivity may take a hit, especially early on, as we’ve already mentioned.

Less productivity means less money, so you have to think about whether the cost of running mandatory access control is lower than the potential risks MAC prevents.

For example, think about whether a possible data breach will cost you more or less than how much it’ll cost to implement MAC (how much will you pay for the software) and its consequences (productivity hits).

4. Management Tends To Burn Out

Imagine you have to grant and revoke permissions every day for hours on end. It’s not your sole responsibility – but it’s an important one. So, you have to stop your other tasks halfway through, check and change permissions, then go back to your other tasks.

That goes on and on every day. What will soon happen? You burn out! That’s what happens to management working under mandatory access control – and it’s one of the biggest disadvantages this system has.

Add that issue to the ongoing burnout problem in tech, and you have reasons to worry. Keeping employees happy prevents them from going sloppy and/or resigning.

5. Comes With a Single Point of Failure

The main issue with mandatory access control is that threat actors can easily compromise it should things go wrong. One admin account handles every access permission – so things can get rather hectic very quickly if a hacker steals those login credentials.

Of course, there are protocols and countermeasures that would prevent that scenario from happening. At the very least, it’d make it incredibly difficult for that to happen – but it’s not impossible.

However, there are advantages to having a single admin account handling permissions. There are also other advantages to implementing MAC. You’ll find out about them below.

5 MAC Advantages

1. Keeps Data Safe

Why would any company or organization implement mandatory access control? The answer is simple: to keep their sensitive data away from malicious actors. It does a pretty good job at that.

Sure, there are a handful of disadvantages you must pay attention to. We’ve talked about them above. However, that doesn’t mean MAC is inherently worthless because of them. In fact, the advantages may make you think again about implementing this system.

We’ve also discussed above which organizations and institutions use this system: the military and the federal government. When the stakes are that high, the disadvantages you just read above are not that big of a deal.

2. Makes Monitoring Easier

How does mandatory access control help with cybersecurity? For starters, it keeps your data safe. It also has something even better to offer: it makes monitoring easier.

How can MAC improve your monitoring experience? Because you can see who accesses files – and when. That means you have every movement under control and will know when someone starts acting suspiciously.

We’ll also explain below how easy it is to do a post-cyberattack forensic study to determine what went wrong and who leaked data (should it ever happen to you) if you implement mandatory access control.

3. Prevents Escalation Attacks

Another great thing that comes with implementing MAC is privilege escalation mitigation. Hackers often look for a low-level starting point to infiltrate your system – and often end up roaming your network how they please.

However, they may end up facing a dead-end if you implement mandatory access control. MAC is like a strong barrier between users and sensitive data: those who don’t have permission to go through will remain on the other side of the barrier.

Of course, hackers will always find themselves far away from sensitive data in that scenario.

4. Helps You Investigate Future Leaks

One of the best things about having users request permission to access files is how helpful that is during the worst-case scenario. Imagine your company suffers a data leak sometime soon. After containing the issue, you have to investigate and find out the culprit. Well, narrowing down the list of suspects would be easy if you implemented MAC.

Why would you have an easy time finding the leak’s perpetrator? Because someone needs to access those files before leaking them – and they need the necessary permissions to do so.

You only need to take a look at the access log to see who accessed the data before the breach, starting your investigation with the right foot.

5. Efficient Way To Administer Permissions

We’ve mentioned above how dangerous it is to have one single point of failure. You could find yourself in a world of trouble if a threat actor manages to compromise the admin account that grants access permissions under MAC.

However, there’s another side to that: having one admin account is the easiest way to handle permissions. It could also help you prevent a widespread problem if someone compromises that same account: you can quickly contain the issue when there’s only one place to look.

It’s up to you to figure out if having one point of failure outweighs efficiency – and whether you should implement mandatory access control or not.

Should You Use Mandatory Access Control for Your Company?

Mandatory access control is a great idea, especially when you consider how much data breaches continue to happen. MAC won’t stop hackers from gaining horizontal control, but it will keep privileged data away from their hands.

It’s important to understand why companies choose to use this system. Most of them do so because of regulations (e.g., federal agencies, military branches, etc.) – but a handful of them want to reap the rewards of running a tight ship.

Does that sound like you? Mandatory access control is perfect for companies and organizations that store very sensitive data that must be protected in a vertical fashion (i.e., top to bottom).

Takeaways

Mandatory access control adds an extra security layer that’ll stop threat actors looking to perform a privilege escalation attack. It comes with a few hiccups, such as having to constantly maintain the system, potentially reducing productivity in the process. A decrease in productivity is preferable to a data breach in most scenarios.

Herman McCargo

Herman is a Microsoft Certified Security Engineer and Cybersecurity Specialist. He’s been in the technology field for over 20 years and has expertise working with the most critical technology infrastructures. He has a deep understanding of cyber risks, threat mitigation and prevention, and overseeing infrastructure.