Data Zoning
There are many prevailing access management systems in the market, which do a fair job in organizing identities (users) and also up to a certain extent in handling the access control (mapping between identity and target resource). However, they don’t take care of it well when it comes to organizing the resources (data).

Putting an innovative step forward in this arena, BizFirst now introduces a revolutionary data organizing principle, which helps you custom slice and dice your data and provide access through a simple yet powerful algorithm.

Imagine each data which goes into your database gets through one of the many Zones you define. Also image if every user has ‘read or write’ access to some specific Zones based a unique Zoning logic.

For example, let’s assume if there is a need to create a Zone model based on Sales Region. There can be several algorithms like users in Northeast Zone can only write to Northeast region. They can read from Northwest but can’t write. Southern Canada region cannot read or write. US region can read and write to all US subregions and so on.

This matrix may get fairly complex when you have overlapping regions. Deciding whom to give read and write access will be determined by the zone to which the particular data belongs to. The users and the user groups will also determine the access. The owner of the data can prevent or allow a particular user to a datazone by 1) Providing the user with the zone access 2) Moving the data from one lower region to its overarching region 3) Adding the user to a separate group (eg: USSalesTeam) etc.

Data Zoning, if rightly engaged, can form the basis of complex security architecture and solve many of the grave data-security related issues faced by enterprises.

Similar to Sales Region, your Division, Employee Office or Country are also good parameters to be defined as Zones.