What is access control?

Access control is a fundamental component of data security that dictates who’s allowed to access and use company information and resources. Through authentication and authorization, access control policies make sure users are who they say they are and that they have appropriate access to company data. Access control can also be applied to limit physical access to campuses, buildings, rooms, and data centers.

How does access control work?

Access control identifies users by verifying various login credentials, which can include user names and passwords, PINs, biometric scans, and security tokens. Many systems also include multi-factor authentication, a method that requires multiple authentication methods to verify a user’s identity.

Once a user is authenticated, it then authorizes the appropriate level of access and allowed actions associated with that user’s credentials and IP address.

There are four main types access control. Organizations typically choose the method that makes the most sense based on their unique security and compliance requirements. The four models are:

Discretionary (DAC)

In this method, the owner or administrator of the protected system, data, or resource sets the policies for who is allowed access.

Mandatory (MAC)

In this nondiscretionary model, people are granted access based on an information clearance. A central authority regulates access rights based on different security levels. It’s common in government and military environments.

Role-based  (RBAC)

RBAC grants access based on defined business functions rather than the individual user’s identity. The goal is to provide users with access only to data that’s been deemed necessary for their role within the organizations. This widely used method is based on a complex combination of role assignments, authorizations, and permissions.

Attribute-based Access Control (ABAC)

In this dynamic method, access is based on a set of attributes and environmental conditions, such as time of day and location, assigned to both users and resources.

Why it is important?

Itl keeps confidential information, including customer data, personally identifiable information, and intellectual property, from falling into the wrong hands. Without a robust policy, organizations risk data leakage from both internal and external sources.

It’s particularly important for organizations with hybridmulti-cloud cloud environments, where resources, apps, and data reside both on-premises and in the cloud. It can provide these environments with more robust access security beyond single sign-on (SSO).

Article Provided by: Citrix

Liquid Video Technologies Logo, zero trust, Security, Video Surveillance, Greenville South Carolina, cybersecurity, microsoft

If you would like liquidvideotechnologies.com to discuss; developing your Home Security System, Networking, Access ControlFire, IT consultant, or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.