Tutorial
Access Control
Learn about authentication and authorization
To start off with the topic first we’ll reach the introduction and then go through the flow of different types available to implementing a system. Then finally look at what commercial tools already exist to overcome the problems we will discuss about.
What is Access Control?
Access control is a method of verifying that users are, who they say they are and that they have the required level of access to data. So as you can see that this is a very fundamental concept in safeguarding data.
As most companies have stated that they, after every data breach, access controls are among the first policies they investigate. So in a very high level, access control is basically a selective restriction of access to data. It consists of two main components: authentication and authorization.
So what is authentication and authorization?
Authentication is a technique used to verify that someone is who they claim to be, As an example -
Authentication — A student can authenticate himself before accessing the learning management system of a university
but it alone won’t be enough to protect data.
What’s needed is an additional layer, authorization, which determines whether a user should be allowed to access the data or make the transaction they’re attempting
As an example -
Authorization — He can access lecture slides and other learning material of the courses based on the permissions given to him.
Types of Access control
Organizations must determine the appropriate access control model to safeguard their data. It is usually based on the type and sensitivity of data they’re processing.
Now when you look at these models, Older access models include discretionary access control (DAC) and mandatory access control (MAC), role based access control (RBAC) is the most common model today, and the most recent model is known as attribute based access control (ABAC).
Below are the characteristics of each and model stated above,
i. Discretionary Access control (DAC)
ii. Mandatory access control (MAC)
This is a security model in which access rights are regulated by a central authority usually based on multiple levels of security.
Often used in government and military environments, classifications are assigned to system resources and the operating system (OS) or security kernel.
It grants or denies access to those resource objects based on the information security clearance of the user or device.
iii. Role-based access control
iv. Rule based access control
It is not uncommon to use some form of both rule-based access control and RBAC to enforce access policies and procedures.
v. Attribute based access control(ABAC)
This is a dynamic method, which considers the user’s attributes, including time of day, position and location, in making a decision on access to resources.
When implementing an access control system
Access control is a process that is integrated into an organization’s IT environment. It involves identity management and access management systems. These systems provide access control software, a user database, and management tools for access control policies, auditing and enforcement.
When a user is added to an access management system, system administrators use an automated provisioning system to set up permissions based on access control frameworks, job responsibilities and workflows.
And also its considered best practice of using least privilege, because it restricts access to only resources that employees require to perform their immediate job functions.
Types of access management control software tools
Above are many types of access control software and technology, and often, multiple components are used together to maintain access control. The software tools may be on premises, in the cloud or a hybrid of both. They may focus primarily on a company’s internal access management or may focus outwardly on access management for customers.
Microsoft Active Directory (AD) is one example of software that includes most of the tools listed above in a single offering. Others products are also there such as Idaptive and Okta.
Thank you.
