Managing Controlled Access to Confidential Data

The management of access to confidential information is a major issue for many organizations. Data that is sensitive is frequently related to trust of customers which makes it more critical to protect from misuse. Data that could identify an individual should be protected by a set of guidelines to avoid identity theft, compromise of systems or accounts and other severe consequences. To avoid these risks and reduce the risk of data breaches, access to sensitive information should be restricted based on role-based authorization.

There are many different models that allow access to sensitive information. The most basic one, a discretionary access control (DAC) allows the administrator or owner to decide who can access the files they own, and what actions those authorized users can take against them. This is the default model for most Windows, macOS, and UNIX file systems.

A more secure and reliable approach is role-based access control (RBAC). This model aligns access rights to the job requirements. It also enacts essential security principles, like separation of privilege and the principle of least privilege.

Fine-grained control of access goes beyond RBAC and gives administrators to grant permissions according to an individual’s identity. It uses a combination that includes something you recognize, such as an account number, password, or device that generates codes, as well as something you own such as keys, access cards, or devices that generate codes as well as a sign that you’re such as your fingerprint, iris scan or voice print. This allows for greater control and could eliminate many common authorization issues, such as insecure access to former employees or access to sensitive data through third-party apps.

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *