Managing Controlled Access to Confidential Data

The management of access to confidential information is a major issue for all organizations. The data that is considered to be sensitive can be linked to the customer’s trust. This makes it more important to safeguard against misuse. Data that could identify an individual needs to be controlled by a set of guidelines to avoid identity theft, compromise of systems or accounts and other serious consequences. To reduce the risk of these issues access to sensitive data should be controlled by precise authorization based on roles.

There are numerous models for granting access to sensitive information. The simplest is discretionary access control (DAC) allows the owner or administrator to decide who can access the files they own and what actions these authorized subjects can take on them. This is the default model for Windows, macOS and UNIX filesystems.

Access control based on role is a more robust and secure method. This model ties access rights to the job requirements. It also enacts essential security concepts, such as separation of privilege as well as the principle of least privilege.

Fine-grained control of access extends beyond RBAC, allowing administrators the ability to assign access to users based on their identity. It works by combining something you know, like an account number or password; something that you have like an access card, keys, or devices that generate codes; and something you’re, such as fingerprints, iris scans, or voice print. This gives you more control and could eliminate the majority of authorization problems, such as unmonitored access from former employees or access to sensitive data via third-party applications.

Leave a Comment

Your email address will not be published. Required fields are marked *