Managing Controlled Access to Confidential Data
Managing access to confidential data is a major issue for many companies. The security of sensitive data is often related to trust of customers, which makes it even more crucial to safeguard against misuse. Information that could identify an individual should be governed by policies that prevent identity fraud, compromise of systems or accounts, and other serious consequences. To minimize the risk and reduce the chance of a breach access to sensitive information should be restricted according to roles-based authorization.
There are several models that can be used to allow access to sensitive data. The most basic is discretionary access control (DAC), allows administrators or the owner to decide who can access the files they own and what actions the authorized subjects can take on them. This model is the default in the majority of Windows, macOS, and UNIX file systems.
A more secure, robust method is to use role-based access control (RBAC). This model aligns privileges to the specific requirements of a job. It also implements key security principles, like separation of privilege as well as the principle of the principle of least privilege.
Fine-grained control of access extends beyond RBAC, allowing administrators the ability to assign access to users based on their identity. It uses a combination of things you know, such as an account number or password; something you have such as an access card, keys or devices that generate codes; and something you’re like fingerprints, iris scans or voice print. This allows you to have greater the control of your information and eliminates many of the common issues with authorization, including unmonitored access by former employees and access to sensitive information via applications that are third-party.