Managing Controlled Access to Confidential Data
The majority of organizations face a major challenge in managing access to sensitive information. Data that is sensitive can be linked to the customer’s trust. This is why it is so essential to safeguard against misuse. Information that can identify an individual needs to be governed by a series of policies to prevent identity theft, compromise of systems or accounts and other severe consequences. To minimize the risk and to limit the potential for harm of data breaches, access to sensitive information should be restricted according to roles-based authorization.
There are several models that can be used to allow access to sensitive data. The simplest, discretionary access control (DAC) permits administrators or owners to determine who has access to the files they own, and what actions those authorized users can take against them. This is the default setting in Windows, macOS and UNIX filesystems.
A more secure and robust option is to employ role-based access control (RBAC). This model aligns privileges with a person’s job requirements. It also enacts essential security principles, including separation of privilege and the principle of least privilege.
Access control that is fine-grained extends beyond RBAC, allowing administrators to assign permissions based on an individual’s identity. It uses a combination that includes something you are familiar with, such as an account number, password, or device that generates codes, as well as something you own such as keys, access cards or devices with code-generating capabilities, as well as something you are such as your fingerprint, iris scan or voice print. This gives you more control and eliminates many common issues with authorization, including uncontrolled access from former employees or access to sensitive information via third-party applications.