There are some common methods for controlling access without regard for the asset type. For example, we need a way to authenticate users — validate that they are who they say they are. Then we need a way to authorize the users — figure out whether they are authorized to perform the requested action for the specific asset (such as read or write a given file or enter a particular server room). Let’s take a closer look at how authentication and authorization typically work.
- Authentication. Traditional authentication systems rely on a username and password, especially for authenticating to computing devices. LDAP directories are commonly used to store user information, authenticate users and authorize users. But there are newer systems that enhance the authentication experience. Some replace the traditional username and password systems, while others (such as single sign-on, or SSO), extend them. Biometrics is an emerging authentication method that includes (but is not limited to) fingerprints, retina scans, facial recognition and iris scans.
- Authorization. Traditional authorization systems rely on security groups in a directory, such as an LDAP directory. Based on your group memberships, you have a specific type of access (or no access). For example, administrators might grant one security group read access to an asset, while a different security group might get read/write/execute access to the asset. This type of system has been around a long time and is still the primary authorization mechanism for on-premises technologies. Newer authorization systems incorporate dynamic authorization or automated authorization. For example, the authorization process might check to see if you are in the Sales department and in a management position before you can gain access to certain sales data. Other information can be incorporated into authorization. For example, you can authenticate and get read access to a web-based portal, but you can’t get into the admin area of the portal unless you are connected to the corporate network. Next, let’s look at some key details around controlling access to specific assets.
- Information. “Information” and “data” are interchangeable here. Information is often stored in shared folders or in storage available via a web portal. In all cases, somebody must configure who can gain access and which actions they can perform. The type of authentication isn’t relevant here. Authorization is what you use to control the access.
- Systems. In this context, “systems” can refer to servers or applications, either on premises or in the cloud. You need to be familiar with the various options for controlling access. In a hybrid scenario, you can use federated authentication and authorization in which the cloud vendor trusts your on-premises authentication and authorization solutions. This centralized access control is quite common because it gives organizations complete control no matter where the systems are.
- Devices. Devices include computers, smartphones and tablets. Today, usernames and passwords (typically from an LDAP directory) are used to control access to most devices. Fingerprints and other biometric systems are common, too. In high-security environments, users might have to enter a username and password and then use a second authentication factor (such as a code from a smartcard) to gain access to a device. Beyond gaining access to devices, you also need to account for the level of access. In high-security environments, users should not have administrative access to devices, and only specified users should be able to gain access to particular devices.
- Facilities. Controlling access to facilities (buildings, parking garages, server rooms, etc.) is typically handled via badge access systems. Employees carry a badge identifying them and containing a chip. Based on their department and job role, they will be granted access to certain facilities (such as the main doors going into a building) but denied access to other facilities (such as the power plant or the server room). For high-security facilities, such as a data center, it is common to have multi-factor authentication. For example, you must present a valid identification card to a security guard and also go through a hand or facial scan to gain access to the data center. Once inside, you still need to use a key or smartcard to open racks or cages.
Learn More:
Pretty! This was an incredibly wonderful article. Thanks for providing this information. Estrella Ellis Mohsen
Looking forward to reading more. Great blog article. Much thanks again. Awesome. Randene Frederico Corin
Thanks again for the post. Really thank you! Great. Olia Lemmy Holbrooke Henrieta Yankee Gefell
This can be an inspiration to many people. Very good job Lanny Xerxes Strang
Pretty! This has been an incredibly wonderful post. Thank you for supplying these details. Lebbie Fair Ciro
An attention-grabbing discussion is price comment. I think that it is best to write more on this matter, it might not be a taboo topic but generally persons are not enough to talk on such topics. To the next. Cheers Gwendolyn Colin Alvin
Excellent blog here! Also your site loads up very fast! What web host are you using? Can I get your affiliate link to your host? I wish my web site loaded up as fast as yours lol| Correy Robb Magnuson
Hey there. I found your web site by means of Google even as looking for a similar topic, your site got here up. It looks good. I have bookmarked it in my google bookmarks to come back then. Suzette Iain Pamelina
Great beat ! I would like to apprentice whilst you amend your site, how could i subscribe for a blog website? The account aided me a acceptable deal. I had been tiny bit acquainted of this your broadcast provided vivid clear idea Eveline Keenan Fanchan
Wow! Thank you! I continually wanted to write on my website something like that. Can I take a portion of your post to my site? Charmine Stearn Boggs
very good publish, i certainly love this website, carry on it Corliss Kevin Sara-Ann
Thanks for ones marvelous posting! I genuinely enjoyed reading it, you could be a great author. I will remember to bookmark your blog and definitely will come back later in life. I want to encourage that you continue your great work, have a nice day! Issie Mohammed Tressia
I would like to thank you for the efforts you have put in writing this blog. Cass Keefer Karoly
I have read so many articles or reviews about the blogger lovers however this piece of writing is actually a pleasant paragraph, keep it up. Marissa Mordecai Gujral
Excellent post. Keep writing such kind of information on your site. Ardath Terrence Haze
My brother recommended I might like this web site. He was totally right. This post actually made my day. You can not imagine simply how much time I had spent for this information! Thanks! Augustine Hi Berthoud
My partner and I stumbled over here coming from a different website and thought I should check things out. I like what I see so i am just following you. Look forward to checking out your web page for a second time. Pet Orbadiah Gipps
usually posts some incredibly intriguing stuff like this. If you are new to this site Margette Roscoe Gerrald
Awesome post. I am a regular visitor of your website and appreciate you taking the time to maintain the excellent site. I will be a regular visitor for a really long time. Belia Mordy Kozloski