Skip links

Managing Controlled Access to Confidential Data

Managing access to confidential data is a key challenge for all organizations. The data that is considered to be sensitive can be closely tied to the trust of customers. This makes it all the more essential to safeguard against misuse. Data that could identify an individual needs to be governed by a set of policies to prevent identity theft, compromise of systems or accounts and other serious consequences. To minimize the risk access to sensitive information should be controlled by precise authorization based on role.

There are a variety of models that allow access to sensitive information. The simplest model, discretionary access controls (DAC) allows an administrator or owner to select who can access files and what actions they are able to perform. This is the default for the majority of Windows, macOS, and UNIX file systems.

Role-based access control is a more reliable and secure method. This model aligns access rights to the job requirements. It also enacts essential security principles, including separation of privilege as well as the principle of least privilege.

Access control that is fine-grained goes beyond RBAC and gives administrators to grant access rights based on an individual’s identity. It uses a combination of things you know, such as an account number or password; something you have like keys, access cards or devices that generate codes and something you are or have, such as a fingerprint, iris scan or voice print. This provides more control and eliminates a variety of common authorization issues, like insecure access to former employees or access to sensitive data via third-party applications.

Leave a comment