Access control—a term referring to the measures taken to determine who can interact with a given resource—is actually part of our everyday lives. One of the simplest forms of access control is the lock on your car door, which prevents entry by anyone who doesn't have a key. Real-world access control is used for coin-operated restroom stalls, childproof medicine bottles, and ATM cards protected by PIN codes.
But in the realm of information technology, access control is an essential part of security. Of course, it’s a bit more complicated than your car door locks, because IT security has to guard against the cyber version of car thieves armed with crowbars and lock picks as substitutes for keys.
Security access control incorporates three primary areas of concern:
Identity and authentication: The gatekeepers of access control
The process of identity and authentication (I&A) makes sure that the subject entity—either a person or another electronic system—is really who they say they are. The most common and recognizable form of I&A is the user name and password system assigned to just about every electronic device and website that deals with personalized data.
There are several different ways to implement I&A on a system or resource. The authenticator, which is the mechanism used to verify identification, usually involves at least one of these factors:
Authorization: What you can—and can't—access
Once you've been identified and authenticated, the next step in access control is authorization. This refers to the actions you're able to perform in the system. Most electronic systems have different levels of user-dependent authorization, which are commonly called permissions.
The three typical sets of permissions are:
Accountability: Keeping track of your activity
This facet of security access control is the primary difference between electronic IT control and the simpler physical forms like locks and childproof caps. Accountability, also referred to as audit, employs components like audit trails and logs to record the actions users take while they're logged onto a system.
Audit trails and logs allow IT systems to detect and take action against security violations. These records also let system administrators recreate incidents that have led to security breaches, so they can trace the user, retract permissions, and take any other necessary actions.
Casual users can see accountability in action with systems that either time out or automatically disable accounts after a certain number of failed log-in attempts. These automated fail-safes are known as clipping levels, and they help to prevent unauthorized access.
Additional access control methods
While authentication, authorization, and accountability represent the primary building blocks of access control systems, extra measures are often employed. These include:
For IT security, access control is serious business—which is fortunate for all of us who would rather not have people regularly breaking into our email, Facebook profile, and online bank accounts. We get to keep the keys, while IT companies protect us from the electronic versions of crowbars and lock picks.
In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more
Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more
For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more
With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more