| Access control system | | | | The second process, authorization, allows users |
| Business owners and managers are constantly | | | | access to the appropriate applications, servers, data |
| identifying areas of risk and taking steps to mitigate | | | | stores and physical items (such as building doors and |
| that risk. In an IT environment, risk takes the form of | | | | equipment). "One [process] figures out who it is, and |
| access. An organization may possess a wealth of | | | | the other one figures out what they can do," said |
| resources, but those resources are not available to | | | | Andrew Plato, president of Anitian Enterprise Security, |
| every employee, customer or partner. Businesses | | | | a security solution provider headquartered in |
| implement access control system to ensure that each | | | | Beaverton, Ore. Authorization is often handled by |
| user (inside or outside of the organization) only has | | | | manually correlating authenticated users to specific |
| access to the resources necessary to perform their | | | | applications or other resources -- a time-consuming |
| respective tasks, while preventing access to | | | | and error-prone activity. Recent developments like |
| resources that are not relevant to the user. | | | | single sign-on (SSO) and other IDM technologies |
| | | | promise to bring automation and better control to the |
| Solution providers need to recognize the importance of | | | | process. |
| access control system in everyday security, | | | | . |
| understand its management implications, and help | | | | The practice of "least privilege," which limits user |
| clients match access control to compliance obligations. | | | | access to the minimum number of corporate |
| The first installment of this Hot Spot Tutorial explores | | | | resources needed for immediate job functions, has |
| the goals of access control and other considerations | | | | become crucial in access control, helping to minimize |
| as it relates to user identities and authentication. | | | | business risk. Even application design is affected by |
| Access control goals and considerations | | | | least privilege principles. |
| There are many different types of access control | | | | "Web browsers are a great example. They're |
| system: network access control (NAC), identity | | | | becoming the window into so many sensitive |
| management (IDM), Web access control, remote | | | | applications -- everything from banking to internal |
| access control, and device or endpoint access control. | | | | [customer relationship management]," said Pete |
| This tutorial deals with the importance of access | | | | Sclafani, senior director of information systems and |
| control related to user identity -- in other words, | | | | strategy at UnitedLayer, a managed Internet service |
| ensuring that users have access to the right data (or | | | | provider in San Francisco. "Having an application that |
| other corporate resources). | | | | doesn't use least privilege … can become a liability |
| Access control involves three processes: | | | | even though it helps worker productivity [to be] able to |
| authentication, authorization and audit. Authentication | | | | access documents from anywhere." |
| confirms the user's credentials in order to allow access | | | | |
| to resources. Every business implements | | | | About aryah.net |
| authentication to one extent or another. Credentials | | | | Aryah.net offers other great security products for |
| may include a simple user name and password, or | | | | creating access control to certain areas of your |
| more sophisticated multifactor authentication like a | | | | business or industry, vehicle security,computer and |
| smart card and PIN. | | | | Internet security, and other uses. |