Access Control

Access control is a way of limiting access to computing resources, thereby reducing the risk of attacks, data breaches or other technology issues. Access control can limit the people, roles, networks, and systems that have access to particular types of technology, computing systems, applications, or datasets.

Terms related to Access Control: Identity and Access Management (IAM), multifactor authentication, two-factor authentication, biometrics, information security, data security

Access control is specifically designed to limit the use of computing resources and uses various methods to achieve this. It is part of the overall cybersecurity discipline of “Identity and Access Management (IAM).” There are two main ways to implement access controls:

  1. Physical access control that limits access to specific locations, rooms, buildings, and physical IT assets like server racks or workstations.
  2. Logical access control that limits access to specific databases, files, applications, or other computer systems.

Physical access control uses tools like security cards, biometric identification, adaptive algorithms, monitoring, auditing, and reporting. It ensures employees are only able to access physical technology assets as required by their job role or other specified needs.

Logical access control uses approaches like two-factor and multifactor authentication, adaptive algorithms, Single Sign On, the Principle of Least Privilege, Local Directory Access Protocol (LDAP) and Security Assertion Markup Language (SAML). It ensures employees, applications, and other technology are only able to access virtual technology assets as required for creating, managing, viewing, processing, or otherwise interacting with data and software.

There are several types of access control:

  • Mandatory access control (MAC)
  • Discretionary access control (DAC)
  • Role-based access control (RBAC)
  • Rule-based access control
  • Attribute-based access control (ABAC)

These can be deployed in various ways by the security team to provide granular, fine-tuned access.

Access Control Resources from Crossmatch