The management of access to confidential information is a major concern for most organizations. Sensitive data is often closely linked to trust from address customers and this makes it more vital to guard against misuse. Data that can be used to identify individuals should be governed by guidelines to prevent identity fraud, the compromise of systems or accounts, and other grave consequences. To avoid these risks and reduce the potential for harm that data is sensitive, access should be restricted according to the role of the person who is authorized.
There are many different models that allow access to sensitive information. The simplest model, a discretionary access control (DAC) permits the administrator or the owner to select who can access files and the actions they can take. This model is default in Windows, macOS and UNIX filesystems.
A more secure, robust approach is role-based access control (RBAC). This model is a way to align privileges with a person’s specific job requirements. It also enacts essential security principles, including separation of privilege as well as the principle of the least privilege.
Access control fine-grained to the point that goes beyond RBAC, allowing administrators the ability to assign permissions according to an individual’s identity. It works by combining something you are familiar with, such as an account number or password; something you have such as an access card, keys, or devices that generate codes and something you are, such as a fingerprint, iris scan or voice print. This provides greater granularity in the control of your information and eliminates the majority of issues associated with authorization, including unmonitored access by former employees and access to sensitive information through third-party apps.