News, insights and resources for data protection, privacy and cyber security leaders

Conventional Access Control Death and the Birth of Attribute Based Access Control

A New Global Era for Data Privacy

The question about what exactly defines cyber security is an important one, and one that many employees do not properly understand. This misunderstanding of the nature of just how important security is in the age of the Internet of Things (IoT) is an enormous liability for companies in the 21st century. And today’s conventional access control used to protect personal data may not be up to the challenge.

When we are talking about privacy, it is important to know that the three core security pillars are confidentiality, integrity, and availability. When we are talking about privacy, we are talking about making sure that you have the right measures to ensure privacy and to keep your data confidential, integral, and available at all times.

The challenge for the business owner is enormous. How exactly do you ensure the privacy of information related to your customers? In fact, if there is a mantra for the 21st century it might very well be ‘confidentiality is king.’

Your employee might leave one week after being hired with all the company’s confidential documents on his USB key – all because the business doesn’t have policies to enforce security. Putting in place a policy that will deny access on USB keys to the company’s data will allow it to keep the information safe on the network.

The control of access is the primary business challenge.

 

Access Control is Pivotal

The world has changed. A tsunami of technologies has arrived. Devices and data now permeate our business environment. Access is ever easier and the Cloud is part of our corporate lives. The way that people exchange data is going to become ever more seamless. Companies need to focus on how they control access to information across numerous devices.

That means that when an organisation sets access controls in place, the whole IoT environment should be taken into account. Questions such as where the person is accessing data from and how the person is accessing that data are incredibly important. In this environment scalability becomes an enormous challenge – as the number of devices increases so do the potential problems.

Control of access to data starts with a simple concept – organisations need to know the identity of each person who requests access – and they need to authenticate that identity and have a level of comfort that the person actually has the right to access that data. Approaches can vary from biometric controls and passwords.

The company is also faced with the issue of granularity – just how detailed do policies have to be?

Magda Chelly

Managing Director at Responsible Cyber
Magda Lilia Chelly, Managing Director by day, and cyber feminist hacker by night, CISO Advisor, Peerlyst Brand Ambassador | TOP 50 Cyber Influencer | @Responsible Cyber

Latest posts by Magda Chelly

Leave A Reply

Your email address will not be published.

Subscribe and Get 50% Off 6-Hour Workshop Video

PIAs and the ISACA Privacy Principles: Effective Tools to Identify and Mitigate Security and Privacy Risks

Thanks for subscribing!

Pin It on Pinterest

Share This