What is Access Control?
Access control is defined as a mechanism or security method
to control and regulate the access of work, data and grants permission for
accessing and using resources in technological environment. Generally in the
environment of working on a database, a user is requested to enter his login
credentials to a system and go through the authentication process to verify the
user authenticity. After the authentication process, access control security
system executes and it matches the user login id with the database of access control
to keep a check on the user operations and refrain the user from accessing the
services which are locked for the user credentials. Access control can also be defined as a way to restrict access by
the means of virtual and physical way to a system. In language of computers,
access control is a mechanism by which either users are restricted or granted
permission for the access of information and resources.
How access control function?
Access control is the passage through which
information flows between a subject and an object. A subject is classified as
an active unit that seek permission for accessing the data within the object
such as a process or user defined programs. An object is classified as a
passive unit that holds the required resources and information such as a
program, file, computer or a database.
Importance of access control
The importance and benefits
of access control are in both physical and logical form. For example the proximity cards and proximity key fobs
provides access control in a convenient physical form of small size devices.
Access control protect systems from unauthorized users and hackers attack. It
restrict and monitor the administrator usage. It protects the system by
suspending the account due to several unsuccessful login attempts. It deletes
the user accounts which are obsolete and non-functional as the user left the
organization. Access control system impose authoritarian access rules. It disables the usage of
unwanted services, ports and features. It sets up rules for setting the desired
password such as content, password active duration, length, storage, etc. for
security purpose and also implements rotation of passwords. Access control
mechanism create audit logs and also conducts periodical auditing of work and
generate required reports.
Challenges using access control
However despite various
benefits from access control, it is also subjected to a lot of challenges. Few
of the challenges are that varied levels of access are required by multiple
users such as internal and external users, partners, contractors etc.
Information usage has also different classification such as public, private,
confidential, for external use, for internal use, etc. and thus accordingly
access control mechanism has to be designed and executed. Varied identification
data has to be stored for multiple users and that include login credentials,
personal information, passwords, contact and email information, digital
certificates and signatures, data related to their work, etc. Moreover access
control mechanism also seek challenges from the dynamic corporate environment
and needs to be continuously updated for meeting business requirements,
updating employee count and information, meeting information access needs, etc.
