What is access control? Access control is a fundamental component of data security that dictates who’s allowed to access and use company information and resources. Through authentication and authorization, access control policies make sure users are who they say they are and that they have appropriate access to company data. Access control can also be applied to limit physical access to campuses, buildings, rooms, and data centers.
How does access control work? Access control identifies users by verifying various login credentials, which can include user names and passwords, PINs, biometric scans, and security tokens. Many access control systems also include multifactor authentication, a method that requires multiple authentication methods to verify a user’s identity. Once a user is authenticated, access control then authorizes the appropriate level of access and allowed actions associated with that user’s credentials and IP address.
Why is access control important? Access control keeps confidential information, including customer data, personally identifiable information, and intellectual property, from falling into the wrong hands. Without a robust access control policy, organizations risk data leakage from both internal and external sources. It’s particularly important for organizations with hybrid, multi-cloud cloud environments, where resources, apps, and data reside both on premises and in the cloud. Access control can provide these environments with more robust access security beyond single sign-on (SSO).