Keeping data secure is easy, very easy! Just make sure no one can get to it … no one. Obviously this doesn’t provide much value, so the main challenge becomes, not controlling the data, but ensuring only trustworthy users is given access. Two things precede access: deciding which data is sensitive, and how sensitive, and deciding which users to trust. None of these are trivial, especially the trust part is complex, but they are essential “homework” before you can start extracting value from your data by providing controlled access to it.
Controlled access comprise three main tasks: Identification, Authentication and Authorization. This is obviously a “whitelist” exercise! It is not possible to “blacklist” all the people you do not want to give access to, you have to focus on the specific users to whom you want to provide access. This is one of the reasons normal Firewall's are very poor access security devices. They do not do end-to-end Identification, Authentication and Authorization. They try to make security decisions by analyzing data at a specific point in between. Likewise encryption of data on a connection is merely a way to ensure that only specific people are given access. Encryption without Identification, Authentication and Authorization is meaningless.
Let me try to define these three terms: Identification is about finding out who you are, Authentication is about proving it and Authorization is about what you’re allowed to do – in other words – what data you’re allowed to access. A secure access system must implement all three but at the same time clearly distinguish between them.
When thinking about this, you will quickly realise how fundamental these three tasks really are for implementing security policies. If you don't know who is trying to access what it becomes impossible to implement a meaningful security policy. But finding out Who it is that is trying to do something - remotely - is definitely not trivial! These are the reasons why Identification, Authentication and Authorization are fundamental functionality in any G/On configuration. Go check out our product and technology descriptions to learn how Giritech implements this process of controlled access together with all the other important aspects of the complex task of virtual access.
Add comment