6 Things You Need to Know About Cloud Access Control
Access control is a broad technique that determines who has access to a system, an application, or other bounded area. An MP would check your ID if you drove onto a military base. This is done in order to verify your authorization to be on the premises. This is a form access control.
Another example is when a password is entered into a computer. This is also a form access control. Access control is the ability to determine who has permission to access resources, write resources to resources, and consume resources. Access control is, in general, the foundation of any system that is considered secure.
It is important to be familiar with all access control methods if you are preparing for any security or cloud certification. Let’s now look at six types of access control that can be used to gain access to a cloud system. We will start with Role Based Administration.
What is Role-Based Administration?
Role-based administration refers to the assignment of specific roles to users. These roles control which resources they have access to. Role-based administration follows the principle of least-privileged acces by limiting privileges to those who have been assigned specific roles. In other words, people without roles are denied access. Let’s look at some examples of role-based administrative.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Training beginsA recent hire of a software developer means that the company has given him the role of software developer. This grants him access to BitBucket and GitHub. He can also download the IntelliJ IDE. He is not permitted to access the production environment, CRM software or any other information not specifically assigned to him.
Let’s say that the same company hires a new lawyer. She has access the network attached storage (NAS), which contains all records and software necessary for legal work. She has no access to the software developer’s files and vice versa. Let’s now take a look at mandatory access controls, which is the next access control method.
What are mandatory access controls?
Mandatory access controls (MACs) don’t focus on roles. Access is determined by the level of authorization. This type of access control is managed at the operating system level and assigned by one security administrator. MAC is often equated to military classification levels. Let’s look at an example.
Let’s suppose 100 software developers were working on a top-secret application. It is so secret that they don’t know the entire objective. This is commonly referred to as SCI or sensitive compartmentalized info.
Because they have top-secret clearance, some developers can read, write, or execute programs in a given directory. Secret clearance holders can only execute programs to complete a related task. While each team may not know exactly what the other is doing, they are all working towards the same goal.
All have access to the same system. However, resource access is determined based on their level of clearance and not by a role. It’s worth discussing the different ways discretionary access controls work.
What are discretionary access controls?
Discretionary Access Control (DAC) is the other half of the coin. DAC is still managed at the operating system level. However, access control is determined based on the current user logged in. Discretionary Access Control is the most familiar of all access control methods. Let’s look at a common example.
Imagine that you created a spreadsheet to track your team’s budget. You and four of your co-workers are the only ones who can edit it. To make sure that you and your co-workers are the only ones with access to it, we have added five more.