What is System Access Control?
System access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization.
There are two types of system access control: physical and logical. Physical access control limits access to campuses, buildings, rooms and physical IT assets. Logical access control limits connections to computer networks, system files and data.
How is access to IT systems and data controlled?
Over time the ways in which IT systems can be accessed has grown, and the job of securing those system and their data has become increasingly more complex. High-profile breaches have spawned a host of compliance regulations that further expanded the ways – and thus the complexities - in which organizations needed to secure their systems and protect sensitive data.
Access control systems perform identification authentication and authorization of users and entities by:
- Strengthening logon security through multi-factor authentication
- Restricting user privilege through elevated authority management solutions
- Granting requests for access to systems and data based on the identity of the user and the context of the request.
A complete system access control solution requires a layered defense to protect access control systems.
How is system access control performed?
System access control solutions determine how users are allowed to interact with specific systems and resources. A robust system access control regime gives an organization the ability to manage, restrict, and monitor user activity while protecting sensitive systems and data.
A robust system access control solution will intercept every request for access through network protocols, open source database protocols, communications ports, SQL statement, command lines and more, determine whether to grant or deny the request based on precise rules, and log both accepted and rejected access attempts.