Controlled Access to Confidential Data

Access to confidential data is a complicated issue. The methods that a company employs to protect its sensitive data could be different and change as regulations evolve or new business practices emerge. To be in control, companies should employ a central system which allows administrators to create guidelines based on what data is used for what purpose. Then, those policies have to be applied across all consumption options and platforms (such as internal and external data).

Mandatory access control is one method to achieve this. By defining what data each team requires to complete their work, and granting access based on this, DAC eliminates many security risks by ensuring that employees only have the privileges required for their job. However it can be challenging to maintain DAC because the process involves granting permissions by hand and keeping track of what permissions have been granted to whom.

Another approach is to limit access to data by using the model of access control based on role. It is simple for administrators to develop policies that give access to users based on roles within an organization, and not individual user accounts. This is less prone to errors and permits an more detailed model of “least privilege” which allows only the most basic level of access is given to users with an emphasis on their need for knowledge.

The best method for ensuring that sensitive information is protected is to regularly review and update both the policies and the technology in place to limit access to data. This requires collaboration between legal teams, the data platform team that handles and applies those policies and the business team who write them.

Leave a Reply

Your email address will not be published. Required fields are marked *