Access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization. Access control can be divided into two types: physical and logical. Physical access control limits access to campuses, buildings, rooms, and physical IT assets, while logical access control limits connections to computer networks, system files, and data.
Access control policies rely heavily on techniques like authentication and authorization, which allow organizations to explicitly verify both that users are who they say they are and that these users are granted the appropriate level of access based on context such as device, location, role, and much more. Access control identifies users by verifying various login credentials, which can include usernames and passwords, PINs, biometric scans, and security tokens. Once a user is authenticated, access control then authorizes the appropriate level of access and allowed actions associated with that user’s credentials and IP address.
Access control is a data security process that enables organizations to manage who is authorized to access corporate data and resources. Secure access control uses policies that verify users are who they claim to be and ensures appropriate control access levels are granted to users. The process is critical to helping organizations avoid data breaches and fighting attack vectors, such as a buffer overflow attack, KRACK attack, on-path attack, or phishing attack. Access control is managed through several components, including authentication, authorization, and auditing.