Identity & Access Management for Work From Home
Access controls are often regarded as the first line of defense in safeguarding assets. They govern how subjects access objects, and their primary purpose is to protect the assets from unauthorized access. Access control models are frameworks that use access restrictions to implement the model's rules and goals.
Access control models (Harris & Maymi, 2021, p. 776)
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
Rule-Based Access Control (RB-RBAC)
Attribute-Based Access Control (ABAC)
Risk-Based Access Control (Risk BAC)
Why access control is needed (Piras, 2021)
Access control systems defend against data theft, cyberattacks, and privacy breaches.
Access control can restrict who or what can see or use a specific document, asset, or resource.
The primary objective of an access control system is to offer a degree of security that reduces business risk.
Frustrations employees may feel with access control while remote working
Employees will have access to fewer organizational assets compared to working at the office
Having lesser amounts of access to assets will inevitably slow down work
Employee requests for more access will require more scrutiny
Why turning off access control while remote working is not an acceptable risk
Remote work is insecure by nature, so taking extra precautions to restrict access is the only way to reasonable secure organizational assets from threat actors
Without access control, the organization's assets are reachable by the entire internet
Access control is the primary way to ensure only authorized people can access objects; there are no alternatives that provide similar protection
Potential for insider threats (Cyolo, 2022)
Maintaining the same level of cybersecurity for remote workers is much more complex than for office workers
Unsecured personal devices are more likely to enable security breaches
Remote workers do not have the protection of the organization's firewall, data loss prevention (DLP), and security information and event manager (SIEM)
Cyolo. (2022, April 4). Why remote work increases the risk of insider threats. https://cyolo.io/blog/why-remote-work-increases-the-risk-of-insider-threats/
Harris, S., & Maymi, F. (2021). CISSP all-in-One exam guide (9th ed.). McGraw-Hill Education.
Piras, M. (2021, October 15). What is an access control system, and why do you need it? Nira. https://nira.com/what-is-access-control