Authorization, Authentication, and Access Control
Authorization: I am an employee of Citi Bank, which means that I am allowed access to the bank’s facilities.
Authentication: I am an employee of Citi Bank and this is my Staff Identification that allows me entry into the company facilities.
Access Control: As an employee of Citi Bank, I am allowed or restricted to access specific areas of the company based on my position or duties. For example, I am employed at Citi Bank as a Sales Manager. While I have my employee ID that allows me access to the company facilities, I will obviously be denied access to the Bank’s Server room, because I am restricted access to that area.
Relationship: Authentication is a verification procedure that ensures that a user or person has specified credentials that help the user/person identify themselves or prove who they are. Once the credentials are valid, it leads to authorization, which means the user will have access to the resources or places by verifying those access rights. Both authentication and authorization act as access controls for either denying or granting specific permissions to an illegal or rightful user (Net Informations, n.d.). If the user’s credentials are validated, permission is granted, otherwise access is denied.
Importance of Authorization, Authentication, and Access Control to Citi’s Security
Authorization, authentication and access control are key ingredients necessary for achieving security at Citi Bank. Through the bank’s authorization policy, guidelines are set out on what a user’s identify permit them to do. A bank’s customer can create a username in order to log into the bank’s Online Service or Website, but the bank’s authorization policy will ensure the same user is allowed access to their online bank account only upon their identity being verified. Authentication can take the form of Single Sign On, Multifactor Authentication, or Consumer Identity Access Management (Gebel, 2018).
In respect to access controls, the bank’s authorization policy ought to define what a single user or group of users may access, this is known as privileges or permissions, which helps to protect information against unauthorized access, as well as protecting systems from misuse and abuse. For example, the bank stores customer information like names, addresses, telephone numbers, bank accounts, credit card and social security information. This information cannot be accessed by anyone in the bank. So the authorization and access controls will be restrictive in the following ways:
The Bank’s Database Administrators can have full access by performing actions like creating, modifying and deleting customer records based on their privileges. However, the accounting staff of the bank can only read any field of customer records like names, bank accounts, credit card information, but they cannot create, modify, or delete any records. Therefore, full access to the records is allowed, but they are denied modification or deleting privileges. On the other hand the marketing staff can only read restricted data of the customers and fields like credit card and social security information can be hidden from them (Piscitello, 2016).
Conversely, the bank achieves a greater leverage of security by implementing authorization, authentication, and access controls by granting different users privileges that are relevant to enable them perform their assigned duties, which is known as Role Based Access Control. By implementing all these methods, it helps the bank to monitor the activities of the employees because the systems have an audit trail that helps track all actions performed. By so doing, the systems, resources, data, and assets are adequately protected and secured.
Gebel, G. (2018). Why you need both authorization and authentication. Available at: https://www.csoonline.com/article/3269302/authentication/why-you-need-both-authorization-and-authentication.html
Net Informations (n.d.). Difference between Authentication and Authorization. Available at: http://net-informations.com/faq/asp/authentication.htm
Piscitello, D. (2016). Access Controls, User Permissions and Privileges. Available at: https://www.icann.org/news/blog/access-controls-user-permissions-and-privileges
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more