Access control has many dimensions

摘要

Over the course of the year we have visited several aspects of access control. This month we will look into three more. Identity management (IM) and network access control (NAC) are fairly obvious, while data leakage prevention (DLP) is, perhaps, not. NAC is a no-brainer. The purpose of network access control is exactly what it sounds like. Identity management is a sort of "back office" control that sets the stage for active access control based on the identity management policies and work flows that IM products established. But what about DLP? Arguably, DLP prevents access to sensitive information by preventing it from leaving the network and falling into unauthorized hands. When I think of DLP, I think of access control in terms of unauthorized access prevention. The whole idea is to prevent unauthorized transfer of data, particularly out of the network.