Authentication vs. Access Controls vs. Authorization

Authentication vs. Access Controls vs. Authorization

An excerpt from “Authentication vs. Access Controls vs. Authorization”

Blog – December 7, 2019 – CloudKnox team

 

Understanding identity security:  In the past, access control has largely been synonymous with authorization. However, the highly automated and dynamic nature of cloud infrastructure demands that we reexamine these concepts by deconstructing their true differences as follows:

Authentication
Authentication is the first step of the process. Its aim is simple – to make sure the identity is who they say they are. We run into it daily both in digital (username/password) and analog forms (ID/passport).

Access Control
Access control is the addition of extra authentication steps to further protect important segments. Once the identity proves they are who they say they are, access is granted. With access comes the authority to perform actions on whatever it is the identity has access to.

Authorization
Authorization defines the set of actions that the identity can perform after gaining access to a specific part of the infrastructure, protecting from threats that access controls alone are ineffective against.

An Analogy
Let’s step away from definitions and jargon for a minute and explore the important distinctions through a ‘case study.’

Imagine the common thriller plot we’ve all seen before:

Read More:   CK_Blog_AAA

CloudKnox is a trusted partner company of TCGi.  CloudKnox Security is the only Cloud Security Platform built from the ground up for Identity Authorization Administration across hybrid cloud environments.