Risk-based access control definition
Risk-based access control is a type of access control that uses dynamic risk assessment to calculate the risk of certain transactions. Companies and individuals can implement risk-based access control in two ways – basic and strong risk-access control.
If a company is using basic risk-based access control, it will allow its employees or users to log into its network to get general access. After gaining general access, users and employees can then log into other resources that are considered riskier. So, a user will need to log in every time they want to access different systems, networks, or other resources.
Strong risk-based access control uses even more parameters to allow access, including user roles, the type and owner of the used device, the time when a certain resource is accessed, what a user is accessing, and what the user is doing with the data they get.
See also: unauthorized access, broken access control
Risk-based access control challenges
- Risk of someone stealing an authorized user’s credentials and using them to get access to a network or system.
- Risk of users or employees stealing data directly from the internal network without raising any security alerts.
- Using smartphones to log into networks or systems can be easily hacked and compromised.