A closer look at authorization

How can you balance privacy and security? One answer: Authorization

"People often approach security and privacy in a zero-sum manner. You can only have a positive gain in one area, always at the loss of the other. This either-or, win-lose, zero-sum model is so dated. Throw it out the window. Yes, the term privacy assumes a much broader set of protections than security alone. But if you don't have a strong foundation of security from end to end with full lifecycle protection in this day and age of daily hacks, you're not going to have any privacy.”

Dr. Ann Cavoukian, Executive Director at Global Privacy & Security by Design Centre

EBOOK

How to secure your people, assets, and data without compromising privacy

Why authorization matters when collecting and keeping data safe

Privacy is essential. We want to ensure that data collected about us remains secure and is only accessible to authorized personnel. As municipalities, corporations, data centers, and highly regulated institutions like hospitals share video and other data with law enforcement, the need to safeguard privacy becomes even more critical.

Beyond external threats, the increased integration between systems means that more entities than ever interact with our security infrastructure. This underscores the importance of both authentication and authorization mechanisms to control data access and usage.

What is authorization?

Authorization in security systems refers to the process of granting users specific access rights and privileges. It defines what users can see and do within a system.

Administrators control access by:

Granting permissions to specific users or groups for resources, data, or applications.
Defining the actions users can perform with these resources (e.g., view, modify, delete).

When it comes to video surveillance, controlling access to live and recorded footage is paramount. Implementing robust authorization measures helps ensure sensitive data remains secure and is only accessible to those with the appropriate permissions.

Authorization within physical security systems

To protect sensitive data, security system administrators should implement detailed user access privileges, manage data-sharing policies, and control data retention. Key mechanisms include:

Logical partitions: Restricting user access to specific data sets.
Granular user privileges: Defining what each user can do with the data they access.

Effective authorization safeguards not only the primary system but also other connected systems, enhancing overall data security.

What’s the difference between authentication and authorization?

Authentication verifies the identity of a user or entity. Authorization determines what data or system functions that an authenticated user can access.

In short:

Authentication: Confirms who you are.
Authorization: Determines what you can do.

Authorization relies on proper authentication processes to ensure that only verified users gain access to sensitive data. Authorization also plays a central role in the principle of least privilege. Multiple forms of authorization, authentication and other security tools can help limit user access to only the specific data and resources they need to do their jobs.

3 ways to ensure proper authorization

Configure logical partitions

Some physical security systems allow administrators to restrict data access using logical partitions. This ensures that users without access to a specific partition cannot view the archived video or other sensitive data stored within it.

Define user privileges

Administrators should clearly define user privileges to limit what each individual can do with the data they access. For example, a user may be able to view video footage but not export, modify, or delete it.

This granular control reduces the risk of sensitive information being shared with unauthorized parties and ensures the integrity of the data.

Consider a managed system

Organizations can streamline authorization processes by using an identity provider. Though it may seem like using an external identity provider relates more to authentication, it also benefits authorization. That’s because this approach automates tasks such as:

Adding and removing user accounts
Granting and revoking access rights
Ensuring only active personnel retain access to sensitive systems

Ultimately, having greater automation helps to scale authorization processes and reduces mistakes.

Frequently Asked Questions (FAQ)

What is the purpose of authorization in security systems?

Authorization controls who can access specific resources and defines what actions they can perform. This prevents unauthorized users from viewing, modifying, or sharing sensitive data.

How does authorization differ from authentication?

Authentication verifies a user's identity, while authorization determines their access level and permissions within a system.

Why is authorization important for video surveillance systems?

It ensures that only authorized personnel can access, view, or manipulate sensitive video data, protecting privacy and maintaining data integrity.

What are logical partitions, and how do they enhance security?

Logical partitions segment data, limiting user access to specific areas. This prevents unauthorized viewing or editing of sensitive information.

How can organizations automate access management?

Using identity providers like Microsoft Active Directory helps automate the creation, management, and removal of user accounts, reducing human error and improving security.