Access Control Lists: Your First Line of Defence

One of the fundamental principles of information security, along with integrity and availability
12 July 2024 by
Access Control Lists: Your First Line of Defence
Data Rover, Ltd



Confidentiality is one of the fundamental principles of information security, along with integrity and availability. 

It involves protecting information from being disclosed to unauthorised individuals, ensuring only authorised personnel can access specific data.

Imagine waking up to a headline in the press announcing that your company has been subject to a data breach, exposing confidential information to the world. One of the first lines of defence in the realm of information security is Access Control Lists (ACLs). These tools play a pivotal role in safeguarding data, preventing unauthorised access, and maintaining confidentiality. By applying ACLs to restrict employees' access to files —  by following the “least privilege model” — IT admins can implement measures to maintain the confidentiality of classified information.

Establishing a company-wide data security and management policy is the foundation for your organisation's data. While it may seem that ACLs are an old-fashioned approach to information security, they serve as the front line of defence. 


“INTENDED ACCESS” vs “ACTUAL ACCESS”

It's essential to understand that raw ACLs alone can sometimes create a false sense of security. The key is always to evaluate the Effective Permissions on files and folders. Raw ACLs represent the intended access, but effective permissions reflect actual access. Why is this differentiation so critical?

This is where we begin to understand the complexity. Our directory structure (file system) often involves inheritance, where permissions cascade. A single permission setting might seem straightforward, but when applied within a complex directory structure, it can change significantly based on inheritance rules. Also, Group Memberships must be taken into account: as users join or leave groups, their effective permissions can change (because of ACLs set on groups). A user might have a certain ACL, but if they are removed from a group or added to another group, their permissions must be re-evaluated to ensure they align with current responsibilities. 

Additionally, consider that users usually belong to multiple groups contemporarily and so get the related permission settings. Identities like "Everyone" or "Authenticated Users" must be also considered. Put together can lead to unexpected results!


…AND 

Effective permissions result from combining the raw ACLs with the directory structure and user groups. They are what truly determine who can access what, and are the foundation of our data security strategy. Due to the numerous variables, IT administrators find it challenging, and time-consuming, which easily leads to inadvertently creating security flaws.


Fostering a culture of strong access controls and continuously evaluating effective permissions enhances data security, prevents data leakage or theft, and surely avoids costly reputational damage. No waking up to nasty headlines in the press!



To learn more: cybersecurity

Your data, your success.


Contact Us

Archive