Security frameworks and regulations will inevitably dictate that organizations have the capabilities to deny access from unauthorized users. This facet of cybersecurity is so fundamental to compliance more broadly that it’s essentially impossible to engage in proper security without considering access control.
This article will discuss access controls and authorization as part of a larger approach to Identity and Access Management (IAM).
One of the cornerstones of cybersecurity has been the protection of software. These applications have been installed on local machines or workstations for most of the computing history. Hackers would use different approaches to gain access to these machines using corrupted software or other means.
In modern times, the proliferation of web applications and Software-as-a-Service (SaaS) has opened up many new functions and features for users–and, unfortunately, many new attack surfaces.
In the earliest days of what could be considered cybersecurity, the primary threats were malicious programs that would operate against the wishes of the machine and its operator. These programs, referred to as viruses, served as the progenitors of what we generally refer to in modern parlance as malicious software or “malware.”
Because the long history of malware and anti-malware protection is often the foundation of most compliance frameworks and approaches to cybersecurity, we’re touching on the topic, including what it is and how it has evolved.