Data protection

A closer look at authorization

How do we balance security and privacy? Learn more about authorization.

When Apple and the FBI squared off over the unlocking of a smartphone, ordinary citizens became aware of an issue that those of us in the security industry have been dealing with for a long time. Namely, they began thinking about the balance between security and privacy.

Physical access control, automatic license plate recognition (ALPR), and video surveillance systems help keep our buildings, assets, communities, and people secure. One of the ways they do this is by collecting and storing data relating to users' identities, where people are, where they're going, and what they're doing.

This data is invaluable when it comes to preventing or prosecuting illegal or threatening behavior, but what about the data collected on people just going about their daily lives?  

Collecting data without compromising privacy

Privacy is important. After all, we don't want just anyone to have access to our activities or identifying information. We want to be sure that the data collected about us is secure.

As municipalities, corporations, data centers, and highly regulated institutions like hospitals share video and other data with law enforcement, concerns about the security of our data, particularly as it relates to privacy, are rising.  

And, when it comes to protecting our data, we can't just focus on threats coming from the outside. With the increased integration and collaboration between systems, there are more entities than ever interacting with our security systems and accessing privileged data.

In addition to protecting access through proper authentication mechanisms, we need to ensure that we can control who sees our data and what they can do with it.  

We have already discussed how encryption keeps data from being deciphered by unauthorized entities and how authentication makes sure that everyone accessing the system is who they claim to be.

Now we're going to look at how authorization helps protect privacy by clearly defining how authorized personnel is given access to specific data and whether they can modify that data or system behavior.  

What is authorization?

Authorization is the function that enables security system administrators to specify user (operator) access rights and privileges. Specifically, administrators restrict the scope of activity by:

• Giving access rights to groups or individuals for resources, data, or applications

• Defining what users can do with these resources.

When it comes to video footage, the ability to restrict activity and access is extremely important. Access to recorded or streamed video must be highly secure and protected to ensure privacy.  

Authorization within security systems

To protect the data in a security system, administrators should be able to, among other things, implement detailed user access privileges, select the information that can be shared internally with partners and authorities, and control how long data is kept. Logical partitions and privileges are just two mechanisms that make this possible.  

Configuring logical partitions

By configuring logical partitions, administrators determine whether one or more users can actually view specific data like recorded video. If the user is not granted access to a partition, he or she will not be able to view archived video located within that partition.  

Defining user privileges

The next step is to define a user's privileges.  For example, although a user can view archived video, his or her privileges will determine whether he or she can export, modify, or delete that video. This ensures that recordings can only be managed by those investigators with sufficient access rights. This mitigates the risk of evidence being sent to unauthorized parties.   

To further eliminate human error, organizations can use an identity provider, like Microsoft Active Directory, to automatically add and remove security user accounts, grant access rights, or remove users when they are no longer working with the organization.

When administrators manage what their personnel can see and do, they are ensuring the security of the data transmitted and stored within their security system. This not only increases the security of the system as a whole, but it also enhances the security of other systems connected to it.

To sum up what we know about the security of our security, read the last post of our blog series on the topic.

 

Want to learn more about how our solutions help you boost privacy protection?

Share

Related content

Protecting the Everyday with BlackBerry

Learn how using BlackBerry's CylancePROTECT as a core component of Genetec Streamvault has paid off for our customers.

Strengthening cybersecurity with Genetec experts on your side
Strengthening cybersecurity with Genetec experts on your side
Keep your physical security systems and data private by building a comprehensive privacy protection strategy.
Building an effective data protection and privacy strategy

Want to build an effective data protection and privacy strategy but not sure where to begin? Keep reading for a full breakdown.