The CIA Triad is a guided policy for organizations to ensure the safety of their information. The most confusing terms in this policy are authentication and authorization.
Authentication is a form of verification that processes a person’s or business’s informationto see if it is correct before it allows access to something. One example of authentication is a social media user trying to log into their accounts. Also, for security purposes, users are suggested to create a 2-factor authentication that forces a user to take additional steps to confirm who they are. In addition, there are other forms of authentication that are not only for accessing data. For instance, Onelogin(2024) states, “There are many forms of authentication. For example, the art world has processes and institutions that confirm a painting or sculpture is the work of a particular artist. Likewise, governments use different authentication techniques to protect their currency from counterfeiting. Typically, authentication protects items of value, and in the information age, it protects systems and data.” (2024, para.3). Therefore, the primary purpose of authentication is to protect data by verifying who or what is trying to access the data.
Authorization is a system created to allow a user only to have a certain amount of access to something. For example, on a Windows computer, the admin can grant a user access to log on and use the computer and limit their access by not allowing them to download any program to it unless they are given permission to do so. In a recent article, AuthO by Okta(2024) gives a great example of authorization, and in their article, they state, “A good example is house ownership.The owner has full access rights to the property (the resource) but can grant other people the right to access it. You say that the owner authorizes people to access it. This simple example allows us to introduce a few concepts in the authorization context.” (Okta 2024, para.3). Therefore, the main purpose of authorization is to control the access that a person or business can have.
In Conclusion, Authentication and Authorization are completely different but are used to ensure the security of data. Authentication is used to verify users, and Authorization is used to grant a level of access to a user. Therefore, in the CIA Triad, these two forms of security are the base of this policy, and they strongly represent the confidentiality and integrity aspects of the policy’s name.
.
REFERENCES OneLogin. (2024). Authentication vs. authorization.
https://www.onelogin.com/learn/authentication-vs-authorization
Autho by Okta. (2024). What is authorization?
Leave a Reply