Decoding Authorization and Authentication

As more products and services move to the cloud, the question of security and its intricacies surface. Consider authorization and authentication. They sound similar, but are completely different.

Authentication answers the question: 'Who is allowed?' Authorization answers: 'What is that person allowed to do?' So, why are these important to security?

When something of value (i.e. a payroll product linked to employee information) is being passed through the internet, the people involved want to know who is involved and whether that person or persons have the authority to access something. In the B2B world, authentication and authorization are used to secure transactions between the companies. In-person deals are authenticated and authorized through IDs and paperwork. On the internet, companies use passwords, logins, and other biometrics to ensure the correct parties are authorized and authenticated to finish deals. Sometimes, a person can be authenticated and authorized to do something. Other times, one person may be authenticated but not authorized. It depends on the company and situation.

Here are some examples to better understand authentication and authorization.

1. Authorization: I have Word on my computer, so I can access it with no problem.

Authentication: I need Excel, but I do not have administrator privileges to download it to my computer. I need someone who is authenticated to do so.

2. Authorization: I work for Company Incorporated. I have an access card.

Authentication: I need to get to work early for Company Incorporated. The building doesn’t open until 6:30 a.m. but my access card lets me in before this time.

1. Authorization: I am the payroll manager of Company Incorporated and I have the login in to my company’s Payroll Point web services.

Authentication: Because I am the payroll manager of Company Incorporated, and I have the log in to my company’s Payroll Point web services, I can run a new employee’s home and work address to get the correct tax rates.

Without authorization and authentication, virtually no huge transactions over the internet would take place, because companies would fear loose security. More deals are shifting to the internet as technology continues to expand, solidifying the importance of authorization and authentication.