Home | Resources | Glossary

Application Security

Term Definition
Application security is the process of protecting information applications and its data from unauthorized accidental or intentional modification, destruction or disclosure. The protection includes the confidentially, integrity and availability of these applications and its data.

Application security has become a major concern in recent years. Unscrupulous computer hackers continue to develop new techniques to disable application and administer malicious activities, which are specifically aimed at a particular software application. In the past, developers focused on functionality and features and implemented security controls at the end of the development cycle. This exposed applications to undetected threat vulnerabilities, which enabled them to be attacked and damaged.

Organizations may restrict access to applications to prevent unauthorized data exposure. Application level security relies on the principle of least privilege. The three most common scenarios for enacting application level security, which satisfy this principle are:

Restricted Users - End-users are not entitled to local administrator or even power user status. However, there is a need to allow them to run a particular set of applications that require local administrator permissions, as well as to manage their own physical printer, screen resolution and other selected computer settings.

Protected Administrators - Administrators are entitled to run processes that require local administrative permissions in order to accomplish their authorized administrative functions. However, the level of permission required varies by application/task. Cautious administrators have a second restricted user account for carrying out tasks that do not require administrative access, such as browsing the web or checking email.

Need to Know - It is common for users to be authorized to access protected data/resources only in certain authorized circumstances. Computers do not provide this capability in the native security model. Access control to resources is based solely on user identity, not context. Many organizations have a need to restrict resource access based on the application performing the access, so that the application effectively acts as a security proxy to the data – preventing unauthorized data exposure on local systems.

Area of Application
Data Security

 

  

 

Project Portfolio Management | Timesheet.com | Timesheet Software | Time Tracking | Timesheet Management | Online Project Management
Time Billing | Time and Billing | Time Tracking Software for Microsoft Project | Time and Expense | Time Tracking Software
Employee Time Tracking Software | Online Timesheets | Time Clock Software | Web Timesheets | Professional Services Automation Software
Enterprise Project Management | Web Based Project Management Software | Workforce Management Software
Six Sigma Project Tracking Software | Project Workforce Blog | Project Management Tools | Project Management Software
Enterprise Project Management Software | Project Tracking Software | Purchasing

© 2008 Tenrox. All rights reserved. Terms of Use | Privacy Statement | Site Map