Need-to-know is a security approach that requires a person to not only have the proper authority to access resources, but also a valid need to do so. For example, it is not enough to be given authority to read customer files – your role in the company must also require it. This provides an extra layer of security to keep information out of the wrong hands.
