Allowlisting

An allowlist is a security control that permits only pre-approved entities to access a system or network.

Also known as whitelisting, this approach creates a list of trusted applications, IP addresses, email addresses, or other digital entities that are explicitly permitted to operate or communicate within a given environment.

Allowlisting operates on the principle of "default deny"—everything is blocked unless specifically permitted. This contrasts with blocklisting (blacklisting), which blocks known bad entities but allows everything else through by default. Common implementations include application allowlisting, where only approved software can execute on endpoints, and network allowlisting, where only specified IP addresses can access certain resources.

While allowlisting provides strong security by dramatically reducing the attack surface, it requires careful maintenance and can impact operational flexibility. Organizations must regularly update allowlists to accommodate legitimate new applications, users, or network connections. The approach works best in environments where the set of required applications and connections is relatively stable and well-defined, such as critical infrastructure systems or high-security networks where the priority is preventing unauthorized access rather than maximizing convenience.