Identity Management: Security in Complex, and High Volume Environments - Part 2

Dear Readers,

My name is Franz Devantier, creator of this blog.  I am an Oracle Certified Professional (OCP DBA 11g) Security DBA.  I will be sharing with you the basic duties of an Oracle DBA, and also some of the undocumented, and not so well known tasks. 

Identity Management: Security in Complex, and High Volume Environments -  Part 2

In addition to the general security issues already discussed, the sheer high volumes of users, and the amount of activities that require a security focus, may add additional magnitudes of complexity to the security configuration.  As a result the efficiency of the organization could start to decline, with attendant problems.

To give an indication of the problem:  Let’s say there are 12 users accessing 4 databases.  This means that the potential access that needs to be managed could potentially be 48 different access requests, which is not too difficult yet.  However what if the number of databases were to grow to 25 over a period of time, and the number of users were to grow to 750.  Now the potential interactions has grown to 18750 different connections that need to be managed.  Different users or groups of users may need different treatment, when they log into the system.  To further complicate this, you may find that there are multiple applications involved, on multiple networks.

Now you see an environment that has too much happening on it, to control properly.  The speed at which access must be granted or revoked is faster than can be easily managed.  As a result things start to slow down.  It may take days to get access, and worse than that, the wrong type of access may be granted, or access revoked instead of granted.  Access may even be granted when it should have been denied.  This translates to serious problems with the security management.

When a user has more than one account, and access to more than one application, and then  leaves the company, will his access be properly removed, or will it be only partially removed, if at all.  Into this scenario we can introduce the concept of an intelligent central repository, that has the power to efficiently control all of the above mentioned issues.  The access control management can be exercised efficiently from one place, and be populated to wherever in the system it is needed.  In order to get such an intelligent repository to work, all of the system, database, and application connections would need to be able to rely on such a central repository. 

This concept describes what we could call an identity management system.  If you were to implement such a centralized identity management system in order to easily manage an otherwise complex and potentially unmanageable environment, then the configuration should have certain properties.

Franz Devantier,

Need a database health check, or a security audit?

devantierf@gmail.com

Income stabilizer (win-win opportunity)

Join the carefully selected and tested cash-flow generating program below to potentially create a long-term residual or annuity type income enhancer for yourself.

Traffic Wave - Free Report:  The report will give you all the information you need to start making a nice long-term residual income stream for yourself.