Dear Readers,
My name is Franz Devantier, creator of this blog. I am an Oracle Certified
Professional (OCP DBA 11g) Security DBA.
I will be sharing with you the basic duties of an Oracle DBA, and also
some of the undocumented, and not so well known tasks.
Identity
Management: Security in Complex, and High Volume Environments -
Part 2
In addition to the general
security issues already discussed, the sheer high volumes of users, and the
amount of activities that require a security focus, may add additional
magnitudes of complexity to the security configuration. As a result the efficiency of the
organization could start to decline, with attendant problems.
To give an indication of the
problem: Let’s say there are 12 users
accessing 4 databases. This means that
the potential access that needs to be managed could potentially be 48 different
access requests, which is not too difficult yet. However what if the number of databases were
to grow to 25 over a period of time, and the number of users were to grow to
750. Now the potential interactions has
grown to 18750 different connections that need to be managed. Different users or groups of users may need
different treatment, when they log into the system. To further complicate this, you may find that
there are multiple applications involved, on multiple networks.
Now you see an environment that
has too much happening on it, to control properly. The speed at which access must be granted or
revoked is faster than can be easily managed.
As a result things start to slow down.
It may take days to get access, and worse than that, the wrong type of
access may be granted, or access revoked instead of granted. Access may even be granted when it should
have been denied. This translates to
serious problems with the security management.
When a user has more than one
account, and access to more than one application, and then leaves the company, will his access be properly
removed, or will it be only partially removed, if at all. Into this scenario we can introduce the
concept of an intelligent central repository, that has the power to efficiently
control all of the above mentioned issues.
The access control management can be exercised efficiently from one
place, and be populated to wherever in the system it is needed. In order to get such an intelligent
repository to work, all of the system, database, and application connections
would need to be able to rely on such a central repository.
This concept describes what we
could call an identity management system.
If you were to implement such a centralized identity management system
in order to easily manage an otherwise complex and potentially unmanageable
environment, then the configuration should have certain properties.
Franz Devantier,
Need a database health check, or a security audit?
devantierf@gmail.com
Income stabilizer (win-win opportunity)
Join the carefully selected and tested cash-flow generating
program below to potentially create a long-term residual or annuity type income
enhancer for yourself.
Traffic Wave - Free Report: The report will
give you all the information you need to start making a nice long-term residual
income stream for yourself.
|
No comments:
Post a Comment