Category: IT and Software

Governance in IAM

We have seen the importance of Identity and Access Management in the present times in a previous blog. Now, going a step further, how does one verify or ensure the IDs are functioning in the proper manner and no user has access beyond of what is needed by them? With the Covid pandemic triggering a new set of challenges and organizations choosing to allow employees to work from the safety of their homes, beefing up the organization security has taken more precedence than ever before.

With most organizations operating globally across geographies, involving plethora of distributed technologies, applications residing in the cloud and private and public networks, compliance and data security measures become even more important. Any breach as such can have far reaching ramifications from financial, brand and legal perspectives even.

Once an identity is established for an individual, it is modified on an ongoing basis depending on the roles the person undertakes in the organization. Periodic audits are mandatory to ensure that the IDs are functioning in the proper manner. This is where Governance comes into picture.

Identity and Access Governance products are typically deployed on top of IAM systems to enable organizations to define, enforce, review and audit IAM policies, map IAM functions to compliance requirements and audit user access, to support compliance reporting

Governance solutions are designed to link people, applications, data and devices to allow organizations to determine who has access to what, what kind of risk that represents, and take action in situations where policy violations are identified. It provides organizations with better visibility to identities and access privileges, and better controls to detect and prevent inappropriate access.

In addition to providing the guidelines, Governance solutions also impose the monitoring mechanisms required to evaluate the access and usage rights of individual users on an ongoing basis and flag off anomalies.

.

Segregation/Separation of Duties (SoD)–

Rules that prevent risky sets of access from being granted to a person. For example, User should not be granted both Purchase Order and even the Approval role for same.

Access Review (Recertification)-

Streamlines the review and verification of users access to different apps and resources. The reviewer(s) may choose to revoke any access if user no longer needs it.

Analytics and Reporting Tools –

Log activities, generate reports and provide analytics to identify issues and optimize roles if required using Role Mining.

IBM’s Identity Governance and Intelligence (IGI), RSA, Sailpoint, Saviynt are few of the leading Governance tools in the market.

Stay tuned for more. Please do leave comments/suggestions if any.

Database Vs Schema Vs Instance

A common confusion I usually see among beginners is differentiating between a Database, a Database instance and Database schema. Let’s get that cleared, shall we?

What is a Database?

Databases are computer structures that save, organize, protect, and deliver data. Any system that manages databases is called a database management system, or DBM. The database table is where all the data in a database is stored using a model of vertical columns (identifiable by name) and horizontal rows, the cell being the unit where a row and column intersect. A table has a specified number of columns but can have any number of rows.

What is a DB Schema?

Design of a database is called the schema. Schema is of three types: Physical schema, logical schema and view schema.

Physical Schema: The design of a database at physical level, how the data stored in blocks of storage is described at this level.

Logical Schema: Design of database at logical level. Programmers and database administrators work at this level. It is a model that exists on a white board or in a diagramming tool. It is like the architect’s drawings of your database.

View Schema: Design of database at view level is called. This generally describes end user interaction with database systems.

What is a DB instance?

While the database itself includes all the application data and metadata stored in physical files on a server, an instance is a combination of the software and memory used to access that data. An instance can have multiple databases.

A Tasty Analogy

Consider a multi-layer tiffin box as an analogy.

The individual boxes are the tables storing the data which is the food. The stack of the tiffin boxes i.e. a collection of tables forms the database. The tiffin stack, the lids and the supporting rack combined are stored in the tiffin bag which is the Database instance in this analogy. Since the stack of tiffin boxes in the picture is a representation of the DB, the picture itself would be the schema as it tells us the number of tables, the design etc.