Security management for the multi-tier IT infrastructure of today's enterprise
Scope
This page discusses the need for security management as a component of an enterprise's user management facilities. Security management is essential for the efficient implementation of user management and access control. It includes the facility of password synchronization as an alternative to single sign on (also found as single sign-on and single signon in the literature) when used for managing the security of one of more enterprise business applications in the large, multi-user IT service supported by a Unix and Windows infrastructure.
The problems of security management
Organizations rely upon their workforces interacting with computers. The proportion of the workforce having access to business critical software continues to increase as does the number of applications to which those users must have access.
In the past, a user may have required access to only one application residing on a single system. Now, a user may have to be registered (with a user name and password) on a number of different servers, different operating system types, various databases and multiple business applications. Registration of each user with each facility is needed to control and prevent unauthorized access.
The problem is made worse by staff moving within the organization, demanding the modification of security rights and the creation of new ones. Factors such as the global distribution of systems, the disabling (closing) of accounts for those leaving the organization and the everyday management of forgotten passwords, temporary staff, new applications and new systems, and the problem is evident.
Applications consist of several layers - for example an ERP package may require access to a UNIX database server, Windows application servers, an ORACLE database and the ERP package itself. The service is operational only when every layer is available to users and functioning correctly. A fault in any layer results the unavailability of the entire service. Ensuring a user population has reliable and continuous access to applications and their supporting operating systems is therefore vital.
Security considerations
So, the problem remains of preventing registered users from accessing facilities to which they have no right, and of preventing any access by non-registered users including those from outside the enterprise.
Most security problems are caused by staff rather than those outside the organization, so this must be addressed first. The ideal solution is a single package which supports the administration of both the user population, in particular their user names and passwords, and their security profiles at the same time.
From time to time, operating systems and applications will enforce password changes; passwords may also be forgotten. On each of these occasions, users must remember many different passwords and associated login-names.
It would be much better if each user could maintain a single password for use across all the facilities to which she/he needs access. Password synchronization is a "must have" for the modern, complex environment, and is the pragmatic alternative to the ideal of a single sign on.
In addition to the large community of application users, the smaller class of privileged users (commonly system administrators) present their own problems for which effective security management can be the solution. They frequently have unrestricted access to resources and data and, yet more problematic, their activities are neither monitored nor recorded for possible auditing. OSM supplies software products which close this gap. See www.cosduty.com.