I have too many databases. My DBA's spend 80% of their time managing the consistency of data access and privileges for all users. (CTO)

Use Cases & Pain Points Addressed

This tool solves the following pain points, or greatly reduces their impact:

Large organizations must secure and organize/control access to their data, by means of a defined data ownership structure and data access approval processes, then by effectively fulfilling the requests and applying those controls. The more complex the organization and the more data is distributed in multiple systems, the more this information becomes extremely tedious and complex to assess or compile.

Eventually, this tool controls and report at all times any decision about data access: who does what, why, when, how, for how long – e.g. through what application, for what purpose, and by whose authorization (See also GDPR, DSGVO, SOX, GLBA, PCI DSS, HIPAA, FIPA, KVKK & BDKK compliance requirements).

It removes the DBA as the low-level player usually charged with the responsibility of granting data access and privileges, often without proper control, and although he/she most likely lacks sufficient judgement & competence to decide.

This allows him/her to focus on managing the database, rather than managing users:
  • The tool owns and determines data access rules, then automates and enforces access control for any upcoming connection request – rather than requiring explicit calls and coordination between requester, approver and DBA.
  • Proactive control helps getting rid of repetitive scripts and queries crawling user lists, metadata and logs for verification.
  • It also implements database user activity mgmt., by keeping all access logs, as well as all access request logs, and supports auditing and reporting over it.

Fundamentally, this tool manages access on data owner level, not DBA level: it enables the highest maturity in data mgmt. & data security policies, i.e. based on explicit access granted by explicit data owner, after approval process, and for a time-limited period (with refresh option).

Note: A first implementation will require a review of current access rights and already identify many redundancies, unnecessary privileges and users, thereby already contribute to a major reduction in data exposure from the very beginning.

Key Features & Differentiators

The following features and advantages should be noted:

  • The tool is installed between database instance(s) and the application(s), thus allowing for high availability and load balancing.
  • Minor performance impact occurs only at time of login, if any, then the user experience is transparent for any further transaction.

It does centralized user database authentication & centralized authorization, thereby closing all loopholes and bugs arising from distributed procedures and access points.

It offers wide capabilities in its user privilege management.

Generates real-time alarms:
  • Upon a log-in of a user into the database, or any database object accessed.
  • Triggers depend on accessing user, originating IP, time of access, type of object accessed, some details of the query, etc.
  • Alarms can be emails, messages sent over SNMP trap, SMS...

Supports Oracle, SQLServer, DB2 (Luv & Zos), PostgreSQL, SAP HANA (on premise).

Implementation case:
  • One large corporation transformed its database access mgmt. automation processes: now more than 2600 DB's(I!) are being managed via DDA as a single central tool, as well as more than 10.000 Users (!).

  • The prospect customer should be aware that critical input and effort will be required from its side, and should be ready to define and enforce data access policies and processes; the vendor will assist with ad-hoc support, guidance, and integration.
  • Starting from an unstructured organization that has not yet implemented any data access policy: a transformation project (including identification of owners and configuration), may take 3 to 6 months.