My DBA's spend 60% of their time managing data access privileges & consistency for all users! (COO)
Data access requests approved by data owners must be fulfilled and applied dynamically, else it creates failure points. (CDO, CIO)
By doing so, it effectively implements data mgmt. & data access policies of an organization, and hands over control to data owners, away from DBA's.
The tool works in high availability mode. There is no performance drop to any client or user.
Service Mgmt. & Support
- Remote support provided via ticketing system.
- Email groups are available to post questions (counts as a ticket).
- SLA defined for critical/major/minor issues.
- No additional difference for bronze/silver/gold service levels.
(i.e. as vendor-independent and stand-alone solution)
Use Cases & Pain Points Addressed
Large organizations must secure and organize/control access to their data, by means of a defined data ownership structure and data access approval processes, then by effectively fulfilling the requests and applying those controls. The more complex the organization and the more data is distributed in multiple systems, the more this information becomes extremely tedious and complex to assess or compile.
Eventually, this tool controls and report at all times any decision about data access: who does what, why, when, how, for how long – e.g. through what application, for what purpose, and by whose authorization (See also GDPR, DSGVO, SOX, GLBA, PCI DSS, HIPAA, FIPA, KVKK & BDKK compliance requirements).
It removes the DBA as the low-level player usually charged with the responsibility of granting data access and privileges, often without proper control, and although he/she most likely lacks sufficient judgement & competence to decide.
This allows him/her to focus on managing the database, rather than managing users:
- The tool owns and determines data access rules, then automates and enforces access control for any upcoming connection request – rather than requiring explicit calls and coordination between requester, approver and DBA.
- Proactive control helps getting rid of repetitive scripts and queries crawling user lists, metadata and logs for verification.
- It also implements database user activity mgmt., by keeping all access logs, as well as all access request logs, and supports auditing and reporting over it.
Fundamentally, this tool manages access on data owner level, not DBA level: it enables the highest maturity in data mgmt. & data security policies, i.e. based on explicit access granted by explicit data owner, after approval process, and for a time-limited period (with refresh option).
Note: A first implementation will require a review of current access rights and already identify many redundancies, unnecessary privileges and users, thereby already contribute to a major reduction in data exposure from the very beginning.
Key Features & Differentiators
- Installed between database instance(s) and the application(s), thus allowing for high availability and load balancing.
- It does centralized user database authentication & centralized authorization, thereby closing all loopholes and bugs arising from distributed procedures and access points.
It offers wide capabilities in its user privilege management.
Generates real-time alarms:
- Upon a log-in of a user into the database, or any database object accessed.
- Triggers depend on accessing user, originating IP, time of access, type of object accessed, some details of the query, etc.
- Alarms can be emails, messages sent over SNMP trap, SMS...
- On premise: Oracle, SQL Server, DB2 (Luv & Zos), PostgreSQL, SAP HANA.
- Oracle, SQL Server in the Cloud: AWS only.
- Deployment in the Cloud: AWS only.
- NoSQL database: MongoDB.
- One large corporation transformed its database access mgmt. automation processes: now more than 2600 DB's (!) are being managed via this single central tool, for >10.000 Users (!)
- The prospect customer should be aware that critical input and effort will be required from its side, and should be ready to define and enforce data access policies and processes; the vendor will assist with ad-hoc support, guidance, and integration.
- Starting from an unstructured organization that has not yet implemented any data access policy: a transformation project (including identification of owners and configuration), may take 3 to 6 months.