Situation Analysis
Today, Hybrid Clouds leveraging platforms such as AWS, Azure, and others are dominating the enterprise computing landscape. Increasingly, each of these platforms offers Database Management Systems (DBMS) services as part of PaaS (Platform-as-a-Service) that include database connectivity using open standards such as ODBC and JDBC thereby exposing important issue regarding Data Access, Data Flow, and Data Privacy.
Problem
Database Connectivity offered by these service providers offer firewall for data access protection that’s only scoped to client IP addresses. Thus, a database administrator (or dataops practitioner) is only able to assert access authorization scoped to the IP addresses of users before dropping down to Role-based Access controls provided by each DBMS.
IP Addresses and Role Accounts are only two of many factors required for creating an effective security profile in an age of hyper-connectivity. Incorporation of other factors requires a Firewall capability that allows combines IP Address restrictions and Attribute-based Access Controls into a single Logical Firewall solution as part of the cloud platform.
Solution
Our Multi-Tier Data Access Drivers, provide a Logical Firewall capability that processes Session Rules described in its Session Rules Book where Session Rules are stored and maintained in a text based Initialization File ( “oplrqb.ini”).
This powerful Logical Firewall capability enables construction and enforcement of rich data access profiles comprising user attribute (domains, user name, application, client operating system, IP address, target database etc.) that are applied to all data access driver sessions.
How it works
- Install Generic Multi-Tier Edition ODBC and JDBC Drivers
- Install OpenLink Request Broker and Database Agents (these include agents ODBC and JDBC which bring 3rd Party Drivers under control too!)
- Configure Rules in the Request Broker INI File (we include many defaults that immediately secure your setup)
Related