Database Reference
In-Depth Information
Chapter 13
Privileged Access Control Methods
Chapter 13 builds on the foundational theory of privileged access control (PAC) already described in Chapter 12 by
providing a survey of the PAC solutions in the market, followed by a generic analysis of the basic methods of how they work.
After becoming familiar with these solutions we will investigate the typical security issues that these solutions
suffer from.
Finally, we will consider the future of this product niche by looking at Oracle's new entrant to this market and the
increasing use of break-glass access control systems.
The aim of the chapter is to understand the technology concepts and issues behind the current commercially
available solutions, before the next chapter, which discusses how to solve these problems.
Surveying Products in the Marketplace
There are an increasing number of companies offering PAC solutions, which contrasts with the decreasing amount of
information these companies are prepared to reveal about the actual technicalities of how their products work! There
are three main reasons behind the secrecy of PAC vendors: competitive advantage, security by obscurity, and hiding
weakness, the reason being that controlling the highest privilege in databases is not yet a solved problem. I have
actually worked hands-on at code level with a number of PAC solutions, so I have a good understanding that I will
pass on to you now.
The main companies in this space are CyberArk, Xceedium, CA, Centrify, and BeyondTrust, and I will refer to
all of them throughout this chapter. Internal implementations have been moving towards Windows Active Directory
backends, which has recently encouraged Oracle to initiate their own product, named OPAM, of which I was a beta
tester (though it should be said Oracle are very strong on web-based SSO solutions). OPAM integrates with the Oracle
Identity Management suite. Separately, Pythian, a well-regarded DBA consultancy, has an interesting in-house
solution called Adminiscope, which is being made available to external organizations. We should first define the
point of a PAC system, which is to enact control on accounts that would otherwise be “unconstrained” (or sometimes
described as “wild”).
Unconstrained
means that the responsible use of the account is dependent on trust, because the
account cannot be verifiably controlled by the system.
Accounts under Privileged Access Control
Next we will work through the actual account names and types that should be subjected to privileged access control in
a secure system. The first of them is the SYS DB account.
