Information Technology Reference
In-Depth Information
storage and network resource access depend on authorization measures
applied to individual and group identities.
This is the first chapter in which we conduct a detailed examination
of the critical elements that are necessary for architectural planning, an
endeavor that will continue through the remainder of the topic. It is
important to keep in mind the strategic aspects of enterprise governance
and management presented in the earlier chapters while reviewing their
application throughout the remainder of the text. Some chapters will
develop more fully topics mentioned earlier, but the chapters need not be
read sequentially in order to gain value from the information provided.
The Many-Walled Garden
Imagine a garden in which fruits, vegetables, and flowers are cultivated.
Without a wall around this garden, small animals and unauthorized peo-
ple could easily wander in and destroy the value present within the gar-
den. This garden is the enterprise network, where barriers must be erected
to protect resources from threats such as viruses and intruders.
At the garden gate, guards stand watch to ensure that only properly
authorized people may enter to enjoy the flowers or gather the food. The
guards must recognize each individual who approaches to establish their
identity. Identity, then, is independent from authorization to enter or be
denied entrance to the garden. The same is true for an enterprise net-
work, in which a user or service account must first be identified and then
granted or denied authorization for access to electronic resources.
Once inside the garden, pathways and fences ensure that an individual
gathers food only in certain areas, to avoid trampling the plants growing
elsewhere. Authorization protocols within the network provide similar
guidance by allowing access to certain resources while protecting others.
Without policies and access control measures, errant wandering could
occur within either the garden or the enterprise.
Imagine now a large garden spread over much land, in which each area
is walled apart from the others. Within each area, different rules are used
to organize where fruits, vegetables, flowers, and animals are arranged.
Different rules are also applied to control how and where these resources
may be gathered. Guards at the gates between areas must each keep track
of all individuals who may seek entrance, identifying each and authorizing
or denying entrance without communicating with guards at other areas.
