Short intro: here you can find an article about integrated PAM & IGA solution, developed by VDEL Informationstechnik & Consulting Gmbh on top of Oracle Identity Management products...
This article will discuss the SUBOP Security (Software United Business Operations Platform Security module) by VDEL product, which includes the Privileged Accounts Manager (PAM) solution SUPAM and the IGA solution based on Oracle Identity Governance. Attempts to integrate PAM and IGA are not new, we can recall Oracle Identity Governance and Oracle Privileged Accounts Management (OPAM), as well as the recently released integration of Oracle Access Governance and Arcon PAM (https://blogs.oracle.com/cloud-infrastructure/post/arcon-pam-integration-oracle-access-governance). However, OPAM is no longer supported by Oracle, and Oracle Access Governance is an exclusively cloud solution, not available in its on-premise version. Therefore, there is a vacant space for integrating IGA and PAM solutions on-premise.
About components
SUBOP Security - a set of products based on Oracle Identity Management technologies (Access Management, Identity Governance), ASFU licenses for which are included in the product licenses.
SUPAM - PAM solution developed by VDEL, licensed as part of SU BOP Security, but can also be purchased separately and/or integrated with another IGA solution.
SUPAM IGA Integration module - SUPAM integration module with Oracle Identity Governance, a part of SUBOP Security.
About integration
Consider a large financial institution with a large infrastructure that is constantly facing security threats. Privileged accounts can be a gateway through which attackers can access sensitive data and perform actions that lead to a breach of confidentiality, integrity, and availability of data. Therefore, such accounts are often the target of attacks, and managing and securing privileged accounts is not just an operational necessity, but part of the company's risk management strategy.
Therefore, privileged accounts must also comply with company policies and regulatory compliance, which is possible with an integrated IGA - PAM solution. And this integration is applicable not only to the financial sector, but to any other industry.
In this article, we will show how an integrated solution between SUPAM and Oracle Identity Governance (SU BOP Security) can help companies strengthen security and simplify compliance.
Problems with Privileged Access Management
Privileged accounts typically belong to system administrators, database administrators, and application administrators, and with this access it is often possible to perform operations on the organization’s sensitive data. Therefore, they are the most valuable to attackers and are often the target of attacks. A successful attack on such accounts can lead to breaches of confidentiality, integrity, and availability of data. Also, organizations are forced to comply with regulatory requirements of standards and regulators such as GDPR, PCI DSS, SOX, and others that require management of such access.
Traditional methods of privileged access management rely on Excel spreadsheets and manual processes, are not scalable or secure enough, and are prone to errors in large organizations. Additionally, organizations need to not only control privileged access, but also monitor it continuously.
SUPAM and SUBOP Security
SUPAM is designed to protect, control and monitor privileged accounts. It provides a comprehensive solution for managing privileged access across a variety of IT environments, helping to ensure that only authorized users can access critical systems. However, while SUPAM addresses the key requirements of a PAM system, managing privileged access across a large organization requires automation of access provisioning and compliance processes. This is where SUBOP Security comes into play.
The integrated SUPAM and SUBOP Security solution provides much more than just privileged access management. The integration automates access provisioning and certification processes, enforces security policies, and helps ensure that privileged access meets the organization’s compliance and risk management goals.
Key benefits of the integrated SUPAM and SUBOP Security solution
The integration of these two products has the following benefits:
Centralized access control: For example, in financial institutions, IT administrators struggle to manage hundreds of privileged accounts manually. SUPAM’s integration with SUBOP Security provides a centralized platform for managing and controlling these accounts. IT departments can create consistent access policies across all systems, helping to ensure that privileged users are granted only the access they need, implementing the “Principle of Least Possible Privilege.”
Automated access checks and certification: Manual access checks are labor-intensive and prone to human error, and their results are often no longer relevant. By integrating SUPAM and SU BOP Security, an institution can automate the access check and certification processes. The system regularly checks who has access to privileged accounts, whether this is necessary and whether it complies with company policies.
Real-time monitoring and reporting: The integration provides real-time visibility into how privileged accounts are being used. Enterprises can track user activity, detect unusual behavior, and create detailed audit logs for compliance and reporting purposes. This level of visibility is critical to identifying potential security threats before they become serious incidents.
How exactly do SUPAM and SUBOP Security complement each other
In the integrated scenario of SUBOP Security (Oracle Identity Governance plus additional modules) is responsible for the following functionality:
Request and approval of administrator access to SUPAM / target systems, approval of “break-glass” access (in case of an emergency situation);
RBAC (Role Based Access Control) - role-based mass provision of access, statically or dynamically based on rules;
Access policies - corporate access policies apply to administrators and they are no longer an exception;
Access certification - checking the non-redundancy of administrator powers on a periodic basis;
Segregation of duties (SOD) - it is possible to detect access conflicts, preventively or detectively;
Provision of named access to administered servers via Oracle Identity Connectors;
Provision of access to the SUPAM system;
Password reset, automatic generation of secure passwords in SUPAM and target systems, end administrators should not know their passwords in target systems;
Reporting on granted access to ensure compliance with standards and regulators.
MFA in SUPAM and in target systems (DBMS, Linux) using Oracle Access Management.
SUPAM's area of responsibility:
Secure creation of connections (RDP, SSH, VNC etc), transfer of the terminal window to the browser;
Recording of sessions (video, text);
Secure storage of session records;
Licensing
The product is licensed on a per-user basis (up to 5000, 5000-10000 etc). The following Oracle products are fully licensed under the ASFU program with SUBOP Security:
Enterprise Identity Services Suite
Oracle Identity Governance Suite
Oracle Access Management Suite
Oracle Directory Services Suite Plus
Identity Connector Pack
No comments:
Post a Comment