Skip to end of banner
Go to start of banner

The Monolithic Siloed Application

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

reference-architecture

Diagram

Description

This reference architecture represents a rudimentary legacy application that suffers from no native integration with modern IAM capabilities. It may pose a significant challenge to manage.

IAM Governance

Acquisition

  • The IAM TCO

Authentication

  • Natively, the application only supports password-based authentication. To implement more robust authentication mechanisms and/or implement SSO, application virtualization may be an option.

Access Model

  • The application supports the direct granting of fine-grained entitlements to identities and/or their grouping into roles. A typical best practice is to avoid direct fine-grained access permissions and systematically grant access via roles.

Provisioning

  • The absence of native IAM integrations gives no choice but to provision and administer the application manually. A typical SoD requirement is to enforce segregation between application provisioners, administrators, and functional users.

PAM

  • Administration may be forced via a bastion. Password automatic rotation will require client-side scripting which comes with an additional development and maintenance cost. The possibility of bypassing the bastion must be analyzed, especially if the administration and functional clients share the same protocols. If bastion bypass cannot be technically avoided,

  • No labels

Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.

This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.