„Comprehensive access protection for critical data within the enterprise must have top priority“ – recent experience corroborates this statement.
- Topics such as governance, risk (management) and internal and external compliance – jointly termed GRC – require transparency, end-to-end solutions, traceability and direct access for the responsible persons – on both business and IT fronts.
- An intervention for security reasons must be possible in real time. The value of a response, even with a short delay, diminishes dramatically because the damage has already occurred.
- Known technical security vulnerabilities such as No. 4 of the OWASP top ten (insecure direct object reference) must be permanently eliminated.
However, a strong focus on data access control does not mean that “traditional” requirements are no longer valid.
- The costs must be optimized – for „Build, Change & Run“. The maintainability must be guaranteed at all times.
- The responsibility must be regulated clearly, simply and comprehensibly.
- It must be possible to perform adaptations quickly and during operation. „Less CHANGE - just RUN“ – is the name of the game.
INVENTAGE has been developing security-critical JAVA-applications for nearly 15 years and is among the absolute pioneers in e-banking.
Rigid control of data access was and is an absolute „must“ for our customers. Renowned institutions rely on our solutions.
The clear separation between security and business functions in the application has always seemed advantageous to us. Security functions are better kept clearly separated from the application code! This approach has more than proven its worth in the course of time. Over the years, the concept has reached its full potential.
The benefits already became apparent during the initial development, the BUILD phase. Particularly in the so-called CHANGE/RUN phase, the benefit was and is very high, because changes can be implemented very quickly without having to adapt the application. We implement new or changed roles and rules “on-the-fly”!
In addition to the separation, the configurability is also a decisive advantage in comparison with conventional concepts.
With the third version of the technical implementation we have found the optimum „position“: outside the database, within the application but clearly encapsulated from it via standard interfaces. Independence from the database as well as from the application itself is thus ensured for the first time.