It’s Time to Dump your 1990s App Authentication
Migrate Win32 applications secured by client/server #database logins to #mobile apps that use OAuth & enterprise #cloud directories for authentication instead.
Do you know Scott Tiger? Are you familiar with SA and no password? If so, you probably worked with client/server database security mechanisms from companies like Oracle, Microsoft, IBM and others. Anyone who’s built client/server, multi-tier database systems over the years has worked with Oracle Net Listener, TNSNames, Sybase DBLIB, ISAM and VSAM drivers plus a revolving door of Microsoft drivers. App logins were typically the same as the database login. DBAs were in control and app developers worked with what they were given. Sometimes data access was secured through the use of views or stored procedures. Things improved when databases started supporting integrated authentication where data access could be controlled by users and groups found in the company Active Directory.
Today’s mobile apps don’t connect to client/server databases this way. Win32 apps connecting via the LAN or VPN can kick the can down the road a bit longer. Everything else talks to databases with web APIs or sync. While these mobile-friendly APIs use database authentication to connect, the services they expose must be secured by an enterprise directory. This pattern provides identity management to mobile apps. Furthermore, cloud-based enterprise directories must be kept in sync with existing on-premises directories to keep the login procedures seamless for employees. Add multi-factor authentication to boost security and avoid consumer auth providers like Facebook or Twitter.
Reduce risk to your organization by decoupling app security from database authentication and make the move to company-wide directory services. Has your employer switched all its enterprise apps to modern authentication methods yet?