Security enhancement request to QEM - Access to source and target
In the current version of QEM, anyone that can login to QEM have the ability to access source and target created by other people. Example: user1 can create a new task in QEM using source and target created previously by user2. This create a security issue since outside of the QEM application the user1 doesn't have access to source and target that user2 have access. It would be ideal to have source and target permission similiar to task permission.
This feature is very important to us from a data privacy perspective.
My team works in a governance and compliance role and we use Attunity to move data for several highly sensitive data sources. We discussed the lack of controls at the endpoint and task level with our compliance counsel and it's considered to be a data privacy compliance risk. Our current workaround is to use separate servers for different content, but that's not really scalable for a global organization.
Having this feature is key for us to use the product in a scalable, cost-effective manner.
The ability to control access to endpoints is an important topic in my organization as well. We have an analytics group that is separate from IT. Our IT group needs to maintain security on the source systems and ensure compliance with our security policies. It would be ideal to have a granular way to control endpoint access within Replicate itself, and QEM.
This SER is spot on by detailing a glaring hole in the QEM/Replicate security model. It is not sufficient to hide a task from prying eyes. The products should also protect the source and target endpoints to ensure that NO unauthorized access or manipulation of data can occur.
Currently anyone with developer access to Replicate can create a task, assign any source endpoint they choose and replicate data. Once replication is complete they delete the task and nobody is the wiser. Sure the activity is recorded in logs, but these are not easily digestible and there are no reports that can easily be run to see who created/executed tasks with which endpoints during a period of time.
This gap in security is forcing my corporation to stand up "secure" replicate servers with tight access permissions to prevent the potential unauthorized access or manipulation of data. This is an unnecessary cost and administrative burden that can be eliminated by simply applying the same security model to endpoints that is currently in place for tasks.
Any updates on this new feature, it's becoming a key item for us to enable replication of sensitive data without having to stand up new instances of Qlik Replicate.
Security is very critical. I had opened a support case after seeing the highlighted message from QEM window. This feature is key as is the task permissions. No user should be able to make changes on other user's endpoints. It's like the concept of least privilege. You wanna give users the least access so that they can only manage what is theirs only.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.