Provide a reflection of at least 500 words (or 2 pages double spaced) of how the knowledge, skills, or theories of this course have been applied, or could be applied, in a practical manner to your current work environment.
If you are not currently working, share times when you have or could observe these theories and knowledge could be applied to an employment opportunity in your field of study.
Provide a 500 word (or 2 pages double spaced) minimum reflection.
Use of proper APA formatting and citations. If supporting evidence from outside resources is used those must be properly cited.
Share a personal connection that identifies specific knowledge and theories from this course.
Demonstrate a connection to your current work environment. If you are not employed, demonstrate a connection to your desired work environment.
You should NOT, provide an overview of the assignments assigned in the course. The assignment asks that you reflect how the knowledge and skills obtained through meeting course objectives were applied or could be applied in the workplace.
As an analytics architect at a Microsoft technology integration partner, many of the concepts in Application Security can be applied to my daily work. While many topics are relevant, I will explore three. I will explore the principle of least privilege, Active Directory Groups, and the importance of audits. Lastly, I will present the conclusion.
Principle of Least Privilege
As discussed in this course, the idea of least privilege is that a group or individual should only do things that their role within the organisation requires them to do. As an analytics architect, this concept is very relevant. Many organisations require that individuals can only see data that they have a business purpose to see.
When designing data-oriented solutions, I often have to balance performance and other design constraints with competing concerns. This trade-off means that I often must use the priority of requirements to determine which requirements should be met. Ensuring that individuals only see what they should is often a very high priority.
Active Directory Groups
In this course, we also discussed the importance of Active Directory Groups. This is also relevant to my work as an analytics architect in that we often need a way to determine who can access what information or perform a given operation. As the organisations I typically work with use Microsoft technologies, they often utilise Active Directory. Understanding of Active Directory groups is critical to the success of many of my projects.
Importance of Audits and Logging
This course also covered the importance of audits and access logs. Audits are also important in the design of analytics solutions. Often it is important to know what person is accessing what data. Also, many of the organisations are governed by regulations which require tracking all changes to data or process in an exhaustive fashion.
This means that when someone views a record, that fact must be recorded. Recording the information is the first step in the process. After the data related to data access is captured, it must be processed so that governance reports can be created. Also, the original data must be preserved so that an external auditor can reproduce the same results.
The importance of the concept of least privilege, Active Directory Groups, and auditing was presented. These concepts have relationships. For example, the principle of least privilege is often made possible through the use of Active Directory Groups.
Likewise, auditing is often applied based on an individual’s membership in a group. For example, it may be important to record when someone in the data operations group accessed records in the payroll-related databases.
While the topic of application security is very large, it does have specific application to the data analytics space. As an analytics architect, I find many of the topics to be a refresher of existing knowledge combined with learning new things. While I do not plan to become an expert in security, understanding the concepts makes me a better analytics architect.