Universal User Tracking
The Accountability Requirement for Database Auditing
One of the primary requirements of any application or database audit process is validating appropriate user accountability. Today’s complex multi-tiered environments have made it practically impossible to track user data interaction. SecureSphere's Universal User Tracking technology makes individual users accountable - even when they access data via commercial applications such as Oracle E-Business Suite, SAP, and PeopleSoft or custom Web applications.
Typical Data Audit Solutions Do Not Provide Full Accountability
Often, when users access databases via an application, connections are pooled by the application server into a single connection to the database. Typical database auditing systems do not consistently link database activity with specific users when connection pooling is in use because only the application's login name is recorded. SecureSphere tracks individual user connections, not just application logins, to provide full database audit accountability.
Typical audit appliances (and native database audit capabilities) record application names, not actual user names.
Universal User Tracking Meets the Requirement
Universal User Tracking incorporates multiple tracking mechanisms to identify the accountable end user for every database transaction, even in connection pooling environments. Universal User Tracking methods include:
- Web Application User Tracking
- Web to Database User Tracking
- SQL Connection User Tracking
- Direct User Tracking
These four tracking methods enable SecureSphere to audit end users regardless of how they connect to the database, enabling complete accountability. By tracking end users, SecureSphere can display user IDs in database security alerts, audit logs, and reports. In addition, database security policies can be created to restrict access by user ID. Universal User Tracking provides greater visibility into database activity, more granular security controls, and adherence to today's stringent regulatory requirements.
More thorough database auditing enables organizations to achieve regulatory data compliance, such as Sarbanes Oxley, PCI, and HIPAA, with greater ease.
Web to Database User Tracking, a Universal User Tracking method, provides individual accountability even when an application server pools transactions into a single database connection.