Sensitive Data Access Auditing
Sensitive data access auditing presents a complex and costly barrier to regulatory compliance with government regulations, industry regulations and privacy acts. The specific audit requirements vary between the different regulations, but all consider data access auditing a key control that must be implemented to protect regulated data.
To meet compliance requirements the audit trail must address the requirements described below.
Audit all Access to Sensitive Data
An audit solution must provide visibility into all data access events thus it has to:
- Audit all types of access: Audit data access events whether the access is read-only, a data modification transaction or privileged operations.
- Audit all users: Audit privileged access to data including local system access, and non-privileged network access (i.e. application users)
- Audit all data systems containing regulated data: ensure all systems hosting regulated data are in the audit scope.
Provide Detailed Audit Event Information
To effectively reconstruct data access events the audit trail must provide details about the 'Who?', 'What?', 'When?', 'Where?' and 'How?'. Capturing the raw access query and system response attributes is essential for effective forensic investigation and incident response.
Establish User Accountability
The audit trail must correlate each data access event to a specific user. This is a difficult challenge as many applications use connection-pooling which masks the true identity of the end user.
Ensure the Integrity of the Audit Trail
The audit trail must be tamper-proof. This means that audited users cannot change the content of the audit trail. Separation of Duties is required to prevent privileged users from abusing their privileges to conceal irregular activities.
Validate that all Systems in Scope are Audited
All databases and file servers that contain sensitive and regulated data must be audited. Automated discovery and classification capabilities enable quick identification of regulated systems and reduce the cost required to maintain compliance.
Customizable Compliance Reports, Alerts and Analytical Tools
Audit reports are required for demonstrating compliance. Predefined reports provide a starting point and help address the specific audit requirements of each regulation, while customizability supports unique technical and business needs. Real-time alerts and audit analytics tools enable efficient and comprehensive forensic investigations and incident response.
1Blocking accesses to sensitive data in databases requires SecureSphere Database Firewall
2SecureSphere Discovery and Assessment Server is included with SecureSphere Database Activity Monitoring and SecureSphere Database Firewall
3Blocking access to sensitive files requires SecureSphere File Firewall
"Database Activity Monitoring Market Overview" by Jeffrey Wheatman, Mark Nicolett, 03-Feb-2009