Sensitive Data Access Audit
The exponential growth of a global information economy, driven by new technologies and disruptive business models, means that an ever-increasing amount of personal data is collected, used, exchanged, analyzed, and retained. It also means there is an ever-increasing number of accidental or intentional data breaches, incorrect or lost data records, and data misuse incidents.
Each high-profile case of data breach or misuse brings increased demand for organizations to ensure the privacy, integrity, and security of sensitive data entrusted to their care. At the same time, SOX, HIPAA, PCI, and GDPR compliance regulations demand that organizations provide complete visibility into, and an uninterrupted record of, what data is accessed or changed, when, and by whom.
Meeting all the data privacy, integrity, and security demands is challenging.
Many companies struggle to meet the demands. Some of the challenges they face include:
- Assortment of data repositories — heterogeneous databases, big data platforms, data-rich collaboration systems such as SharePoint, cloud-based file-sharing services, etc. — all need to be protected
- Duplication and migration of data across repositories, as organizations try to extract maximum value from data by using it to support an ever-expanding array of business processes
- Tight budgets that require people to do more with less
Because of these and other challenges, many organizations typically focus their attention on just protecting the enterprise’s networks, devices, and applications. Their security measures include next-gen firewalls, anti-virus programs, spam filters, malware blockers, network auditing, and similar security tools.
However, sensitive data access auditing is also essential for ensuring the data privacy, integrity, and security demanded by customers, regulators, and lawmakers.
How sensitive data access auditing can help
Sensitive data access auditing is a surveillance mechanism that provides visibility into all data access and change events by auditing:
- All systems containing regulated data — heterogeneous databases, big data platforms, data-rich collaboration systems such as SharePoint, cloud-based file-sharing services.
- All inside users — privileged users (typically DBAs, network engineers, security practitioners, cloud custodians) who require unrestricted access to servers, networks, devices, applications, or databases to perform their jobs; and non-privileged users with access to shared applications and databases.
- All types of data access events — read-only, data modification transactions, and privileged operations.
What to look for in a sensitive data access auditing tool
Although there are a variety of data auditing tools, tools that meet compliance requirements set by GDPR, HIPAA, PCI DSS, SOX, and other regulators or lawmakers can do the following.
- Audit all systems containing sensitive data — Audits with automated discovery and classification capabilities enable quick identification of sensitive data and reduce the cost required to maintain compliance. Sensitive data includes any information that can directly or indirectly identify a specific individual. Examples of sensitive data include:
- Biometric data, including physical characteristics such as height or weight; physiological characteristics such as DNA, fingerprints, or facial recognition images; and behavioral characteristics such as gait or voice.
- Genetic characteristics acquired at birth, such as ethnic or racial characteristics.
- Health data, including records of physical/psychological conditions and healthcare codes.
- Online identifiers such as IP addresses, cookies, geolocation, or radio frequency tags.
- Device identifiers such as MAC addresses.
- Personal identifying information (PII) such as name, address, phone number, birth date, employee number, medical record number, social security number, email address, etc.
- Financial data such as salary, banking, or credit card information.
- Other information such as emails, instant messages, photos, cultural, economic, or social data.
- Provide detailed audit event information — Auditing that captures the raw access query and associated system response helps identify the ‘who, what, when, where, and how’ of data access and changes. That information, in turn, helps data security and forensic personnel determine whether access was authorized or unauthorized, and whether changes were in scope, accidental, or intentionally malicious.
- Establish user accountability — Audit trails that correlate each data access event to a specific user act as a deterrent against data tampering because the attacker is easily identified.
- Ensure the integrity of the audit trail — Audits that provide tamper-proof audit trails ensures that privileged users cannot change the content of the audit trail to conceal irregular activities. This helps organizations comply with requirements for separation of duties.
- Create customizable compliance reports, alerts, and analytical tools — Audits reports are required to demonstrate compliance with regulations set by lawmakers and industry-specific groups. Predefined reports provide a starting point and help address the specific audit requirements of each regulation. Customizability supports unique technical and business needs. Real-time alerts and audit analytics tools enable efficient and comprehensive forensic investigations and incident response.
Learn how Imperva solutions can help you with a sensitive data access audit.