We need only the "unusual" accesses brought to our attention, and data access auditing is the way to do it.
Posted Nov 1, 2004
Data privacy is more than just good practice--it's the law. Government regulations like HIPAA require organizations to comply with data privacy laws. We must protect sensitive data.
Most companies have privacy safeguards in place. But is someone looking at the data anyway? Could a password have gotten into the wrong hands? Or could an authorized user be accessing sensitive data surreptitiously? Would you know?
Prevention through passwords and access controls is the first step. But how can we be alerted when our safeguards have been violated? This question is a matter of when , not if . We must assume it will happen if we are to take data privacy seriously.
Ideally we would have a surveillance mechanism watching every access to all sensitive data. Because most accesses will be legitimate, we need only the "unusual" accesses brought to our attention. Let's call this data access auditing (DAA).
The perfect DAA solution would identify all accesses and tell us:
1) who accessed the data;
2) when it was accessed;
3) what computer program or software was used;
4) from where;
5) the SQL query;
6) number of rows of data retrieved;
7) management by exception: bringing only unusual accesses to our attention.
These features comprise the gold standard for DAA.
There are three ways to audit data access:
1) Auditing within the client: Some database-access tools provide the ability to track end-user activity. However, it would be impossible for a company to ensure that 100 percent of data access would be through these tools. Because these tools are easily bypassed, auditing data access from within the client is the worst possible choice.
2) Auditing within the database: Since the DBMS is already protecting data, it may seem to be the ideal location for auditing data access. However, DBMS vendors offer varying and insufficient support for, and take different and incompatible approaches to, access auditing. Many databases incur a huge performance penalty for turning on access auditing, especially for 24x7x365 monitoring. Very costly upgrades and hardware purchases may be required to regain performance, if it can be regained at all.
3) Auditing between the client and database: This brings us to the best choice. By listening to all conversations between all clients and all databases, we can achieve a comprehensive data access audit while avoiding all the drawbacks of auditing either within the client or within the database.
Technical details of these conversations vary from one DBMS to the next. Therefore, we want an access auditing vendor who:
supports all major database brands;
monitors all accesses, not just samples;
accommodates complex data streams;
makes audit results available for custom reporting;
has little or no impact on performance.
With careful vendor selection, all of this can be implemented on a 24x7x365 basis with absolutely no impact on the databases being monitored, enabling every organization to keep data private--and know it.