No matter what kind of business you’re in, or how large your organization is, protecting your valuable data is a top priority. Failure to do so could put your reputation – and even the future of your operations – at risk. This isn’t just a hypothetical problem. According to cybersecurity specialists TrustWave, 59% of organizations have experienced a malware infiltration in the past six months and 28% of organizations have experienced an advanced persistent threat attack.
These numbers are indeed alarming, but even as companies scramble to keep hackers out of their systems there is a whole other realm of data security that often gets ignored: regulatory compliance. It might not be as “glamorous” as addressing the kinds of data breaches that seem to make the news with frightening regularity, but failure to address it can have negative consequences that are just as profound and damaging in the long term. Any organization that relies on MultiValue databases needs to make this as much of a priority as preventing phishing and other breaches.
Audits and Compliance
Every day brings a new and complex set of interactions, events, and activities within your business applications and data. What happens when something unexpected occurs with one or more of them? Your organization needs to know what’s happening with its data and applications in real time.
Compliance is the most obvious driver for introducing logging functionality to your environment. When it comes to compliance, you have to be right and you have to move quickly. Logging lets your organization lower risks by gaining insight into what’s happening to your data and application environment, so you can address underlying issues. For example, with logging, if a user is viewing clients not assigned to him or collecting sensitive information such as social security numbers, proper logging can help auditors identify improper access privileges or detect and put a stop to patterns of abuse. In addition to compliance, your organization can use logging for:
- Accountability – Identify the accounts associated with certain events and use the information to make decisions about training or disciplinary action
- Reconstruction – Track data to the ‘tick’ (microsecond) level and sequentially within each unique user process to see and understand what happened before and during an event
- Intrusion Detection – Review unusual and unauthorized events, like failed login attempts or logins outside of a specified schedule, which might indicate attempts to breach security
- Problem Detection – Analyze log data to identify problems that you need to address. For example, review resource utilization or failed jobs.
The Letter (and Spirit) of the Law
Knowing what’s happened and what’s going on inside your enterprise information systems, as well as providing an audit trail to prove it, is not only required by internal operational procedures, but is also mandated by governmental standards for many industries and businesses. In fact, in the US regulations such as HIPAA, SOX, and industry standard PCI-DSS all have specific requirements for audit logging. In European and other countries there are similar standards and regulations.
Audit logging is an automated approach to data management that chronologically records who did what to which system resource and when.
In Real Time
State of the art audit logging includes the capability to change requirements while the production server is running. This key capability allows you to change logging specifications immediately. If you believe an intrusion is in progress, you may want to immediately enable auditing those specific areas where you believe the intrusion is happening – whether within or outside your organization. In real time, you can entrap and audit that rouge employee bent on doing harm from within.
It’s easy to understand the value of audit logging, but implementing it is another story. That’s because it can be challenging for IT professionals to add yet another task to their never-ending to-do lists when they’re barely staying ahead of the curve. IT must spend the time up front configuring audit logging to ensure your organization realizes all of the benefits. No two organizations are the same, but those that choose an approach to audit logging that is comprehensive, flexible, customizable and easy to maintain will have the best chance at long-term success.