Software // Information Management
News
2/23/2007
05:18 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Field Report: Nuclear Fuel Supplier Tightens Database Security

Keeping tabs on enriched uranium? Challenging. Keeping track of database integrity for SOX? Piece of cake.

A spate of compliance mandates -- Sarbanes-Oxley (SOX), HIPPA, Basel II, to name a few -- have forced IT administrators to prove that they have a handle on data integrity. United States Enrichment Corp. (USEC), a uranium enrichment firm, felt the pressure in mid-2005.

"We are a publicly traded company, so SOX was an issue," says Robert Gorrie, information security manager. "Our auditors asked me how I know that all the changes in our database are legitimate. We put some [safeguards] in place that were very labor intensive, but they didn't pass muster." Gorrie's boss, the CIO, saw an ad in a trade journal for Guardium database activity monitoring and auditing software and asked if it would help. It did.

"Guardium is not the panacea," Gorrie says. "We still need a separate trouble ticketing system, and you still need eyes to look at the reports. The good news is it got the auditors off my back."

Gorrie uses Guardium's software to watch activity on USEC's inventory, HR and financial databases, which did not sit well with the DBA initially. "My DBA said, 'My god you can see everything I do!' I said, 'Yeah, but then I don't have to bug you for audit logs, etc.'"

Gorrie adds "you have to trust your DBA, but 'trust' is not something that will keep your auditors at bay."

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government, May 2014
Protecting Critical Infrastructure: A New Approach NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work?
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.