Data Misuse Comes In Many Forms - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Healthcare // Analytics
Commentary
11/4/2005
03:48 PM
Mitch Irsfeld
Mitch Irsfeld
Commentary
50%
50%

Data Misuse Comes In Many Forms

Yesterday I issued a reminder that data security and compliance meant protecting the data stores as well as the network perimeter, but good compliance practices also require a consistent and thorough monitoring of the way your users are interacting with the enterprise applications, in particular your databases. Once again we are talking mostly about internal intruders, those getting access to information they are not authorized to use or using authorized information in an unauthorized manner.

Yesterday I issued a reminder that data security and compliance meant protecting the data stores as well as the network perimeter, but good compliance practices also require a consistent and thorough monitoring of the way your users are interacting with the enterprise applications, in particular your databases.

Once again we are talking mostly about internal intruders, those getting access to information they are not authorized to use or using authorized information in an unauthorized manner.

And three recent product releases could point you in the right direction or at least help you frame the issues.First we note that Embarcadero Technologies Inc's recent acquisition of database-security software maker SHC Ambeo Acquisition Corp. has yielded database-monitoring software in the form of Ambeo's Activity Tracker, a database-auditing mechanism that monitors all user activity in real time, and Usage Tracker, which provides historical statistics on how data is being accessed and used.

Similarly, Consul Risk Management Inc. brought out version 6.0 of its flagship InSight Suite that helps administrators analyze user and system activity and report on who touched what information and how those actions may violate external regulations or internal security policies.

And earlier this week Tizor unveiled its Mantra activity-auditing appliance. Mantra monitors what individual users are doing with mission critical applications and data by using analytics capabilities such as behavioral fingerprinting, which detects patterns in user activity that could signal malicious activity.

What each of these monitoring systems has in common is the focus on user activity rather than simply checking access rights. You may have policies governing the use of corporate databases, but no matter how well defined the policies, if you lack visibility into the usage patterns, you lack the controls required under several regulations, including SOX and HIPAA.

And the usage behavior doesn't have to be malicious to be non-compliant. The ability to flag and investigate abnormal data use, no matter how inadvertent, is just as important as catching those with bad intent.

When it comes time to attest to your internal controls, how your data is used can reveal just as much as who is using it.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Commentary
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Commentary
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Slideshows
Flash Poll