Unfortunately, most companies emphasize the protection of data through disaster recovery and high availability planning, and they don’t put the necessary controls in place to ensure that day-to-day use of the data is appropriate and authorized.
One way to help ensure the protection of critical data from human interaction is with Powertech Database Monitor for IBM i, the real-time database monitoring tool. Database Monitor ushers in a new generation of database auditing for IBM i servers. If you haven’t seen this amazing solution in action, stop and see if you can answer these five questions:
- Can you list (and prove!) every single way that your data is accessed?
- Can you provide an auditor with the full change history of a sensitive data element?
- Do you require electronic signatures for important data changes? (See Figure 1.)
- Can you easily filter out trusted applications from your audit reports?
- Are application owners notified in real time, (via email) the instant their data is changed outside of a control boundary? (See Figure 2.)
If, like many people, you can’t answer a resounding “Yes!” to all five questions, then you need to explore the extraordinary control Database Monitor brings to your database. No matter whether you are under the scrutiny of a regulatory standard—such as the Payment Card Industry Data Security Standard (PCI DSS)—or you just want to ensure the integrity of critical data assets, Database Monitor can provide visibility into the actions of users—regardless of whether they use an approved application or powerful (and hard to monitor) tools like SQL and DFU.
Figure 1: You can use Database Monitor to request approval before making a database change.
Figure 2: Database Monitor sends a notification of a database change.
The power of Database Monitor comes from its ability to rapidly analyze database journals to find the events that are important to you. Database Monitor can take advantage of journal receivers that you’re already using, or it can configure new ones for you. Database Monitor can even use triggers to let you know who is looking at individual data records. Ask your PCI auditor if that feature would be helpful! If a breach does occur, you can identify which individual records were exposed rather than having to assume it was the entire file or database. That simple feature alone could justify the cost of Database Monitor.
Database Monitor also includes powerful workflow features that allow actions to be performed when certain criteria are met. For example, have it send an email when a salary field changes by more than $1,000 or have it invoke a re-ordering program the instant the widgets inventory falls 10 percent below the desired stocking level.
Of course, one of the most challenging parts of auditing in the real world is the volume of audit data that needs to be reviewed. Some companies generate gigabytes of audit information every day! Having to pour over reams of paper reports is like looking for the proverbial needle in the haystack, and likely will lead to missed events and eventually less (or no) ongoing review. Having a server monitor itself, and escalate only important data events, is critical to facilitating a quick response and reducing risk.