Sensitive Data Access Auditing

Sensitive data access auditing presents a complex and costly barrier to regulatory compliance with government regulations, industry regulations and privacy acts. The specific audit requirements vary between the different regulations, but all consider data access auditing a key control that must be implemented to protect regulated data.

To meet compliance requirements the audit trail must address the requirements described below.

Audit all Access to Sensitive Data

An audit solution must provide visibility into all data access events thus it has to:

• Audit all types of access: Audit data access events whether the access is read-only, a data modification transaction or privileged operations.
• Audit all users: Audit privileged access to data including local system access, and non-privileged network access (i.e. application users)
• Audit all data systems containing regulated data: ensure all systems hosting regulated data are in the audit scope.

Provide Detailed Audit Event Information

To effectively reconstruct data access events the audit trail must provide details about the 'Who?', 'What?', 'When?', 'Where?' and 'How?'. Capturing the raw access query and system response attributes is essential for effective forensic investigation and incident response.

Establish User Accountability

The audit trail must correlate each data access event to a specific user. This is a difficult challenge as many applications use connection-pooling which masks the true identity of the end user.

Ensure the Integrity of the Audit Trail

The audit trail must be tamper-proof. This means that audited users cannot change the content of the audit trail. Separation of Duties is required to prevent privileged users from abusing their privileges to conceal irregular activities.

Validate that all Systems in Scope are Audited

All databases and file servers that contain sensitive and regulated data must be audited. Automated discovery and classification capabilities enable quick identification of regulated systems and reduce the cost required to maintain compliance.

Customizable Compliance Reports, Alerts and Analytical Tools

Audit reports are required for demonstrating compliance. Predefined reports provide a starting point and help address the specific audit requirements of each regulation, while customizability supports unique technical and business needs. Real-time alerts and audit analytics tools enable efficient and comprehensive forensic investigations and incident response.

Related Products:

Database Security
Product Name:	Capabilities:
SecureSphere Database Activity Monitoring or SecureSphere Database Firewall	Audit all access to sensitive data Provides needed details to reconstruct data access events Alert and optionally block1 abnormal access to sensitive data Establishes user accountability without requiring code changes Tamper-Proof audit trail Automated discovery and classification of databases in scope for auditing Predefined compliance reports and customization capabilities
SecureSphere Discovery and Assessment Server2	Discover newly created databases and database objects in scope for audit Identify changes to databases and objects containing sensitive data

File Security
Product Name:	Capabilities:
SecureSphere File Activity Monitoring or SecureSphere File Firewall	Audit all access to sensitive data Provides needed details to reconstruct data access events Alert and optionally block3 abnormal access to sensitive data Tamper-Proof audit trail Predefined compliance reports and customization capabilities

¹Blocking accesses to sensitive data in databases requires SecureSphere Database Firewall
²SecureSphere Discovery and Assessment Server is included with SecureSphere Database Activity Monitoring and SecureSphere Database Firewall
³Blocking access to sensitive files requires SecureSphere File Firewall