Data Misuse Comes In Many Forms - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Healthcare // Analytics
Commentary
11/4/2005
03:48 PM
Mitch Irsfeld
Mitch Irsfeld
Commentary
50%
50%

Data Misuse Comes In Many Forms

Yesterday I issued a reminder that data security and compliance meant protecting the data stores as well as the network perimeter, but good compliance practices also require a consistent and thorough monitoring of the way your users are interacting with the enterprise applications, in particular your databases. Once again we are talking mostly about internal intruders, those getting access to information they are not authorized to use or using authorized information in an unauthorized manner.

Yesterday I issued a reminder that data security and compliance meant protecting the data stores as well as the network perimeter, but good compliance practices also require a consistent and thorough monitoring of the way your users are interacting with the enterprise applications, in particular your databases.

Once again we are talking mostly about internal intruders, those getting access to information they are not authorized to use or using authorized information in an unauthorized manner.

And three recent product releases could point you in the right direction or at least help you frame the issues.First we note that Embarcadero Technologies Inc's recent acquisition of database-security software maker SHC Ambeo Acquisition Corp. has yielded database-monitoring software in the form of Ambeo's Activity Tracker, a database-auditing mechanism that monitors all user activity in real time, and Usage Tracker, which provides historical statistics on how data is being accessed and used.

Similarly, Consul Risk Management Inc. brought out version 6.0 of its flagship InSight Suite that helps administrators analyze user and system activity and report on who touched what information and how those actions may violate external regulations or internal security policies.

And earlier this week Tizor unveiled its Mantra activity-auditing appliance. Mantra monitors what individual users are doing with mission critical applications and data by using analytics capabilities such as behavioral fingerprinting, which detects patterns in user activity that could signal malicious activity.

What each of these monitoring systems has in common is the focus on user activity rather than simply checking access rights. You may have policies governing the use of corporate databases, but no matter how well defined the policies, if you lack visibility into the usage patterns, you lack the controls required under several regulations, including SOX and HIPAA.

And the usage behavior doesn't have to be malicious to be non-compliant. The ability to flag and investigate abnormal data use, no matter how inadvertent, is just as important as catching those with bad intent.

When it comes time to attest to your internal controls, how your data is used can reveal just as much as who is using it.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
News
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Commentary
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Mary E. Shacklett,  4/13/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll