Would we be happy if our bank allowed people into the vault that contains our money without a camera monitoring their activity? Would we want to share our most personal data with a company that isn’t a good fiduciary of our information? The odds are we wouldn’t want to participate in either scenario, but the reality is that this is what happens to our most private data all the time. We simply aren’t aware of it because in the world of electronic data, we don’t “see” what is going on. Employees and partners of companies have the ability to access our personal information in databases all over the world. And, although many of those companies have traditional security in place, most don’t know what is actually happening with our data—and the data of millions of other individuals.
In the recent past, native audit tools, such as SQL Profiler, trace functions, and triggers were all that we had. But they are no longer the only game in town. A new category of technology has emerged that empowers enterprises to “see” and immediately analyze what is going on with sensitive data. This new technology, called Data Activity Monitoring (DAM), has the ability to monitor sensitive data as it is being accessed from data servers and analyze the activity to determine if the user, or the particular access, has the potential to endanger data or create a non-compliant situation.
We have historically shied away from performing extensive monitoring and auditing within our database environments because of performance and manageability issues and something that I call “information glut.” We can gather all sorts of interesting data with native auditing tools, but the result has always been slower systems, more management overhead and so much raw data that making sense of it is nearly impossible.
Performance and native auditing have been diametrically opposed. The more knobs and switches we enabled within a database tool like SQL Profiler, the more overhead we introduced. This is an inherent problem because native tools leverage the same CPU and disk I/O as our production systems. While performance degradation is the downside, the upside is the plethora of data that we can extract. With auditing we can get information such as success/unsuccessful access, stored procedure activity, duration for a transaction and almost anything we can think of in relation to the activities that are taking place within our target environment. But auditing issues have typically outweighed the benefits.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.