The Challenges
One of the biggest challenges facing auditors today is meeting the requirements of a wide variety of data-focused regulations on time with limited resources in complex data environments. Adding to that challenge is the need to provide detailed reports to and get signoff from multiple stakeholders within and outside of the organization—including auditors, assessors and layers of corporate management.
Most enterprises do not know where critical data resides throughout the enterprise and have little insight into which users are accessing data or how it is being used. This is especially true when it comes to privileged users, such as database administrators, who have the keys to the kingdom when it comes to data and data systems.
Whether dealing with a compliance regulation that must be satisfied to avoid severe legal penalties, like Sarbanes Oxley (SOX), or a standard that carries penalties that could hamper the ability to conduct business, like Payment Card Industry Data Security Standard (PCI-DSS), compliance professionals face major hurdles. One of the biggest hurdles is automation. Automating some of the more labor intensive aspects of compliance such as data discovery and classification, database monitoring, data auditing, and compliance reporting and workflow will save time and money, but what is the best way to accomplish this?
As an audit professional, you must ensure that your company has the proper controls in place to mitigate risks and pass the audit. Unfortunately, when it comes to data, few companies have the right controls in place. To address today’s risk climate and growing list of regulations including SOX, PCI, GLBA, HIPPA, FFIEC and others, auditors need to think about data centric security and new controls for protecting data.
With data centric security auditors can answer the following critical compliance questions:
- Has all the data been located and identified?
- Who are the privileged users?
- What roles do the privileged users have?
- What are the privileged users doing with critical data?
- Is there a tamper proof audit trail of all relevant activity?
- Are their reports that can “attest” to the effectiveness of the controls?
- Have those reports been reviewed, approved, and signed by management?
To accomplish all of this, compliance professionals need to consider new tools for data centric security.
Database Activity Monitoring
Many Global 200 companies are using Database Activity Monitoring (DAM) to address major compliance challenges and automate labor intensive tasks associated with SOX, PCI, GLBA and privacy compliance.
DAM provides a window into and user behavior, including privileged user behavior, with regulated data and systems. DAM can assure cardholder data security and audit financial data for SOX or other data-related compliance regulations.
Mantra Database Monitoring and Protection
Deploys faster, works better, easiest to use
Mantra is the most intelligent and easiest to use DAM solution on the market today. Mantra deploys quickly, in even the most complicated data environments, and is productive within hours of deployment.
Mantra’s discovery capabilities locate and classify sensitive data such as Social Security numbers and credit card numbers. Discovery findings can be used to create or fine tune compliance policies based on the actual data usage and non-compliance risk profile of the organization.
Mantra policy-driven database monitoring identifies how regulated data is being used and by whom. It uses a sophisticated analytical engine to recognize non-compliant behavior and take the appropriate action to help mitigate it. Mantra comes packaged with pre-configured policy templates designed to address the requirements of major compliance regulations. Mantra’s policy wizard makes the creation of custom compliance policies quick and easy. And, using Mantra’s drag and drop policy creation functionality compliance policies based on discovery findings can be generated automatically.
Netezza's customers use Mantra to automate labor intensive compliance tasks and address difficult compliance and data security challenges such as privileged user monitoring; separation of duties; SOX auditing and reporting; and cardholder data monitoring and reporting for PCI. Netezza customers chose Mantra over other DAM solutions because it delivers the highest value for a lower cost of total ownership, scales to the largest data centers, and is the easiest to use and to manage.
Mantra Highlights
- Best-in-class data discovery locates regulated data (at rest and in-flight) and databases on the networ
- Pre-built auditing templates for SOX, PCI, and Privacy
- Automated compliance reporting for easy creation of a variety of executive level and detailed reports
- Automated workflow for multi-level review and signing
- Tamper proof repository of all database activity
- Forensic tools for extracting and replaying incident events
- Privileged user monitoring and segregation of duties capabilities ensure that all user activity affecting compliance is covered
- Content Scanning locates any type of regulated data and includes scanning policies for all major credit card numbers
- First product to provide unified auditing and monitoring of unstructured data in file shares for auditing data such as SOX data in spreadsheets