People are at the heart of data protection programs. We all rely on their expertise to manage the systems, advise us on database hardening, interpret the incoming monitoring data and help the organization prepare for compliance audits. These tasks continue to challenge organizations that don’t have enough skilled people to manage them, all in the face of ongoing headwinds such as:
- Increased scrutiny caused by high-profile breaches in their industries;
- New regulations, such as the European Union’s (EU) General Data Protection Regulation (GDPR); and
- The sheer magnitude of routine tasks that suck the energy out of the best and brightest.
A key to keeping people happy and engaged at the right level is to provide automation, analytics and associated visualizations to help everyone responsible for the data protection program. This extends to all levels with installation, maintenance, threat monitoring and compliance.
Data Protection for Technical Administrators and Managers
Let’s start with the folks on the ground who are managing the infrastructure for data protection. They need to focus on expanding and deepening data protection to align with business needs. But when things go wrong, they are on the firing line. They need to be able to quickly detect network connectivity issues or overloaded systems. They need to know when a problem is brewing before it becomes a full-blown outage. Even better, they need a history of such events so they can increase capacity and/or take advantage of workload balancing techniques to manage the load.
Using improved visualizations for threshold and alert conditions, administrators can proactively address issues and spend their time planning strategically rather than reacting to problems. IBM Security Guardium, for example, provides a deployment health dashboard. This dashboard includes metrics that provide both real-time and historical views of the health of the system, as pictured below:
These graphs can help administrators understand at a glance the overall health of the monitoring system.
Let’s look at a use case of how improved visualizations can help administrators prevent an outage to their data protection system. Assume that data has been accessed at an unexpectedly high rate and disk space is filling up. Below is a time chart that indicates the growth of the internal database disk usage over time until it reaches the critical threshold of 85 percent. By monitoring this chart you can detect upward patterns and address them before this brings your system down.
Shaving minutes and hours off the time spent locating and fixing an issue results in time that can be spent doing productive work that aligns with business needs. Preventing outages altogether can help keep administrators off the firing line.
Security Analysts: Reducing the Noise
Security analysts are required to tease out real threats from the overwhelming noise using as much automation and analytics as possible. The visualization of outlier events is not only important for raising awareness of individual events, but also to help analysts understand clusters of such events that could indicate a larger attack.
Guardium has had outlier detection and visualization for several releases now, but 10.1.2 has taken a big step forward by aggregating outlier detection across many data servers. Organizations can now take advantage of load balancing and outlier detection of database access events across the organization, even if events are being balanced across several Guardium collectors. Guardium has also expanded the scope of outlier detection to cover file activity.
Another new visualization takes you into another dimension — literally: 3-D visualization of activity is a much more intuitive way for analysts to detect aberrant access or unusual activity.
Audit Readiness: Anyone and Everyone
Finally, let’s talk about anyone who has to prepare for an audit. Preparation for audits should be easy, not a fire drill. Organizations must have processes in place to enable them to be audit-ready at any time. Guardium has always had automation to enable IT professionals to distribute reports to the necessary reviewers.
From the content perspective, Guardium accelerators help organizations demonstrate compliance to common regulations such as PCI/DSS and SOX. From a compliance perspective, the new 800-pound gorilla in the room is the GDPR, which goes into effect in May 2018. But don’t think you’re safe if you are not in the EU. This regulation has international reach, applying to any organization that processes data of EU data subjects. Fines for noncompliance can be up to €20 million or 4 percent of global annual turnover per incident, whichever is higher.
Because this regulation is so far reaching and financially punitive, Guardium has made a special effort to provide the capabilities to automate the detection of potentially relevant data as part of its GDPR accelerator in 10.1.2. The GDPR accelerator, similar to the other compliance accelerators, is available at no extra charge and provides the following capabilities:
- A predefined knowledge set mapped to GDPR obligations;
- New GDPR roles for separation of duties;
- A GDPR security policy that can jump start your GDPR data protection requirements;
- Predefined GDPR reports; and
- A predefined and automated data classification process to help you discover GDPR data in your organization, as shown below.
Let’s look at a use case for one of the reports. One of the requirements outlined in the GDPR is data subjects’ right to erasure, enabling subjects to request the deletion of their personal data. You can use one of these prebuilt reports to provide evidence that such records are removed, as shown below:
These are just a few of the goodies in Guardium Data Protection designed to reduce the drag on the jobs of all roles involved in data security. Improved analytics and visualization, efficiencies, automation and prebuilt compliance templates help free human intelligence for the greater good of your organization’s security posture.