Who’s Doing What in an Organizational Database?

Tightening data security and sustaining compliance with InfoSphere Guardium Database Activity Monitor

Data privacy, while always important, has become significantly more so in recent years. Consider the potential impact to your organization’s reputation if a data breach gets reported in the news media; your company could lose existing customers and miss out on gaining new ones. Of even greater concern to many organizations are the regulatory requirements for protecting sensitive data stored in corporate and governmental databases. There are Payment Card Industry Data Security Standard (PCI DSS) regulations for credit card data, Sarbanes-Oxley (SOX) regulations for financial data, and Health Insurance Portability and Accountability Act (HIPAA) regulations for health care records—and these are only a few of the data protection rules in the United States alone. There are a lot more in both the US and worldwide.

Compliance with data protection regulations is a major priority for all kinds of organizations. In the past, mainframe system administrators might gain some leeway in the face of a data security audit by pointing out, “Hey, it’s a mainframe. We’re OK.” While IBM® System z® does indeed have a well-deserved reputation as a highly secure data-serving platform, those “we’re OK” days are over. Mainframe people have to demonstrate regulatory compliance to auditors just like everyone else.

Organizations need a database activity monitoring solution that efficiently enables quick detection of unauthorized intrusion and provides reporting and analysis capabilities that present a clear picture of data access activities on a System z server. The IBM InfoSphere® Guardium® Database Activity Monitor is that solution.

Comprehensive and thrifty at the same time

The Guardium solution provides comprehensive functionality. It can log activities, issue real-time alerts if security issues arise, and report on data access events. It also offers the flexibility to tailor monitoring to suit your particular needs. Want to track the data access activities of privileged users on your system, such as employees with system administration (SYSADM) authority in an IBM DB2® for z/OS® environment? No problem. And the secure nature of Guardium-collected data eliminates the exposure that exists when privileged users are required to watch other privileged users. You could focus only on dynamic SQL statements or a particular connection type (for example, IBM CICS®-DB2 transactions), or a set of objects in a database (such as tables in which credit card information is stored).

The Guardium solution is also very efficient. The ability to target monitoring so that you’re tracking what your organization needs tracked is one aspect of the Guardium efficiency story. It also helps minimize resource consumption on monitored systems via “software taps” (S-TAPs)—lightweight probes that essentially perform “catch-and-throw” duty to capture data access activity as requested and stream information over IP links to the Guardium appliance. (z/OS systems have Guardium S-TAPs for DB2, IBM IMS™, and Virtual Storage Access Method [VSAM].) This appliance does the heavy lifting of intrusion detection, alerting, and reporting. The Guardium appliance is Linux-based, but it has its own access control mechanism (with, among other things, no root access) so that records are available only to designated users with the necessary permissions.

Data captured in the Guardium appliance can be reported in multiple ways. Users can either create custom reports or choose from a number of standard reports. One such report provides information that a PCI auditor would want to see.

The Linux base on which the Guardium appliance code executes makes possible a particularly elegant implementation solution from a System z perspective: the appliance can execute in a zBX—the hybrid end of the IBM zEnterprise® platform, in which Linux, IBM AIX®, and Windows systems can run—for reduced network costs and enhanced system management capabilities.

Monitoring most any database, on most any server

The InfoSphere Guardium Database Activity Monitor is truly an enterprise solution. It provides comprehensive data access activity tracking not only for your “crown jewel” data on System z but also for multiple data systems on Linux, UNIX, and Windows servers—including DB2 for Linux, UNIX and Windows—as well as DB2 for IBM i, IBM Informix®, Oracle, SQL Server, Teradata, Sybase, and MySQL. Regulatory compliance for sensitive data may be a hurdle for your competitors to overcome, but Guardium can make compliance a bar that your organization can demonstrably clear, to the satisfaction of auditors and customers. Don’t bemoan compliance. Master it.

[followbutton username='IBMdatamag' count='false' lang='en' theme='light']