Compliance: a horse is a horse

One of the hottest topics over the past year is "compliance auditing". Regulations from the Sarbanes-Oxley Act require that computer access to data not only be tightly controlled but also heavily monitored, logged and audited. Some regulations require auditing all users and resources.

This is a far cry from the typical forensic auditing that network professionals did just a few years ago, when audit logs were really only read after a problem had occurred in an attempt to determine who (or what) might have caused the situation. Still, there have also been major advances in these security-monitoring functions.

Let's say there's a very up-to-date horse stud, with sensors all over the barns wirelessly connected to the stud network. Constant monitoring of comings and goings of horses and handlers is logged. Access to individual stalls is controlled with proximity cards, and a verifiable record of who can access which horses is always available.

One morning, it's discovered that the stable door is open and all the horses are missing.

Old-style audit logging would require that we now sit down and read through the logs to discover who was (probably) the last handler to leave the barn. "Probably", because if that person didn't lock the door, then there's no record of him leaving. We need to match up all entrances and exits to see where there was an entrance (logon) without a corresponding exit (logout). But the horses are still gone.

If the owner has good regulatory compliance auditing tools, he could query the command console to see who had access to the stable - and to each horse's stall -- during the hours that the security breach might have taken place. He can show the investigators whether he was in compliance with all regulations regarding horses, stables and data security. But the horses are still gone.

An up-to-date stud network armed with sensors, detectors and rules would have noted that the stable doors were unlocked after the time set for them to be locked. It would have noticed horses out of their stalls at a time they shouldn't be. It would have noted a human presence when none had logged on. And it would have responded by locking the door before the horses got out.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email Computerworld
• Follow Computerworld on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark