September 2005 Volume 9, Number 2

Data Protection and Lemonade

By Mary Weiss, Senior Sales Consultant

When life gives you lemons, you make lemonade, right? A lot of IT departments probably feel like they have been handed a boatload of lemons in the past year or two. Increased internal and federal auditing regulations are asking you to examine your entire IT environment, applications, and procedures under a microscope. Added to that is the alarming increase in reported data theft attempts and identity theft fraud. Many companies probably don't have the resources or budget to even begin addressing some of these requirements. And, as we all know, lemonade requires sweetening.

Well, SoftLanding has a little sugar to go with those lemons. We offer some very affordable software solutions that will help you protect your sensitive financial, employee, and/or customer data. So, sit down, relax, grab a tall frosty glass of lemonade, and let me introduce you to a few solutions for some of the identified security niches. Through our partnerships with both Tango/04 Computing Group and Original Software Group, we can help you plug a few holes and quickly add data and system monitoring.

First, let's discuss test data. How could extracting test data cause a potential security problem? It may seem harmless at first, but think about it. When you copy production data into your test environment, you are handing your test technicians the keys to potentially sensitive information. Sometimes these technicians are not even your employees — instead they are a vendor to whom you outsource some of your testing. How do you add security measures while still maintaining the database structure and referential integrity needed for accurate tests? We recommend the Extractor Compliance Edition product from Original Software Group.

With Extractor Compliance Edition, sensitive information such as a customer's name, address, and social security number is rendered meaningless by vertical scrambling, such that it cannot be accurately reconstructed. Testing technicians and developers get what they need, and you know that you have protected your sensitive production data.

Another sour problem is database files. You may have spent some time trying to figure out how to monitor who is accessing, changing, updating, or deleting the data in certain files. With Tango/04 Computing Group's iSeries Data Monitor product, you can take absolute control of your critical data usage, without any programming intervention. Data Monitor audits all insert, delete, and update transactions issued against your iSeries database tables, in addition to the DLTF, CLRPRM, and ENDJRNPF commands. To accomplish this it uses the native audit journals of the i5/OS-OS/400 operating system. It doesn't use triggers, which are resource-intensive and error-prone, and which do not generate opposable logs that can be used in the litigation process for fraudulent activity.

The iSeries Data Monitor retrieves detailed information about every change, including timestamp, job, user, real user, user class, accounting code, IP address of the remote job that executes the transaction, and the name of the program and library. You can generate reports interactively or schedule them. Present the report output in on-screen display format or in a variety of other output formats, including Acrobat, plain text, Comma-separated values (CSV), Excel, dBase, Word, HTML, XML, and others.

And, to add some real zest to your security practices, add Tango/04's VISUAL Security Suite (VSS) to the mix. VSS can audit thousands of users, invisibly and in real time. Personalize the actions and events you want to control. VSS supports the most complete group of actions on the market, including Java, clustering, and complete object monitoring. Furthermore, its configuration wizard lets you easily establish and maintain control policies. VSS includes SQL Monitoring for both interactive and batch processed queries. Again, you can track sensitive changes by user, by data modified, by IP address, and more.

VISUAL Security Suite includes a flexible Reporting System to create and automatically generate a wide range of reports in HTML, Word, and other output formats. There are a number of pre-defined reports for an extensive list of both security events and modifications — to user profiles, system configuration, folders and system objects, and disconnected user profiles.

Getting your security under control is a real thirst quencher for most IT departments. Give us a call to discuss your security objectives, and schedule a technical WebEx demonstration of Extractor Compliance Edition, iSeries Data Monitor, or VISUAL Security Suite. Most WebEx sessions take about one hour, with plenty of time for technical questions and discussion. (You'll have to supply your own lemonade.)

Schedule your demonstration today by calling Mary Weiss at 1-800-545-9485 extension 511, or send an email to maryw@softlanding.com.

Back to Table of Contents

WHAT'S NEW