APPLICATION COMPLIANCE AUDIT & ENFORCEMENT

Transcription

1 TELERAN SOLUTION BRIEF Building Better Intelligence APPLICATION COMPLIANCE AUDIT & ENFORCEMENT For Exadata and Oracle 11g Data Warehouse Environments BUILDING BETTER INTELLIGENCE WITH BI/DW COMPLIANCE AUDIT AND CONTROL KEY FEATURES Audits user, application, query and data activity Enforces data compliance policies in real-time Alerts compliance staff of attempted violations Identifies suspicious user or application behavior Delivers out-of-the-box compliance reports KEY BENEFITS Ensures applications and data compliance Delivers audit and control in one system Minimizes staff costs with automated controls and alerts Designed for non-technical compliance staff Financial transparency regulations such as SOX and Basel II, and personal health and financial data privacy regulations such as HIPAA and PCI have placed new demands on companies. These regulations require organizations to apply controls to protect and document the integrity and security of their use of sensitive data. Business intelligence (BI), analytical, and data warehouse (DW) applications are now business-critical systems frequently containing sensitive data. These systems require effective compliance audit and policy controls to ensure organizations meet regulatory mandates and protect their information assets. Comprehensive BI/DW Application Audit and Real-Time Policy Enforcement Teleran s software solution delivers a centralized platform for BI/DW compliance auditing, reporting and policy enforcement. Residing on the network between BI applications and Exadata or Oracle 11g Database, Teleran s patented software solution continuously watches and controls how the data is accessed by whom, in what business context, and with what application. Its policy enforcement blocks inappropriate queries and reports before the database is even reached. Continuously Auditing Key Dimensions of BI/DW Environments Data warehouses today are used by a wide array of business roles, functions, applications, and geographies both internal and external to organizations. As a result sensitive data is potentially exposed to many people and at many points in the lifecycle of a data request. Because of this exposure, ensuring that this complex system is comprehensively audited, not just at the database layer, but across all key dimensions of the BI/DW environment is critical. Figure 1. Teleran s compliance reporting by user, organization, data, BI application, semantic layer, and report name. Deploys quickly and easily These key BI/DW dimensions include who the actual user is, his or her organizational context, the BI application in use, the specific BI semantic layer and report name, the SQL query launched by the application server and data objects accessed in the database. It also tracks data manipulation (DML) activity including inserts, updates, deletes, and database activities such as granting permissions, and adding and deleting tables. EXADATA-READY

2 FILLING A GAP IN THE ORACLE STACK Teleran s BI/DW Compliance Software offers features uniquely designed for auditing, analyzing and controlling BI user, application and DW activity. With a focus on BI/DW applications, it complements Oracle Audit Vault, Data Vault and Virtual Private Database (VPD) compliance solutions. BI/DW FOCUS Continuously audits all activity across user, BI, query and DW layers Network-based architecture puts no overhead on the database Ensuring All BI/DW Users Are Identified, Tracked and Controlled Teleran s Identity Persistence feature enables the Teleran solution to both audit access and enforce policies at the individual application user level. In many cases application servers use generic database IDs to access the database, masking the actual user identity to processes monitoring at the database. Without the specific user ID, data usage auditing and policy enforcement at the database are rendered ineffective. Teleran s Identity Persistence captures the user ID at the application or LDAP/single sign-on layer and associates it with the SQL query generated by the application. This enables Teleran s solution to track and and apply granular control policies at the user and user group levels as required by most compliance mandates. Compliance Reporting and Alerting for Non-Technical Staff BI/DW Compliance reporting, analysis and alerting are key components of Teleran s comprehensive solution. It delivers compliance reporting that is designed for use by non-technical roles including auditors, application managers and compliance staff. It also delivers dashboards, drill-down analyses and alerts that highlight overall risks, inappropriate or suspicious activities and identifies those activities that should be prevented with Teleran s compliance policy enforcement. Figure 2. Sensitive data access report highlights unusual activities by identified users against certain database tables and columns. Designed for use by nontechnical compliance staff Targets BI/DW application users versus privileged user roles Leverages Audit Vault repository and regulatory compliance reporting Real-Time Compliance Policy Enforcement Protects, Alerts and Guides Teleran s BI/DW compliance solution delivers access policies that automatically protect applications and data from inapproriate or unauthorized reports and queries. With an easy-to-use wizard, compliance staff can define, test and enforce real-time compliance policies. Policies can be applied by specific users, functions, organizational groups, geographies, applications and data objects down to the column level. Active policies screen information requests from users and applications before they reach the database, blocks those that violate active policies, and if appropriate, issues messages to BI/DW users warning them of their attempted violation and guiding them 2

3 in the appropriate use of the data and application. The system sends alerts and reports to compliance staff on attempted breaches of compliance policies or other defined activities and events. Alerts are delivered via a wide range of media including , pager, and SMS text messaging. Figure 3. Messages warn application users of their attempted policy violations and guide them in appropriate, authorized use. Database error: ORA-12408: [TT] Your query violates PCI compliance policies. You are not authorized to access customer financial data. Figure 4. Teleran s products reside between Oracle Database / Exadata and BI applications or middleware. Unobtrusive, Easy-to-Install Software, Exadata Ready Teleran s software architecture is network-based, requiring no database agents or traces that degrade database performance and resource efficiency. Teleran s products reside on the network between applications or middleware and Oracle Database 10 and 11g and other database platforms. Teleran s products are designed for fast and easy installation typically requiring one to two hours. Developed in Java, Teleran s solution supports all major operating systems and server platforms and supports single and multi-node database environments including Exadata. Teleran s solution is certified Exastack-Ready by Oracle and is integrated with Oracle CRS in RAC environments. Figure 5. Teleran captures usage traffic on the network outside of the database and logs to its compliance repository for easy and fast reporting and alerting. BI/DW Users Network-based Capture Data Warehouse Logging Reporting & Alerting Teleran Repository 3

4 Case Study Protecting Personal Medical Information A large health care provider needed to comply with the federally mandated Patient Health Information (PHI) Act and Health Insurance Portability and Accountability Act (HIPAA) regulations for a large Oracle 11g data warehouse used by hundreds of physicians. These privacy regulations require that access to patient information be audited and explicitly controlled. In particular, because the healthcare provider s BI applications used generic database user IDs, database monitoring alone could not correlate the application user with actual data used, a critical compliance requirement. After reviewing a wide range of compliance solutions, the healthcare provider selected Teleran s solution. Teleran provided auditing and policy controls that enabled the provider to protect sensitive patient information by applying policies at the individual user level independent of the application and database. Without user specific controls, the provider could not have met the PHI and HIPAA requirements. With Teleran the provider was able to expand data warehouse access to a broader range of healthcare staff across their network of clinics with confidence that their patient data was protected. Key Features and Benefits Teleran BI/DW Application Compliance solution provides the following features and benefits that enable you to deliver effective compliance auditing and reporting as well as compliance policy enforcement. Integration with applications and databases enables audit and protection of the entire BI/DW application environment from the users to the data Integrated Auditing and Usage Policy Controls uniquely track and protect in a single software solution Patented Real-time Policy Enforcement Engine enables flexible controls automatically adapted to each unique application and business environment Automated Alerting communicates real-time warnings to compliance staff and guidance to users who attempt to violate active policies Identity Persistence maintains understanding of who the BI application user is throughout transaction even when generic database user IDs are employed Network-based Architecture installs quickly and requires no performance degrading in-the-database agents, traces or monitors Conclusion Compliance regulations such as PCI, HIPAA, SOX and Basel II require organizations to audit and protect the use of sensitive data. Because BI/DW applications are now business-critical systems frequently containing sensitive data, they require effective compliance audit and policy enforcement to ensure these and other regulatory mandates are addressed. Teleran s BI/DW Application Compliance solution is uniquely designed for the complexities and user-driven dynamics of 4

5 BI/DW environments. It continuously audits and controls how the data is accessed and used by whom, in what business context, and with what application. With Teleran s comprehensive solution you can be assured that your BI/DW assets are in compliance and protected. Contact Us For more information about Teleran BI/DW Application Compliance visit Teleran.com or call , x203. Teleran is committed to developing practices and products that help protect the environment Teleran Technologies, Inc. All rights reserved. Teleran and the Teleran logo are registered trademarks of Teleran Technologies, Inc. All other names are the property of their respective owners. SO Oracle, Oracle Database 11g, Exadata, Oracle Enterprise Manager, Data Vault, Audit Vault and Virtual Private Database are trademarks or registered trademarks of Oracle. Building Better Intelligence 5