As I have been recently engaging with clients discussing protection of Personal Data related to the GDPR and other privacy regulation compliance, I have come to understand that many organizations do not have a full insight into who is accessing their data. There is a big challenge with ensuring that databases and data stores are creating the correct audit trail across the IT landscape, and that the audit trail is stored in a sufficiently secure manner and periodically reviewed for unauthorized or unexpected access.
To be ready for the GDPR, Data Controllers and Processors needs to have a clear and reliable insight into who is accessing Personal Data. This will enable them to discover potential breaches before they cause real damage.
During a pre-study where I was engaged to look at ISO 27001 requirements in order for a client to get ready for GDPR, we concluded that a Data-Centric Audit and Protection Solution would be a good way of ensuring that an audit trail is created when users access Personal Data in both databases and files.
A Data-Centric Audit and Protection Solution can
- assist in finding and classifying data to protect
- assess the security of the database where the data is stored
- assist in minimizing who is authorized to access the data
- create audit trail of who is accessing data and store it separated from the system that is monitored
- identify unwanted and abnormal access using automated advanced analytics
- block future access if misuse is discovered to ensure that the data is safe
- help data owners getting insights into who is accessing the data and assists in the upholding of compliance
Unlike native database logging, Data-Centric Audit and Protection Solutions has a low impact on database and application performance as creation of audit trails are offloaded to external appliances. This can lower the cost of running database servers and improve the user experience for your business users.
In addition, Data-Centric Audit and Protection can track the application end user which is accessing data through enterprise applications.
Get in touch if you would like to know who is accessing your data.
Capgemini is partnering with the leading global vendors and can assist you in finding and implementing the solution that is the best fit your organizations need.