Many organizations rely on enterprise applications to execute core business processes and manage significant amounts of data which are both mission critical and highly sensitive. Financial data, personnel data and customer data are all examples of information managed by applications like SAP and Oracle EBS. It is therefore not surprising that compliance requirements and audits often involve data managed by enterprise applications.
Multi-tier enterprise applications are difficult to secure for a variety of reasons. They are designed to be easily accessible via web, making them susceptible to attack. They also typically mask the identity of application end-users at the database transaction level, using an optimization mechanism known as “connection pooling”. Connection pooling identifies all transactions with a generic service account name, making it challenging to associate specific transactions with particular end-users. As a result, fraudulent transactions are difficult to trace. Last of all the data associated with enterprise applications can also be accessed directly by privileged users via developer tools like SQL *Plus, bypassing controls within the application.
Infosphere Guardium is a comprehensive data protection and compliance solution that addresses all of these issues, providing:
- Real-time monitoring and auditing that captures both direct and indirect transactions, along with automated compliance workflow that ensures all policy violations are investigated and remediated.
- Audit trails for activity performed by application end users, showing access at the database level with corresponding user IDs at the application level, enabling transaction to be easily traced. Supported applications include Oracle EBS, SAP, PeopleSoft, Cognos, Siebel and Business Objects. Application user IDs are also provided for custom and packaged applications built upon standard application server platforms including IBM WebSphere, BEA WebLogic, Oracle Application Server and JBoss Enterprise Application Platform.
- Built-in SOX and PCI DSS policies for selected applications such as Oracle EBS and SAP.
No comments:
Post a Comment