GridApp Systems -- Automating Database Operations

Clarity Clarifies Cumbersome Auditing Data

Industry: Healthcare

With the institution of HIPAA and other data protection requirements, hospitals are under more pressure than ever to not only protect their patient data, but to institute demonstrable controls over the dissemination of sensitive patient information. This requires a rigorous and protected audit trail. In an effort to meet compliance standards and protect its patients, a large teaching hospital in the San Francisco Bay area instituted procedures for gathering information on any alterations to its systems, including records of any and all modifications to its IT infrastructure.

Over the course of just a few months, the hospital had accumulated terabytes of data, the weight and complexity of which was so hard to manage and analyze that the entire auditing exercise was rendered futile. Challenges were particularly evident in relation to the database, where modifications are often highly manual. Moreover, databases store their auditing records on the database itself, leaving the audit trail stranded within each host.

"The bottom line is that it was just too much information," said one hospital IT manager. "We didn't know where to begin in terms of how to manipulate this audit information into anything useful, so we didn't even try."

The GridApp Clarity™ Solution:

GridApp's Clarity solution simplifies the auditing task by incorporating it into an overall management solution. As a result, audit information as it pertains to patching, reconfiguration, or other database functions can be easily tracked through the Clarity interface. This information cannot be modified or erased by any user. Clarity logs and tracks events within the database by using existing meta data. This data -- already available within the RDBMS system -- is manipulated in the following ways:

  1. Manual policies can easily be tracked by associating a user and a set of objects, then specifying what actions should be logged.
  2. A graphical interface is provided for each database, to view users and database objects for auditing.
  3. Key policies, such as auditing all actions taken by privileged users, can be easily defined.
  4. Clarity can provide enhanced security by sending special alerts when specific information has been altered.

Conclusion:

For organizations with complex database infrastructures, the major challenge of auditing and compliance is not gathering data but processing and analyzing the data required to protect the audit trail. Through an integrated interface, GridApp Clarity simplifies auditing by organizing the information within a usage context, ensuring enterprises can both meet compliance standards and maintain stringent control over the security of all their data assets.