Building a Successful Data-Centric Audit and Compliance Program

Written by

As the risks, costs and complexity of managing critical data spiral out of control, organizations are being forced to re-think their security strategies and embrace the concept of consistent data security as a core focus.

In conjunction with improved visibility, DCAP promises to provide a unified tier for rationalizing and enforcing policies and procedures across all data sources. But, beyond the concept of DCAP, the practical question is:  How do you build a successful DCAP capability?

DCAP is built upon a collection of products that monitor usage of various data sets, discover and classify sensitive data, and set policy for controlling user access. Organizations have already invested heavily in these tools – be it Database Activity Monitoring (DAM), File-Centric Audit and Protection (FCAP), encryption / tokenization and most recently Cloud Access Security Broker (CASB) products.

Many implementations have yielded limited value and typically cost significantly more than expected, since each product deals with a particular data silo, uses specific terminology and methods, and requires a large investment in skills and specialization.

Projecting these challenges across the rapidly expanding scope of data sources, tools and cloud platforms highlights an urgent need for a more cohesive and efficient approach. 

The Role of DCAP and Data Security Governance (DSG)
The DCAP framework recognizes that while data silo tooling is necessary, there is a need for DSG to drive unification and the bridging of silos for reducing both risk and cost. Security and compliance policies must be persistently applied across structured, semi-structured and unstructured data, and cannot require 20 teams of specialized experts to do so.

Moreover the speed and mobility of data is so great that elements of security and governance must be abstracted to a level that remains consistent despite changes in the underlying repository and its related security tools.

Also, existing investments must be utilized first. So, rather than buying more and more silo’d tooling, organizations should explore a DCAP overlay that complements their existing tools and rapidly facilitates the creation of the new centralized layer of visibility and control. So what are the key elements to building a successful DCAP program? They include:

  • Bi-directional integration with various DCAP silo tools – Ingest data such as monitoring data, audit trails or classification details, and to push policy and configuration changes.
  • Automation and orchestration of behavior across DCAP tools- Eliminate today’s heavy dependencies on manual processes and procedures, especially when crossing silo/tool boundaries.
  • An embedded DCAP data lake that integrates and retains data from all of the underlying tools - Eliminate normalizing all data to the lowest common denominator and leverage enrichment to avoid data “lost in (normalization) translation”!
  • A consistent and unified view of all data assets, risks etc – a “Data 360 view.”
  • Unified DCAP-level User and Entity Behavioral Analytics (UEBA) - Eliminate independent silo-based UEBAs. Alternatively, the ability to aggregate and merge insights derived from UEBA at each silo level.
  • Automatic data routing to the appropriate data/app owners- not just to security analysts but to all stake holders by leveraging intelligent routing and embedded workflow engines. 

I’ll conclude with a short example that will add some color. Suppose that I provide security services for an in-house application that has an Oracle operational database, a Teradata warehouse and a file system used for attachments. I use some combination of DAM, encryption and FCAP products as well as LDAP. Next month the app team will roll out the next version of the app (app V2). The Oracle database will remain where it is but the warehouse and the analytics will move to Amazon AWS using a combination of RedShift and Elastic Map Reduce (EMR) both of which will heavily utilize S3 (btw – is S3 a file system? Is it a database?). The attachments will live in Box.

Assume I have tooling for everything (I.e. I can monitor and get audit trails, I can apply encryption and policies using AWS APIs or CASB, etc). However, policies that were previously done using access control rules may now need to be done through encryption or vice versa. Maybe logs that were generated by DAM systems will now need to be extracted from CloudWatch. Oh, and I need to use IAM in addition to LDAP. This is all doable, but at what cost and how long will it take?

A solid DCAP overlay that glues all this together means I not only can provide the same level of security and compliance for app V2 as for app V1, I can also not have a nervous breakdown while doing it.

In summary, a successful implementation of DCAP will eliminate the complexity and inefficiencies of today’s silo-based data security environments. A unified security data lake, flexible reporting tools, automated workflows, and UEBA together can deliver enterprise-wide Data Governance on a central platform for all stakeholders.

What’s hot on Infosecurity Magazine?