IRVINE, CA, November 11, 2014 – Many government agencies, departments, subcontractors, service providers, and organizations that operate IT systems on behalf of the government must ensure protection of their critical infrastructure and ensure data security and continuous systems operation. These requirements are documented in various international and national standards, regulations and statutes established by authorities and covered by best practices frameworks such as COBIT, NIST800-53, ISO/IEC 27001, ISO/IEC 15408 and ITIL. They demand that government agencies secure and protect the confidentiality, integrity, and availability of information systems and the data processed, stored, or transmitted by them.
Staying compliant with these regulations is a question of reputation for a wide range of organizations including data clearinghouses, state departments, military subcontractors, and private vendors if their data is exchanged directly with government systems. Failure to meet the regulations may lead to direct and indirect financial losses and exclusion from operating within certain industries.
To meet compliance requirements and ensure the security of IT infrastructure, government IT professionals should consider the following recommendations:
Establish control over users and their activities. A large part ofdata security requirements lies within access control, account management, and separation of duties. In fact, today these are some of the cornerstones of any security policy, established in response to the dramatic increase in security incidents or as a part of compliance efforts. In order to avoid critical issues such as internal misuse of information systems, it is important to monitor user activity, ensure that permissions are granted to users on a need-to-know basis, and implement continuous tracking of modifications made to user accounts.
Gain complete visibility and accountability with audit reports. Responding to compliance regulations, organizations may be required to submit reports with various levels of detail for an arbitrary period, proving effective implementation of security controls and adherence to enacted policies. However, because it is extremely impractical to collect, consolidate, and correlate data manually on configurations, security settings, and activities in databases, file servers, and virtual environments manually, a change-auditing solution will notify you of all changes across all IT systems and provide comprehensive custom reports.
Monitor and evaluate your environment. Being compliant in many aspects means being sure that security policies and procedures are functioning properly and are helping with risk reduction. Having your IT infrastructure constantly audited validates that you have complete visibility across all your IT systems and proves that your IT environment is under permanent control.
Control access and modifications to shared resources. When it comes to data stored in critical systems such as SQL, file servers, and SharePoint, it is necessary to know who did what, when, and where. Consider deploying a solution that will provide you with a detailed view, including before and after values, on any attempt to access, modify, or delete sensitive data.
“As the need to protect sensitive data gets increasingly critical, the long-term investment in advanced auditing solutions becomes obvious for any organization in order to ensure data security,” said Alex Vovk, President and Co-Founder of Netwrix. “Establishing continuous auditing will help you to be prepared to comply with security regulations and to maintain protection of all systems.”
About Netwrix Corporation
Netwrix Corporation, the #1 provider of change- and configuration-auditing solutions, delivers complete visibility into who did what, when, and where across the entire IT infrastructure. This streamlines compliance, strengthens security, and simplifies root cause analysis. Founded in 2006, Netwrix is ranked in the top 100 US software companies in the Inc. 5000 and Deloitte Technology Fast 500. Netwrix software is used by 160,000 users worldwide. For more information, visit www.netwrix.com.