Unsupportable competitive claims
The Need for Data Auditing
Enterprises have never been more dependent on their data. For most, data is the lifeblood of the organization. So when data is compromised, business is at risk. Consequences of improper data use can include damage to brand and company reputation, loss of value in stock purchase price, customer attrition, fines, and even lawsuits. Enterprises that manage the inherent risks associated with the access and use of data mitigate their exposure for business loss and assure data integrity.
Demands for Accountability
More accountability to assure the integrity, security, and privacy of data is demanded by stakeholders including customers, partners, auditors, and regulators. Demonstrating accountability has become a boardroom issue for corporations, the burden of which is reaching beyond the offices of the CEO and CFO to the CIO and the IT organization as a whole.
Sarbanes-Oxley, 21CFR11, HIPAA, Basel II, and other regulations don’t mandate specific technology requirements, but they do have broad implications for IT as most, if not all, critical business information resides in databases. These databases require control and monitoring as they store the organization’s most sensitive data.
Human Error & Fraud
By many accounts the source of 70% of data corruption comes from internal users as a result of human error or intentional fraud. Consider the following scenarios. An employee keys an incorrect selling price into the database that feeds the price list of a national retailer. The incorrect price is published before the error is discovered and, as a result, the company must honor the advertised price. In scenario two, an employee steals money from her employer by setting up a fictitious employee ID and payroll, which deposits directly into her own bank account.
The consequences of either scenario can be dire—and very public. Data misuse, loss, or corruption from human error or fraud can be a disastrous event resulting in financial losses, damage to reputation, even lost customers.
Existing Security Measures and Policies
Investments in IT security have largely been focused on preventive security measures such as firewalls and intrusion detection or application controls. Without auditing at the data level there can be no certainty that these controls are effective and working as intended. In addition, these measures have no ability to monitor internal users who have privileged and direct access to the database.
Most organizations have numerous preventive controls associated with the use of applications that drive data. But, once information is in the database, it is subject to additional changes—authorized and otherwise. Privileged users, such as DBAs, developers, even managers, have ongoing and direct access to sensitive data, making it imperative to implement monitoring controls at the database level.
It is clear, that with so many threats to the organization and its data, combined with added pressures for compliance and accountability, organizations can no longer operate without an effective system to monitor and audit the access and use of data.
It is the comprehensive, continuous audit trail that mitigates the business risks associated with data use, and meets the challenges associated with regulatory compliance by employing best practices for management of data.
BPA engagements protect brands from these challenges. Reducing risk is a competitive advantage in the marketplace.
It’s a brand solution and a business solution.