Transactional Systems and Data SecurityAlmost all medium to large organizations depend on various transactional systems for their day to day operations like - ERP, CRM, planning and optimization, inventory management etc. Some organizations consolidate their corporate data across multiple systems into data-warehouses or reporting data stores which may be used for ongoing analysis and reporting.
Data access within the transactional system is usually well controlled via access rights logic to ensure that users access only the data that they are authorized to access. Very often users are allowed to extract or download reports from the systems for analysis or offline reporting purposes. The data extracted from the system is no longer governed by the access rights logic. However, data once available to the ‘authorized’ user is not limited to that user only. This user can share the data with ‘anybody’ without ‘any limitations’ once it is outside the system. Every report or data extract that is ‘outside’ the system, is a source of corporate data leakage.
A competitor could use this vulnerability to cause significant damage to the organization’s assets.
Access rights logic can be used to secure the application data which resides within the boundaries of the application, but it cannot help to secure the data outside the application.
How can data be controlled outside the system?
Information Rights Management technologies like Seclore FileSecure can be integrated with any transaction system to ‘protect’ the report or data extract before it is made available to the ‘authorized’ user.
The protection policies are applied automatically as part of the report execution or data extraction process. The policies governing the use of this information are managed centrally and can be changed at any time as per organization’s requirements.
The security policy for a report will govern:
WHO has access i.e. users or groups of users that are allowed access.
WHAT access is to be given i.e. can the user print, edit, forward or copy from the report.
WHEN the access expires i.e. user access can be given for a few days, few weeks or few months after which the data is unavailable.
WHERE the access is available i.e. user can only access it from within the office network (LAN or WAN) and not from outside.
Data audits and usage reports
Once data is protected with the Seclore FileSecure policy, every access to the report is logged and tracked in a central repository. This helps to maintain an audit trail and log of information flow outside the application boundary. This audit log is comprehensive, with every activity by every user being logged and it is made available to the document owner.
Sample case 1: Consider an insurance company that has a sales reporting process to provide weekly sales figures of each of its intermediaries to the executive sales team.
MIS users sitting at each of the regional head offices i.e. North, South, East and West are responsible to extract this data from the transactional system for their regions and send it to the head office. The MIS team is required to modify or massage the data and aggregate it before sending it to the head office. This data is very sensitive and should not fall into the wrong hands. With a solution like Seclore FileSecure, the MIS team can ensure that the access to this data is limited to the MIS team and the executive sales team at the head office. Further, every access to this data will be tracked and any misuse can be traced to the individual.
Data access within the transactional system is usually well controlled via access rights logic to ensure that users access only the data that they are authorized to access. Very often users are allowed to extract or download reports from the systems for analysis or offline reporting purposes. The data extracted from the system is no longer governed by the access rights logic. However, data once available to the ‘authorized’ user is not limited to that user only. This user can share the data with ‘anybody’ without ‘any limitations’ once it is outside the system. Every report or data extract that is ‘outside’ the system, is a source of corporate data leakage.
A competitor could use this vulnerability to cause significant damage to the organization’s assets.
Access rights logic can be used to secure the application data which resides within the boundaries of the application, but it cannot help to secure the data outside the application.
How can data be controlled outside the system?
Information Rights Management technologies like Seclore FileSecure can be integrated with any transaction system to ‘protect’ the report or data extract before it is made available to the ‘authorized’ user.
The protection policies are applied automatically as part of the report execution or data extraction process. The policies governing the use of this information are managed centrally and can be changed at any time as per organization’s requirements.
The security policy for a report will govern:
WHO has access i.e. users or groups of users that are allowed access.
WHAT access is to be given i.e. can the user print, edit, forward or copy from the report.
WHEN the access expires i.e. user access can be given for a few days, few weeks or few months after which the data is unavailable.
WHERE the access is available i.e. user can only access it from within the office network (LAN or WAN) and not from outside.
Data audits and usage reports
Once data is protected with the Seclore FileSecure policy, every access to the report is logged and tracked in a central repository. This helps to maintain an audit trail and log of information flow outside the application boundary. This audit log is comprehensive, with every activity by every user being logged and it is made available to the document owner.
Sample case 1: Consider an insurance company that has a sales reporting process to provide weekly sales figures of each of its intermediaries to the executive sales team.
MIS users sitting at each of the regional head offices i.e. North, South, East and West are responsible to extract this data from the transactional system for their regions and send it to the head office. The MIS team is required to modify or massage the data and aggregate it before sending it to the head office. This data is very sensitive and should not fall into the wrong hands. With a solution like Seclore FileSecure, the MIS team can ensure that the access to this data is limited to the MIS team and the executive sales team at the head office. Further, every access to this data will be tracked and any misuse can be traced to the individual.
Posts
0 comments:
Post a Comment