IPLocks Compliance Solutions

IPLocks Compliance Solutions address the crux of compliance issues -- data integrity and safety. Each industry or regulation may have its own compliance requirements (ex - Medical = HIPAA; Retail = PCI), but the essential elements these regulations are the same. Data integrity and safety are of paramount importance.

In the context of compliance, what does data integrity and safety mean?

1. Data that gets put into the database is accurate
2. Access to data is limited to only individuals that must have access
3. Authorized individuals can't make unauthorized changes
4. Authorized individuals can't misuse their authorization levels

The effort required to achieve these goals is non-trivial. The cost of compliance is also non-trivial. Businesses need solutions that can meet the compliance requirements in a cost effective manner. IPLocks offers:

Data is the focus of most regulations:

• SOX = Financial Data
• PCI = Credit Card Data
• HIPAA = Medical Data

In order to meet the compliance requirements, businesses must implement controls that prevent erroneous data or prevent misuse of data. For these controls to be effective, they must be operational 24x7 and must have holes that cause them to miss critical events. IPLocks achieves these needs by:

• Continuous database monitoring or schedule-based monitoring
• Pro-active policies with the ability to branch based on discovered conditions
• Full support for all types of database activity; no holes due to encrypted networks, console connections, or stored procedures

Organizations face several obstacles when it comes to implementing internal controls in support of compliance:

1. Which controls to implement?
2. How to implement them consistently in a multi-vendor environment?
3. Knowing whether or not controls meet auditor's expectations.

• Pre-packaged Policies:
  Policies target specific regulatory concerns such as change management and user privileges.
• Well-designed Controls:
  Assure auditors of you business continuity with controls that are not verifiable, appropriate, and difficult to bypass
• Auditor-Friendly Reports:
  Auditors don't want to guess what you are trying to accomplish, they need to see the control definition, objective, assertion types, periodicity, and other key attributes of controls.

Besides the aforementioned implementation obstacles, the biggest obstacle to implementing compliance measures is the cost. For example, there has been quite a backlash against SOX because the implementation costs have been so high. Organizations must make choices between the cost of compliance and the cost of non-compliance. The Ponemon Institute estimates that the average cost for data theft is $160 per record. To improve the risk/reward ratio, IPLocks aims to lower the cost of compliance through:

• Automated Controls. Preferred by auditors and recommended by many industry organizations such as ITGI and ISACA, automated controls require less testing and result in a direct savings in audit costs.
• Separation of Duties. DBAs can be DBAs; Auditors can be auditors; management can be managers. Role separation enhances data integrity and provides more proof to auditors that controls can not be bypassed, improving confidence and reducing audit costs
• Unburdening DBAs. Policy development, implementation, and reporting can be done by auditors with no DBA involvement. Audit data management is performed within IPLocks. DBAs no longer have to write or maintain complex administrative scripts to monitor and collect audit data, manage audit data, or produce custom audit reports.

For more information, you can contact IPLocks directly at iplocks-sales@iplocks.co.jp or by calling +81-50-3786-6911.