Description
Comprehensive Compliance Auditing and Controls for BI DW Environments
TELERAN BI/DW COMPLIANCE AUDITING
a white paper
Combining Application and Data Usage Auditing
with Granular Compliance Policy Access Controls
Copyright © 2010 Teleran Technologies, Inc., All Rights Reserved
Comprehensive Compliance Auditing
and Controls for BI/DW Environments
Auditing & Controlling the Entire BI/DW Environment
Protecting Users, Applications & Information
Ensuring Compliance While Enhancing User Experience
Regulatory Compliance Driving
Auditing and Policy Enforcement
Federal financial reporting transparency
regulations such as SOX and Basel II, and
personal health records and financial data
privacy regulations such as HIPAA and PCI
have placed new demands on companies.
These regulations require among other
things that organizations apply appropriate
controls to protect and document the
integrity and security of their access and use
of sensitive data. The bottom-line: policies
controlling access to, and use of applications
and the underlying databases must be
strictly enforced and an audit trail of who
has accessed the information must be
maintained.
Protecting Users, Applications and
Data
While organizations have made significant
investments in firewalls and intrusion
detection systems to protect their network
perimeters, these systems have proven they
can not prevent authorized system users
from accessing data inappropriately. In fact,
most cases of data theft and misuse are
committed by authorized insiders. Over the
last three years many high profile data
incidents have been reported in the press.
As more data is centralized in larger
databases accessed by a growing numbers
of people and applications, the risk of data
misuse is increasing.
A more effective approach focused on user
access and use of the data itself is needed.
Amit Yoran, the former cyber security czar for
the U.S. Department of Homeland Defense
bolsters this view, “tighter controls are
needed for achieving data integrity and
compliance. This can most effectively be
accomplished by monitoring and controlling
authenticated user behavior at the unique
user, application and database levels.”
2
Copyright © 2010 Intelligent Solutions, Inc., All Rights Reserved
teleran BI/DW COMPLIANCE AUDITING a white paper
Combining Application and Data Usage Auditing
with Granular Compliance Policy Access Controls
Comprehensive Compliance Auditing
and Controls for BI/DW Environments
Patented Process Continuously Audits and
Controls Who Is Looking at Your Data
Teleran’s enterprise compliance solution for business-critical applications provides a
centralized compliance platform for enforcing business policy as well as for auditing,
monitoring and reporting. Residing on the network between SQL generating applications
such as Business Intelligence (BI), CRM and Web applications and the underlying databases,
Teleran’s patented software solution continuously watches and controls how the data is
accessed and used by whom,, in what business context, and by what application. Teleran’s
policy enforcement product blocks inappropriate data requests before the database is
even reached.
External
Access
Internal
Access
Firewall Web Server
Application
Servers
Database
Servers
Teleran Application
Protection and
Compliance
Internet
Teleran’s Comprehensive Compliance Solution
Protects Applications and Databases
Modeling the Application Environment
- Users, Applications, Databases
The Teleran System interrogates system
tables of the databases and applications to
which it is auditing and managing access.
This modeling process enables Teleran’s
products to maintain an up-to-date
understanding of all users, applications and
database objects. With leading BI
applications, the Teleran System’s also
models application semantic layers, report
names and associated SQL statements.
iSight™ Audits, Analyzes and Reports
on Business Use of Information
iSight continuously audits, analyzes and
reports on user, application and database
activity for compliance and risk manage-
ment. Integrated with leading BI tools,
iSight tracks application user, semantic
layer activity, report names and SQL query
activity and combines that with data usage
activity to provide comprehensive visibility
and management of the entire BI appli-
cation environment. iSight captures
information on query activity from all
other SQL generating applications as well,
ensuring that organizations have complete
visibility on all access to the data.
Compliance Reporting and Analysis for Non-Technical
Staff
iSight provides policy monitoring, risk analysis and compliance
reporting that is designed to be used by non- technical roles
including auditors, application managers and compliance
staff. It also alerts risk and compliance staff to inappropriate or
suspicious activities and identifies those activities that can be
prevented with Teleran’s compliance policy enforcement
product, iGuard.
iGuard™ Query Policy Management
Automatically Protects and Guides
iGuard is a query policy action engine that
provides policies or rules to enforce data
access compliance. It automatically protects
the application and database environments
from inappropriate or unauthorized reports
and queries that violate compliance policies.
Using a patented real-time policy engine,
iGuard screens information requests from
applications before they reach the database,
blocks those that do not conform to
established compliance policies, and in-
stantly issues expert system-based
messages that warn information requesters
of their attempted policy violations and
guide them in the appropriate use of the
data and application.
iGuard’s data access policies are
automatically adapted to the unique
application and database user, application
and database environment by the modeling
process described above. This ensures the
accuracy and consistency of active iGuard
control policies and minimizes administra-
tive overhead.
3 Copyright © 2010 Teleran Technologies , Inc., All Rights Reserved
teleran BI/DW COMPLIANCE AUDITING a white paper
iSight Compliance Report Displaying Data Manipulation
by Applications and Application Users
Sample iGuard Compliance Message Integrated With a Sample BI Tool
Identity Persistence™ Guarantees
Visibility and Control of BI Application
Users
Tracking and managing usage by actual
information requester ID, whether it is the
application, operating system, or database
user ID is critical for risk and compliance
management. Most application servers
today log into the database with a single
“generic” database user ID. This effectively
masks the true identity of the application
user to the database and renders database
level auditing and access controls ineffective.
With Teleran’s ID Persistence feature, iSight
can associate the application or single
sign-on user with the complete database
transaction. Identity Persistence also
enables iGuard policies to be applied by
application user, business unit or role for
effective and granular policy enforcement.
Delivering Business Productivity,
Performance and Efficiency
Teleran’s software solution additionally
delivers unique capabilities designed to
improve business user productivity, enhance
application performance and deliver
significant operational savings and return on
investment. Providing a comprehensive
view of the entire application environment,
iSight directs performance tuning of reports,
SQL queries, and databases. iGuard also
prevents long-running and inefficient SQL
queries from reaching databases, protecting
the performance of high priority
applications from less efficient tools and
rogue queries. iGuard business productivity
and performance policies operate in
conjunction with iGuard messaging that
guides users in real-time to more efficiently
and productively work with their
applications and data.
Teleran’s solution provides critical business
performance and productivity benefits,
while reducing support staff and system
resource costs. Combining compliance
capabilities with these operational benefits
and cost savings offers a powerful business
solution that returns value to the business
while protecting key business assets.
Teleran Customer Successes
The following Teleran customer success
stories highlight the benefits organizations
have achieved from licensing and deploying
Teleran software products. Teleran’s unique
combination of protection, performance
improvements and operational cost savings
delivers measurable returns and material
business benefits.
“Teleran uniquely flls a critical gap in compliance, security and operations
performance management: bridging application and database security, auditing
and access controls. Its operational performance improvement capabilities quickly
generate real operational savings, giving Senior Information Technology and
Business Executives the fnancial justifcation and protection benefts they need in
these times of tight budgets and increasing risks.”
4
Copyright © 2010 Teleran Technologies, Inc., All Rights Reserved
teleran BI/DW COMPLIANCE AUDITING a white paper
Ken Tyminski
Former Chief Information Security Ofcer
Prudential Financial
GE Money: PCI Compliancy
GE Money needed to ensure that its
consumer credit card data warehouse was
in compliance with the Payment Card
Industry (PCI) Data Security Standard that
required auditing and securing the use of
personal financial data. This critical
application was also incurring database
performance problems, violating customer
service level agreements and impairing
productivity of 600 credit analysts world-
wide.
GE licensed Teleran software to address
both their compliance and database
performance issues. By implementing
Teleran iSight and iGuard, GE met their PCI
audit and control requirements and saved
over $800,000 in compliance costs versus
developing an in-house solution as they
had originally planned. To address their
performance issues, GE deployed iGuard
policies to better control resource wasting
SAS queries and unpredictable ad hoc
analyses. iSight auditing was used to tune
the database model based on actual usage
patterns. In addition, iSight ensured that
applications were synchronized with on-
going changes at the database. With Teleran,
GE data warehouse performance improved
by 25%, enabling GE to meet service levels
required by customers and employees.
“At GE Money, Teleran products enabled the
company to satisfy PCI compliance demands
and allowed us to increase system capacity and
performance by 25%. As a result, GE Money is
planning on rolling out Teleran products
enterprise-wide. Teleran provided GE Money
several advantages over competitive products
in the market. These included:
Supporting multiple database technologies
on multiple server platforms, enabling
enterprise deployment
Capturing more data about the users,
queries, applications, databases
Ofering active usage policy management
Providing a non-intrusive architecture that
did not consume database system resources
Delivering integrated analytics and
reporting, requiring no report development”
William Klancko
IT Leader
GE Corporate
Mayo Clinic: Complying with HIPAA
Mayo Clinic needed to comply with the
federally mandated Patient Health
Information (PHI) Act and Health
Insurance Portability and Accountability
Act (HIPAA) regulations for an application
that will be used by 2000 physicians.
These privacy regulations required that
access to patient information needed to
be audited and explicitly controlled. In
particular, because their BI applications
used generic database user IDs, they
could not correlate the application user
with actual database access. After re-
viewing compliance solutions, Mayo
Clinic selected Teleran.
The Teleran solution provided auditing
and business usage policy controls that
enabled Mayo Clinic to protect sensitive
patient information by actual user. With-
out this user specific control, they could
not have met the HIPAA requirements.
The Teleran system also delivered oper-
ational efficiencies that reduced their
costs and improved system performance.
Mayo Clinic has stated that they intend to
extend Teleran use to other applications
throughout their system of clinics.
“Teleran is the only vendor that provided us with a common security enforcement and
auditing framework across all data retrieval applications and databases. The reasons
we chose Teleran were that it delivered:
Detailed security at database row and column level
Data masking for sensitive patient health information
Individual user tracking independent of the applications used
Both compliance and operational efciencies”
Tom Fisk
Security Director
Mayo Clinic
5
Teleran’s Key Features and Benefits
Integration with applications and databases enables protection of the entire application
environment from the users to the database
Modeling of the Entire Business Application Environment delivers intelligent controls and
comprehensive auditing across all applications, users, and database activity
Integrated Auditing and Usage Policy Controls uniquely track and protect in a single
software solution
Patented Real-time Policy Enforcement Engine enables fexible controls automatically
adapted to each unique business environment
Automated Alerting communicates real-time warnings and guidance to users who attempt
to violate business usage policies
Identity Persistence maintains understanding of who the BI application user is throughout
transaction even when generic database user IDs are employed
Network-based Architecture installs quickly and requires no performance degrading
“in-the-database” agents, traces or monitors
teleran BI/DW COMPLIANCE AUDITING a white paper
Leading Organizations Rely on Teleran for Compliance Auditing and Enforcement
Teleran delivers a comprehensive data auditing and compliance policy enforcement solution.
Organizations such as the Allstate, Bristol-Myers Squibb, GE, MetLife, the US Army, Wachovia, and
many others have deployed Teleran’s solution for comprehensive regulatory compliance policy
auditing and enforcement as well as increasing operational efciencies and savings.
Teleran Technologies is the leading provider of
software for ensuring the performance, compliance,
and cost efciency of user-driven, dynamic
application environments. These include business
intelligence (BI) data warehouses, CRM, Web-based
and cloud applications. Through end-to-end
knowledge of the application environment - users,
queries, applications and databases - Teleran
software aligns IT processes with business needs,
improving compliance, reducing costs and
enhancing business performance and productivity.
Founded in 1996, Teleran pioneered the concept
of usage monitoring and management for data
warehouses and analytic applications with its
patented “policy action engine” and management
process. Today the company provides solutions for
many of the world’s leading companies, including
Allstate, Bristol-Myers Squibb, GE, Mayo Clinic,
Merrill Lynch, MetLife , Pixar, US Army, Vanguard
and Wells Fargo.
Teleran Technologies, Inc.
333A Route 46 West
Fairfield, NJ 07004
www.teleran.com
Copyright © 2010 Teleran Technologies, Inc. All rights reserved. Teleran and the Teleran logo
are registered trademarks and iSight and iGuard are trademarks of Teleran Technologies, Inc.
All other names are the property of their respective owners.
doc_588246850.pdf
Comprehensive Compliance Auditing and Controls for BI DW Environments
TELERAN BI/DW COMPLIANCE AUDITING
a white paper
Combining Application and Data Usage Auditing
with Granular Compliance Policy Access Controls
Copyright © 2010 Teleran Technologies, Inc., All Rights Reserved
Comprehensive Compliance Auditing
and Controls for BI/DW Environments
Auditing & Controlling the Entire BI/DW Environment
Protecting Users, Applications & Information
Ensuring Compliance While Enhancing User Experience
Regulatory Compliance Driving
Auditing and Policy Enforcement
Federal financial reporting transparency
regulations such as SOX and Basel II, and
personal health records and financial data
privacy regulations such as HIPAA and PCI
have placed new demands on companies.
These regulations require among other
things that organizations apply appropriate
controls to protect and document the
integrity and security of their access and use
of sensitive data. The bottom-line: policies
controlling access to, and use of applications
and the underlying databases must be
strictly enforced and an audit trail of who
has accessed the information must be
maintained.
Protecting Users, Applications and
Data
While organizations have made significant
investments in firewalls and intrusion
detection systems to protect their network
perimeters, these systems have proven they
can not prevent authorized system users
from accessing data inappropriately. In fact,
most cases of data theft and misuse are
committed by authorized insiders. Over the
last three years many high profile data
incidents have been reported in the press.
As more data is centralized in larger
databases accessed by a growing numbers
of people and applications, the risk of data
misuse is increasing.
A more effective approach focused on user
access and use of the data itself is needed.
Amit Yoran, the former cyber security czar for
the U.S. Department of Homeland Defense
bolsters this view, “tighter controls are
needed for achieving data integrity and
compliance. This can most effectively be
accomplished by monitoring and controlling
authenticated user behavior at the unique
user, application and database levels.”
2
Copyright © 2010 Intelligent Solutions, Inc., All Rights Reserved
teleran BI/DW COMPLIANCE AUDITING a white paper
Combining Application and Data Usage Auditing
with Granular Compliance Policy Access Controls
Comprehensive Compliance Auditing
and Controls for BI/DW Environments
Patented Process Continuously Audits and
Controls Who Is Looking at Your Data
Teleran’s enterprise compliance solution for business-critical applications provides a
centralized compliance platform for enforcing business policy as well as for auditing,
monitoring and reporting. Residing on the network between SQL generating applications
such as Business Intelligence (BI), CRM and Web applications and the underlying databases,
Teleran’s patented software solution continuously watches and controls how the data is
accessed and used by whom,, in what business context, and by what application. Teleran’s
policy enforcement product blocks inappropriate data requests before the database is
even reached.
External
Access
Internal
Access
Firewall Web Server
Application
Servers
Database
Servers
Teleran Application
Protection and
Compliance
Internet
Teleran’s Comprehensive Compliance Solution
Protects Applications and Databases
Modeling the Application Environment
- Users, Applications, Databases
The Teleran System interrogates system
tables of the databases and applications to
which it is auditing and managing access.
This modeling process enables Teleran’s
products to maintain an up-to-date
understanding of all users, applications and
database objects. With leading BI
applications, the Teleran System’s also
models application semantic layers, report
names and associated SQL statements.
iSight™ Audits, Analyzes and Reports
on Business Use of Information
iSight continuously audits, analyzes and
reports on user, application and database
activity for compliance and risk manage-
ment. Integrated with leading BI tools,
iSight tracks application user, semantic
layer activity, report names and SQL query
activity and combines that with data usage
activity to provide comprehensive visibility
and management of the entire BI appli-
cation environment. iSight captures
information on query activity from all
other SQL generating applications as well,
ensuring that organizations have complete
visibility on all access to the data.
Compliance Reporting and Analysis for Non-Technical
Staff
iSight provides policy monitoring, risk analysis and compliance
reporting that is designed to be used by non- technical roles
including auditors, application managers and compliance
staff. It also alerts risk and compliance staff to inappropriate or
suspicious activities and identifies those activities that can be
prevented with Teleran’s compliance policy enforcement
product, iGuard.
iGuard™ Query Policy Management
Automatically Protects and Guides
iGuard is a query policy action engine that
provides policies or rules to enforce data
access compliance. It automatically protects
the application and database environments
from inappropriate or unauthorized reports
and queries that violate compliance policies.
Using a patented real-time policy engine,
iGuard screens information requests from
applications before they reach the database,
blocks those that do not conform to
established compliance policies, and in-
stantly issues expert system-based
messages that warn information requesters
of their attempted policy violations and
guide them in the appropriate use of the
data and application.
iGuard’s data access policies are
automatically adapted to the unique
application and database user, application
and database environment by the modeling
process described above. This ensures the
accuracy and consistency of active iGuard
control policies and minimizes administra-
tive overhead.
3 Copyright © 2010 Teleran Technologies , Inc., All Rights Reserved
teleran BI/DW COMPLIANCE AUDITING a white paper
iSight Compliance Report Displaying Data Manipulation
by Applications and Application Users
Sample iGuard Compliance Message Integrated With a Sample BI Tool
Identity Persistence™ Guarantees
Visibility and Control of BI Application
Users
Tracking and managing usage by actual
information requester ID, whether it is the
application, operating system, or database
user ID is critical for risk and compliance
management. Most application servers
today log into the database with a single
“generic” database user ID. This effectively
masks the true identity of the application
user to the database and renders database
level auditing and access controls ineffective.
With Teleran’s ID Persistence feature, iSight
can associate the application or single
sign-on user with the complete database
transaction. Identity Persistence also
enables iGuard policies to be applied by
application user, business unit or role for
effective and granular policy enforcement.
Delivering Business Productivity,
Performance and Efficiency
Teleran’s software solution additionally
delivers unique capabilities designed to
improve business user productivity, enhance
application performance and deliver
significant operational savings and return on
investment. Providing a comprehensive
view of the entire application environment,
iSight directs performance tuning of reports,
SQL queries, and databases. iGuard also
prevents long-running and inefficient SQL
queries from reaching databases, protecting
the performance of high priority
applications from less efficient tools and
rogue queries. iGuard business productivity
and performance policies operate in
conjunction with iGuard messaging that
guides users in real-time to more efficiently
and productively work with their
applications and data.
Teleran’s solution provides critical business
performance and productivity benefits,
while reducing support staff and system
resource costs. Combining compliance
capabilities with these operational benefits
and cost savings offers a powerful business
solution that returns value to the business
while protecting key business assets.
Teleran Customer Successes
The following Teleran customer success
stories highlight the benefits organizations
have achieved from licensing and deploying
Teleran software products. Teleran’s unique
combination of protection, performance
improvements and operational cost savings
delivers measurable returns and material
business benefits.
“Teleran uniquely flls a critical gap in compliance, security and operations
performance management: bridging application and database security, auditing
and access controls. Its operational performance improvement capabilities quickly
generate real operational savings, giving Senior Information Technology and
Business Executives the fnancial justifcation and protection benefts they need in
these times of tight budgets and increasing risks.”
4
Copyright © 2010 Teleran Technologies, Inc., All Rights Reserved
teleran BI/DW COMPLIANCE AUDITING a white paper
Ken Tyminski
Former Chief Information Security Ofcer
Prudential Financial
GE Money: PCI Compliancy
GE Money needed to ensure that its
consumer credit card data warehouse was
in compliance with the Payment Card
Industry (PCI) Data Security Standard that
required auditing and securing the use of
personal financial data. This critical
application was also incurring database
performance problems, violating customer
service level agreements and impairing
productivity of 600 credit analysts world-
wide.
GE licensed Teleran software to address
both their compliance and database
performance issues. By implementing
Teleran iSight and iGuard, GE met their PCI
audit and control requirements and saved
over $800,000 in compliance costs versus
developing an in-house solution as they
had originally planned. To address their
performance issues, GE deployed iGuard
policies to better control resource wasting
SAS queries and unpredictable ad hoc
analyses. iSight auditing was used to tune
the database model based on actual usage
patterns. In addition, iSight ensured that
applications were synchronized with on-
going changes at the database. With Teleran,
GE data warehouse performance improved
by 25%, enabling GE to meet service levels
required by customers and employees.
“At GE Money, Teleran products enabled the
company to satisfy PCI compliance demands
and allowed us to increase system capacity and
performance by 25%. As a result, GE Money is
planning on rolling out Teleran products
enterprise-wide. Teleran provided GE Money
several advantages over competitive products
in the market. These included:
Supporting multiple database technologies
on multiple server platforms, enabling
enterprise deployment
Capturing more data about the users,
queries, applications, databases
Ofering active usage policy management
Providing a non-intrusive architecture that
did not consume database system resources
Delivering integrated analytics and
reporting, requiring no report development”
William Klancko
IT Leader
GE Corporate
Mayo Clinic: Complying with HIPAA
Mayo Clinic needed to comply with the
federally mandated Patient Health
Information (PHI) Act and Health
Insurance Portability and Accountability
Act (HIPAA) regulations for an application
that will be used by 2000 physicians.
These privacy regulations required that
access to patient information needed to
be audited and explicitly controlled. In
particular, because their BI applications
used generic database user IDs, they
could not correlate the application user
with actual database access. After re-
viewing compliance solutions, Mayo
Clinic selected Teleran.
The Teleran solution provided auditing
and business usage policy controls that
enabled Mayo Clinic to protect sensitive
patient information by actual user. With-
out this user specific control, they could
not have met the HIPAA requirements.
The Teleran system also delivered oper-
ational efficiencies that reduced their
costs and improved system performance.
Mayo Clinic has stated that they intend to
extend Teleran use to other applications
throughout their system of clinics.
“Teleran is the only vendor that provided us with a common security enforcement and
auditing framework across all data retrieval applications and databases. The reasons
we chose Teleran were that it delivered:
Detailed security at database row and column level
Data masking for sensitive patient health information
Individual user tracking independent of the applications used
Both compliance and operational efciencies”
Tom Fisk
Security Director
Mayo Clinic
5
Teleran’s Key Features and Benefits
Integration with applications and databases enables protection of the entire application
environment from the users to the database
Modeling of the Entire Business Application Environment delivers intelligent controls and
comprehensive auditing across all applications, users, and database activity
Integrated Auditing and Usage Policy Controls uniquely track and protect in a single
software solution
Patented Real-time Policy Enforcement Engine enables fexible controls automatically
adapted to each unique business environment
Automated Alerting communicates real-time warnings and guidance to users who attempt
to violate business usage policies
Identity Persistence maintains understanding of who the BI application user is throughout
transaction even when generic database user IDs are employed
Network-based Architecture installs quickly and requires no performance degrading
“in-the-database” agents, traces or monitors
teleran BI/DW COMPLIANCE AUDITING a white paper
Leading Organizations Rely on Teleran for Compliance Auditing and Enforcement
Teleran delivers a comprehensive data auditing and compliance policy enforcement solution.
Organizations such as the Allstate, Bristol-Myers Squibb, GE, MetLife, the US Army, Wachovia, and
many others have deployed Teleran’s solution for comprehensive regulatory compliance policy
auditing and enforcement as well as increasing operational efciencies and savings.
Teleran Technologies is the leading provider of
software for ensuring the performance, compliance,
and cost efciency of user-driven, dynamic
application environments. These include business
intelligence (BI) data warehouses, CRM, Web-based
and cloud applications. Through end-to-end
knowledge of the application environment - users,
queries, applications and databases - Teleran
software aligns IT processes with business needs,
improving compliance, reducing costs and
enhancing business performance and productivity.
Founded in 1996, Teleran pioneered the concept
of usage monitoring and management for data
warehouses and analytic applications with its
patented “policy action engine” and management
process. Today the company provides solutions for
many of the world’s leading companies, including
Allstate, Bristol-Myers Squibb, GE, Mayo Clinic,
Merrill Lynch, MetLife , Pixar, US Army, Vanguard
and Wells Fargo.
Teleran Technologies, Inc.
333A Route 46 West
Fairfield, NJ 07004
www.teleran.com
Copyright © 2010 Teleran Technologies, Inc. All rights reserved. Teleran and the Teleran logo
are registered trademarks and iSight and iGuard are trademarks of Teleran Technologies, Inc.
All other names are the property of their respective owners.
doc_588246850.pdf