Over at BoingBoing they have a couple of articles describing how Irish government employees are abusing their access to government systems for personal gain. Everything from idle curiosity about a neighbor, to aiding and abetting burglary.
I normally scoff at vendor press releases that jump on the latest media exploitations stories, but in this case I’m going to do it for them.
This is, flat out, the poster child for database activity monitoring. As I described in my introduction to the technology, one of the use cases is to create separation of duties by allowing someone to do their job while looking for unusual activity. If nothing else, you could create audit reports that allow managers (or security administrators) to see all the records a particular employee accessed in a given day/week. Perfect? No. Effective? Yep.
You’ll need a Database Activity Monitoring tool, and not something that just collects access logs, since you want to see the actual SQL transactions. If the application uses connection pooling to connect to the database, you’ll either need one of the tools that monitors application activity and correlates it with the database, or some sort of identifier in queries to trace which user is submitting the query (something I’ll talk more about in a later post).
I’m more than happy to give the Irish government discounted rates if they’d like me to fly over and help fix this problem. My email is posted on the blog.
Comments