Data Detectives

Computerworld - At McCarron International Airport in Las Vegas, virtually every detail of airport operations is stored in one of 14 Oracle Corp. or Microsoft Corp. database servers. Passenger data, personnel files, flight information, airport security data—all of that plus volumes of other sensitive information are housed in the databases. Any unauthorized change to or theft of that data could have severe consequences for the airport.

So naturally, when Phillip Murray, McCarron's departmental systems administrator, receives a request from airport security to look into a suspicious transaction, he takes it very seriously. Until recently, he might have devoted days, or even weeks or months, to scouring log files and SQL statements to investigate questionable activity on a database. "I'd have to carefully piece together events," he says. "It's a matter of browsing through thousands of transactions."

Today, however, Murray spends a lot less time analyzing log files thanks to a database activity auditing and monitoring tool—SQL Guard from Guardium Inc. in Waltham, Mass. The software tracks database access and transactions, sending alerts when unusual activities are spotted. If Murray needs to analyze an event more closely, SQL Guard provides an audit trail of the relevant commands and transactions.

"It's been an immense timesaver," says Murray.

While much of today's application-level security is automated with third-party tools, the databases behind these applications are often not so secure. The assumption is that attacks will occur from outside and be caught by the firewall or the log-in and authorization process of the application. Databases, it is presumed, are too far into the back office to be threatened by a direct attack.

"Traditionally, databases are deep in the organization, so it's hard for somebody to directly nail the database server," says Rich Mogull, research vice president at Gartner Inc. "But more organizations are now concerned about their own systems administrators and other employees, not just external attackers, and that's where these tools are the most valuable."

Concern about data security has been heightened by media reports of thefts of consumer data, as well as financial fraud by employees. Government regulations, such as the Sarbanes-Oxley Act, have also emphasized the need to closely audit access to sensitive data. And, of course, for organizations that serve the public—like McCarron Airport—the terrorist attacks of Sept. 11, 2001, significantly heightened security fears.

"Since 9/11, we had to start looking at our vulnerabilities. Despite the fact that we do rigorous background checks, there's a possibility that someone might come in and gather data that would make the airport easier to attack," says Murray.