Next Monday, Sybase plans to announce the availability of Sybase Data Auditing for the Adaptive Server Enterprise databases. The solution is a reengineered and rebranded version of Lumigents Entegra auditing product geared specifically at ASE, and is designed to help corporations meet regulatory and database security requirements.
“The approach we have taken allows us to use information within the Sybase databases, as well as the database logs, ensuring that any kind of event that has happened [to the database], were able to cover,” said Ashok Swaminathan, director of product management at Sybase Inc. in Dublin, Calif.
Regulations such as the Sarbanes-Oxley Act and HIPAA (the Health Insurance Portability and Accountability Act) require that companies not only control who accesses data, but follow who touches the information and whats being done to that information.
“Its really about understanding who did what, when and how to the data,” said Michael Wipperfeld, vice president of marketing and product management for Acton, Mass.-based Lumigent Technologies Inc.
According to Lumigent, while most database suppliers, including Sybase, offer their own database auditing tools, most of these tools are insufficient to meet internal requirements, let alone external regulations.
“It became very clear over the last two years that the audit capabilities within their products would not meet their customers needs,” said Wipperfeld. “Its been driven by their [Sybases] customer base.”
“The Lumingent solution leverages all the things we already offer and builds on top of that,” said Swaminathan. For instance, Sybases previous tools were unable to pull security information and data from separate databases and repositories into a single view, and Lumigents reporting capabilities and prepackaged reports go far beyond what Sybase created prior to this new solution.
“If you look at the major database vendors, they dont have the depth of offering Lumigent is putting in,” said Adrian Bowles, a research fellow at RFG (Robert Francis Group). “My expectation is that theyll all start incorporating these features or partnering with someone like Lumigent to do it.”
Though Lumigent previously offered tools capable of auditing Sybase ASE, the company, which has been a Sybase partner since last fall, worked directly with Sybase engineers to integrate the Entegra product more tightly with ASE. Sybase will be responsible for worldwide sales of the new tool and will begin selling directly to its ASE database customers.
“Really, what this does is offer more opportunities for Sybase users to tighten up their auditing process,” said Bowles at RFG in Westport, Conn. “In the days of Sarbanes-Oxley litigation, I think thats a good thing.”
Entegra and Sybase Data Auditing allow organizations to maintain the integrity of their data and keep unauthorized users out of ASE, in addition to monitoring and auditing data access and modifications. By creating a separate repository of everything thats occurred within and happened to a data store, those responsible for data manipulation are kept from the auditing tools, ensuring a secure database environment and accurate data monitoring.
“We monitor what kinds of things privileged users have done, as well as the value changes that have been made,” said Swaminathan. “You build checks and balances into the system by tracking everything thats been changed at the database level.”
“We collect the data separately, and its managed by people separately, so we make it easy for companies to comply,” said Jim Blaschke, senior director of channels and partnerships for Lumigent.
Financial details related to the product release and partnership were not disclosed.