Who, What, When, and Where: The Power of the Audit Trail in Data Security
We know very well that sensitive information can be highly destructive and costly to an organization when it falls into the wrong hands. This rings especially true for healthcare and financial services industries. A report by Ponemon states that the average cost of a lost record across industries is $141, with financial services and healthcare being the costliest at $336 and $380 respectively. As technologies advance, criminals develop increasingly sophisticated tools to circumvent robust defensive and offensive security protocols, and the struggle to keep pace with the newest generation of cyber-attacks can be a time consuming and costly undertaking. But before you consider yourself between a rock and a hard place, there is a tool that many savvy organizations are utilizing to successfully thwart such cyber-attacks, called an audit trail.
Indelibility of Audit Trails
Audit trails maintain a systematic detailed record of all data access in your applications. They can offer a tremendous amount of proactive and reactive data protection from even the most skilled cyber criminals. Suspicious activity, when detected, can be immediately addressed, preventing the exploitation of sensitive data.
The beauty of an audit trail is their indelibility –when properly implemented, they cannot be modified or deleted. Think of them as a permanent record of your internet history. They document the who, what, when, where, and why of all users’ behavior in an application. Audit trail entries capture access and changes made to electronic records, so all electronic alterations and views are noted, along with the user information of the employees who view or altered them.
Legal and e-Discovery
Because of their immutability, robust audit trails can be very useful for forensic reporting, legal investigations, and eDiscovery. The recording and monitoring of all data access is essential to maintaining industry mandated regulatory compliance, as well as tax regulation. Moreover, in the event of legal action, a well-kept audit trail can provide the necessary activity reenactment, so that the events can be accurately recreated in the form of admissible evidence.
Anomalies and Accountability
When monitored, audit trails can detect access anomalies that may indicate user negligence, compromised credentials, snooping, or malicious intent. While careless users might not have intended to access data for exploitative purposes, such activities can render the network vulnerable to outside attackers (failure to properly log off an application or using login credentials from an unsecured, unapproved device, etc). Furthermore, consistent audit trail monitoring may help protect the organization in the event a user improperly accesses and/or leaks sensitive or confidential information.
An essential component to a multi-layered security strategy is accountability. Ensuring the accountability of all users with access to private customer/patient information is critical to safeguarding sensitive data. Audit trails capture every access attempt from every known user, so when diligently monitored, audit trails can provide an incentive to follow established information retrieval best practices. Once identified, employees can be trained, sanctioned, or educated.
Real-Time Transaction and Intervention
FairWarning® recommends that audit trails be analyzed and recorded in real time. A vendor that analyzes audit trails in real time allows organizations to quickly identify security issues. Once identified, they can be addressed and contained in a timely manner, preventing a full-blown breach. As a best practice, audit logs should be sent to your security vendor as soon as they are available.
Where to Start
So, where do you start to utilize audit trails to secure your applications? Healthcare applications are required by law to produce audit trails under the HIPAA law, but not all cloud applications produce audit trails. When vetting out a cloud application, it’s important that you choose an application that produces audit trails so that you can monitor and secure your cloud environment. Using applications that don’t produce audit trails leaves you vulnerable to cyber-attacks. Solutions such as FairWarning® Patient Privacy Intelligence and FairWarning for Cloud Security integrates with your applications, takes in the millions or billions of rows of audit trails produced by your applications, and consolidates them to identify anomalies in behavior patterns of users.