Posted by: Fohlhorst
CIO, compliance regulations, forensics
Most people associate the term forensics with security or law enforcement. However, the concept of forensics and forensics technology lends itself very well to compliance. Adhering to compliance regulations is about managing the access to data and ensuring that data is not corrupted, misdirected, intercepted or used in any fashion that falls outside of policy. This concept is relatively easy to grasp.
However, compliance becomes more complex once you are asked to prove its existence (or, more correctly, its adherence). For many, proof takes the path of forms, check boxes and simple audits (yep, we did that; OK, that’s been checked) and other relatively easy validations. Nevertheless, we all know that really isn’t enough — a stack of papers and lists of check boxes really prove little more than someone filled out some forms. That is where in-depth auditing comes into play. To prove compliance, you must be able to effectively audit events in the past, as well as in the present.
That is where forensics comes into play — not just as a process, but as a technology as well. For the typical business bound by compliance regulations, the amount of data and the number of transactions can be massive, and therein lies the real problem: How does one apply the process of forensics to a system without creating a technical and physical nightmare that can cost thousands of dollars and man-hours? The simple answer is to apply forensics technology to the process.
Take security and forensics hardware vendor Niksun, for example. The company has developed appliances that are designed to capture all activity on a network, allowing administrators to re-create events at will. What’s more, Niksun’s devices can operate at line speed and offer real-time analysis. This allows administrators to not only apply forensics, but also identify anomalies that may open windows into potential compliance violations. In other words, administrators can not only prove compliance, but they can also proactively protect it.
Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with more than 25 years of experience in the technology arena. He has written for several leading technology and business publications, and was also executive technology editor at eWEEK and director at CRN Test Center.