A growing number of regulations have imposed a host of information security requirements on today’s companies. These requirements frequently mandate that organizations limit information access to a “need-to-know” basis. For example, the Health Insurance Portability and Accountability Act (HIPAA) requires controlled access to data defined as personal health information (PHI), while the Gramm-Leach Bliley Act and California’s SB1386 specifically personally identifiable data (PII) such as social security numbers and credit card information.
To comply with these directives, companies must “hide” this regulated data from employees who have access to enterprise applications but who are not authorized to view certain types of confidential information. The act of blocking sensitive information from being viewed on screen by specific individuals – known as data redaction, or data masking – is critical to compliance. Traditionally, it has been difficult and very costly to implement this level of data access control, particularly for legacy applications where the only solution was to “break open” and recode portions of the application. For mainframe applications this cost can easily exceed a half a million dollars per application!
Equally daunting to data masking is the challenge of “privileged user” auditing on these same legacy and custom applications. Many of these applications were created without ever considering the need to provide an audit log for user activities. Not only is this an additional requirement of most privacy regulations but it is also a critical fraud prevention feature that can save organizations millions of dollars annually. Once again extensive and costly re-programming work is necessary to modify legacy programs to incorporate logging and security features.
The Digital Guardian Application Logging and Masking Module
Digital Guardian's Application Logging and Data Masking Module extends the powerful control, monitoring and reporting capabilities of the core Digital Guardian solution to protect data delivered by enterprise applications to desktops and laptops via mainframe 3270 terminal emulators as well as web-based, custom and client-server applications. The Application Logging and data Masking Module specifically provides a complete audit capability for all user activities as well as field level data masking or redaction.
 | Select Data Types
Define a pattern once and enable Digital Guardian to log and protect that data across the enterprise. |  | Profile
Profile the screen (one time) using the Digital Guardian Profiler and upload the profile to the Digital Guardian Server
Click to Enlarge |  | Dynamically Log and Mask
Digital Guardian inspects the content and dynamically masks data as instructed before it is displayed to the user.
Click to Enlarge |  | Compliance and Exception Reporting
Normal and masked transactions are monitored and sent to the Digital Guardian Console for reporting and auditing. |
Digital Guardian Application Logging and Masking
The Digital Guardian Application Logging and Masking Module provides:
- Records all authentications to various applications such as logins and attempted logins.
- Captures user authentication records for each login attempt.
- Captures and audits field-level data usage including: view, create, add, edit, update, delete
- Enables policy-based data masking for need-to-know access control
- Create standard fields to allow reporting across apps
- Protect fields from change regardless of original design
- Partially or fully mask data to prevent unnecessary access
Digital Guardian Application Logging and masking accomplishes all of this without effecting performance or requiring re-coding on the enterprise application safely and quickly bringing applications across the enterprise into line with compliance regulations at a fraction of the cost of manual re-coding efforts.
| 
