Appliance-Based Software Provides Answers for USEC's IT Auditors

CIO David Vordick has been through enough audits to know there are some questions you can and should be prepared to answer, such as this one: "How do you know your DBAs aren't doing things they shouldn't?" In 2005, when he started investigating real-time database monitoring software, Vordick wanted to be able to answer that question definitively.

A supplier of enriched uranium fuel for commercial nuclear power plants, USEC Inc. is a publicly traded company whose revenue hovers around $1.5 billion. "Part of the challenge is this: We operate with a real small IT staff [about 50 people]," says Vordick. "So we don't want a solution that is going to make it harder for our DBAs to gain access to do things they need to do."

At the same time, Vordick knew that giving his DBAs carte blanche access to the company's financial databases at the company's three data centers in Kentucky, Maryland and Ohio would be a red flag for auditors. "The problem with monitoring database logs is obvious; the DBAs control what the database logs," says Vordick. The CIO spotted an ad for Guardium Inc.'s appliance-based software -- which essentially sits on a network monitoring traffic and scanning SQL statements -- and alerted his information security manager to it.

"The difference with Guardium is that the software in our case runs on a Unix OS. So the DBAs have privileged access to the database, and the IS manager has access to records of what they've done. Unless the two collude, you should be all set."

Now USEC has undergone two audits with Guardium in place, and Vordick says the $50,000 investment has paid off. One of Guardium's selling points is the simplification of data governance by centralizing Sarbanes-Oxley controls across database platforms and providing preconfigured reports.

"When it comes to Sarbanes-Oxley," says Vordick, "it's good to have one less thing to worry about."

Problem solved.

Ellen O'Brien, a former senior editor at CIO Decisions, is now a senior editor at Storage magazine. Write to her at eobrien@techtarget.com.

This was first published in March 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: