South Australia deploys database monitors

Powered by SC Magazine
 

Bids to stamp out fraud.

The South Australian Government has revealed plans to expand its use of a database monitoring system in a bid to clamp down on potential fraud or misuse of critical information.

The state's Department of Transport and Infrastructure deployed IBM's Infosphere Guardium product late last year to monitor its billion-dollar driver license and vehicle registration system.

South Australia's license and vehicle registration system connects to 192 databases and inter-state government departments as well as relevant private companies

It uses Infosphere Guardium to track user activity, local changes to database structure as well as the database's schema for improper use or fraud attempts.

"If you think about the world of licensing and registration, what you're talking about is that the exposure that can happen if a person is driving in Queensland and have committed various things which means they lose their licence," said Andrew Muecke, information technology security advisor for the department.

"We don't want anything happening where they can come to South Australia and get a licence. There's a real need to have control over this space."

Muecke said the system did not replace existing firewalls, intrusion prevention and access control lists and was a completely independent method of monitoring database use for discrepancies.

Infosphere Guardium was deployed by a project team of three staff.

It can only be administered by a single internal staff member. Weekly monitoring reports are sent to another consultant within the department for regular compliance monitoring.

All user activity is monitored; however, only abnormal activity is logged, to eliminate the "millions and millions and millions of rows of data" that would otherwise be collected.

Marketing hurdles

Muecke said the service was initially difficult to sell to the department and the state-wide governance board it reports to.

"What you're doing is saying is 'look database administrator, I don't trust you, I'm going to put in this system to monitor everything you do and if you do something wrong we'll come down on you like a ton of bricks'," he said.

"What you're talking about is in essence a system that can't be touched by any of those people whose work it is monitoring ... that's not a good way of marketing something like this."

Muecke said the technology had not discovered any inappropriate traffic.

The department was considering deploying it into other areas, including land registration databases - also a vast and critical piece of infrastructure.

"We know that we can now use this; we have a framework for these deployments," Muecke said. "There are considerations now for putting into other spaces that have these critical databases."

Copyright © iTnews.com.au . All rights reserved.


South Australia deploys database monitors
 
 
 
Top Stories
At the top of her game
A decision to bring digital operations back in-house three years ago has paid big dividends for Tabcorp.
 
Westpac hires SAP man as CTO
Creates four new IT lead positions.
 
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 981

Vote