South Australia deploys database monitors

Powered by SC Magazine
 

Bids to stamp out fraud.

The South Australian Government has revealed plans to expand its use of a database monitoring system in a bid to clamp down on potential fraud or misuse of critical information.

The state's Department of Transport and Infrastructure deployed IBM's Infosphere Guardium product late last year to monitor its billion-dollar driver license and vehicle registration system.

South Australia's license and vehicle registration system connects to 192 databases and inter-state government departments as well as relevant private companies

It uses Infosphere Guardium to track user activity, local changes to database structure as well as the database's schema for improper use or fraud attempts.

"If you think about the world of licensing and registration, what you're talking about is that the exposure that can happen if a person is driving in Queensland and have committed various things which means they lose their licence," said Andrew Muecke, information technology security advisor for the department.

"We don't want anything happening where they can come to South Australia and get a licence. There's a real need to have control over this space."

Muecke said the system did not replace existing firewalls, intrusion prevention and access control lists and was a completely independent method of monitoring database use for discrepancies.

Infosphere Guardium was deployed by a project team of three staff.

It can only be administered by a single internal staff member. Weekly monitoring reports are sent to another consultant within the department for regular compliance monitoring.

All user activity is monitored; however, only abnormal activity is logged, to eliminate the "millions and millions and millions of rows of data" that would otherwise be collected.

Marketing hurdles

Muecke said the service was initially difficult to sell to the department and the state-wide governance board it reports to.

"What you're doing is saying is 'look database administrator, I don't trust you, I'm going to put in this system to monitor everything you do and if you do something wrong we'll come down on you like a ton of bricks'," he said.

"What you're talking about is in essence a system that can't be touched by any of those people whose work it is monitoring ... that's not a good way of marketing something like this."

Muecke said the technology had not discovered any inappropriate traffic.

The department was considering deploying it into other areas, including land registration databases - also a vast and critical piece of infrastructure.

"We know that we can now use this; we have a framework for these deployments," Muecke said. "There are considerations now for putting into other spaces that have these critical databases."

Copyright © iTnews.com.au . All rights reserved.


South Australia deploys database monitors
 
 
 
Top Stories
IBM, NEC picked for major NSW Transport deals
Final contract negotiations begin.
 
Govt proposes crackdown on ISPs over piracy
Wants new legal powers for copyright industry.
 
Westpac interim CIO resigns
Group CIO yet to be appointed.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1018

Vote