South Australia deploys database monitors

Bids to stamp out fraud.

The South Australian Government has revealed plans to expand its use of a database monitoring system in a bid to clamp down on potential fraud or misuse of critical information.

The state's Department of Transport and Infrastructure deployed IBM's Infosphere Guardium product late last year to monitor its billion-dollar driver license and vehicle registration system.

South Australia's license and vehicle registration system connects to 192 databases and inter-state government departments as well as relevant private companies

It uses Infosphere Guardium to track user activity, local changes to database structure as well as the database's schema for improper use or fraud attempts.

"If you think about the world of licensing and registration, what you're talking about is that the exposure that can happen if a person is driving in Queensland and have committed various things which means they lose their licence," said Andrew Muecke, information technology security advisor for the department.

"We don't want anything happening where they can come to South Australia and get a licence. There's a real need to have control over this space."

Muecke said the system did not replace existing firewalls, intrusion prevention and access control lists and was a completely independent method of monitoring database use for discrepancies.

Infosphere Guardium was deployed by a project team of three staff.

It can only be administered by a single internal staff member. Weekly monitoring reports are sent to another consultant within the department for regular compliance monitoring.

All user activity is monitored; however, only abnormal activity is logged, to eliminate the "millions and millions and millions of rows of data" that would otherwise be collected.

Marketing hurdles

Muecke said the service was initially difficult to sell to the department and the state-wide governance board it reports to.

"What you're doing is saying is 'look database administrator, I don't trust you, I'm going to put in this system to monitor everything you do and if you do something wrong we'll come down on you like a ton of bricks'," he said.

"What you're talking about is in essence a system that can't be touched by any of those people whose work it is monitoring ... that's not a good way of marketing something like this."

Muecke said the technology had not discovered any inappropriate traffic.

The department was considering deploying it into other areas, including land registration databases - also a vast and critical piece of infrastructure.

"We know that we can now use this; we have a framework for these deployments," Muecke said. "There are considerations now for putting into other spaces that have these critical databases."