Business has always waged war against an old enemy – its own data. Hackers want to steal it and data volumes are increasing so rapidly that IT departments spend huge portions of time just monitoring their systems. They need to know who is accessing what, but it’s becoming impossible to do that by hand.
Giles Roberts is the IT infrastructure manager at Share Centre – a retail stockbroker whose customer base has recently exploded, leading to an unmanageable increase in log volumes.
Roberts says that his team used to monitor their logs manually, pulling separate threads together by hand and then analysing them. It didn’t happen in real time and it was a strain on manpower in a small IT department.
"As markets got busier and our customer base grew, it’s became more difficult to monitor our logs manually. PCI DSS also came along and that helped spur us towards looking at something a bit more automatic," says Roberts.
PCI DSS, or the Payment Card Initiative Data Security Standard, is an information security standard for organisations that handle cardholder details. By improving his log management system, Roberts made it easier for Share Centre to address requirement ten – that all access to network resources and data be tracked. To do this, he’s using a log management software called LogRhythm.
"It’s saving us time. That’s the greatest thing about it. It’s optimising IT in terms of freeing up resources to do other things," says Roberts. "It saves the time of somewhere between half and one person a week."
Roberts says that it’s great to have his systems at his finger tips. He can dive in and look at whatever he wants, personally, rather than delegating the job.
"We can tie LogRhythm in with our helpdesk system and look at events which come up then check them back against the helpdesk and see why they occurred."
In the wake of recent hacks involving global giants like Sony and Amazon, security has become a spotlighted concern for any business which handles sensitive customer data. Roberts says that the media focus has made his job easier.
"All those things in the press are good for us security guys as they bring security to the attention of people and give me a little more leverage," he says. "It gives us reason to be paranoid, and it’s my job to be paranoid."
As well as the real time analysis of systems access, Roberts says the LogRhythm system also provides an comprehensive way of looking back should Share Centre’s systems ever be compromised.
"Should anything happen we’ve got all that evidence in the background that means we can go back and look at anything. If you want to do a forensic investigation, then you need all that source data," says Roberts.
Regulatory compliance has become a constant process. The challenge isn’t just to adhere with current codes, but to prepare for and adapt to changes. The task for IT departments is to find tools and processes that allow them to keep making active contributions to to their companies, while avoiding a never-ending mire of regulation