Privileged User Monitoring for SOX Compliance

Many enterprises are facing the SOX compliance challenge of monitoring all of the data activity of their most privileged users. This paper highlights several of these challenges and how they can be addressed by a comprehensive database activity auditing solution.

In particular, new SOX requirements have shifted the focus from merely understanding who has access to information to continuous monitoring of database activity. These requirements target high risk database activities—privileged user behavior, direct access to sensitive data stores, user privilege escalation, failed login and failed database operations, and so on.

Finally, while database applications like DB2, Oracle, SQL Server, and Sybase rightly attract most of the attention, the problem invariably extends to other sensitive data stores—file server-resident financial, legal, strategic, and spreadsheet documents being the foremost examples.
SOX Section 404 demands that companies (a) evaluate the adequacy of internal controls as they relate to financial reporting, (b) institute new controls as necessary, and (c) perform and report an assessment of these controls on an annual basis. In short, Section 404 says, "Management must ensure that appropriate internal controls for financial reporting are in place." Furthermore, Section 404 requires not only that corporate and IT officers immediately put in place internal controls to protect the integrity of financial data (and, by implication, all systems that access that data), but also that the organization must be able to demonstrate that appropriate controls are in place.