The Doctor Is In: Guardium Healthcare Panel Highlights

We’ve been back from InterConnect for a while now and we can’t stop talking about what a great conference it was! Hats off to the IBM events team for smooth execution, interesting session topics and cool demos. We are already looking forward to next year.

Information Insights was fortunate enough to participate in a Guardium Healthcare panel alongside Scott Benaglio from BlueCross BlueShield of Western New York (BCBS WNY) and Gary Wright from Scripps Health. Entitled The Doctor is In: Data Protection for Healthcare, the panel discussion covered different experiences implementing and deploying Guardium within the healthcare industry. Below, we’ve recapped the main ideas shared during the session plus some takeaways you can apply to the tactical daily work of implementing Guardium. 

Special thanks to our moderator Cindy Compert from IBM for keeping us on track – that was no easy task!

The Doctor Is In: Guardium Healthcare Panel
IBM InterConnect 2017 | Main Ideas and Key Takeaways

There should be a legitimate security need for Guardium. We often see Guardium purchased and deployed merely to check off a compliance box. Unfortunately, the natural result in this scenario is an unhappy Guardium user, a lack of wide adoption, a perceived low ROI, and an underutilization of Guardium’s true database security insight. However, when there is an outlined need and a plan in place prior to purchasing Guardium, organizations are much more successful. Having an idea of your need or plan doesn’t mean you have to go through end to end process planning before you implement or even purchase!  However, having a solid business driver behind your decision will not only help guide the direction of the implementation, but will also provide you with a goal line to strive towards in order to prove that Guardium is adding value to your organization. Having a vision (however faint!) for how Guardium can help better secure your healthcare system databases will allow you to structure your implementation toward that vision and then expand as your use of Guardium matures. 

Know your users and what value Guardium brings to their job role. As Guardium advocates, we tend to over anticipate how interested administrators may be when presented with new capabilities and data our solutions can provide. After consistently seeing a lack of interest at the beginning of BCBS WNY’s Guardium journey, Scott took a step back and found that really taking the time to understand what different database administrators cared about helped him deploy Guardium in a useful way. For Scott, now folks like Systems Architects are very interested in using Guardium to help them make project decisions that aren’t even security related!

Develop a phased maturity plan. It’s unrealistic to make a quick transition from deployment to sending real time alerts with Guardium. By developing a maturity plan, you can understand where your database protection is today and what measures are needed to get where you want to be. This “grow-once-you-know” approach helps educate users on what results Guardium can produce and gives them time to feel comfortable with the reports they receive. BCBS WNY laid out their maturity model in three phases: Reactionary, Proactive and Real Time. Within these three phases, they listed out exactly how they planned to use Guardium on a day-to-day basis and used each phase as a building block to get to the next.

Understand what happens to data assets throughout the database system and how that relates to relationships with the organization.  Understanding these relationships is essential to understanding how people interact with databases across the organization, not just by person or department. Analyzing this data helps you know if the correct security controls that are dictated by healthcare protocols are in place and performing properly.

All the panel members are passionate about IBM’s Guardium solution and we hope our experiences serve to help other IT teams plan a thoughtful, deliberate Guardium deployment and implementation plan. Please let us know if Information Insights team can do anything to help promote Guardium in your environment.

Guardium's Groupy Action at a Distance

by John Haldeman, Enterprise Architect

I've heard this a lot lately:

I updated my group and reinstalled my policy, but the change to the group doesn't look like it was applied.

(Note: See correction below. This doesn't apply to policies but only to reports)

Well, this could be a result of a recent change to how groups work in Guardium. The best thing about it is that reports that use a lot of group members are going to run faster (especially if the CM is far away from the unit running the report). The worst thing about it is that you need to know more about how things work in order to see your changes applied immediately.

InterConnect 2017 - See You There!

Attending IBM InterConnect later this month? Good news - we are too! Our team is looking forward to seeing old friends and colleagues, face time with technical experts and learning about the new technologies that are shaping data security.

This year we went all in. We’ll be available to connect each day in different ways. Join us in the morning for our hosted CoffeeHour at Starbucks, attend one of our events, catch Matt Simons speaking on a data protection healthcare panel or visit with us on the Concourse at booth 930.

We’re ready to have an engaging and exciting few days in Las Vegas! See you there.

Here is our daily agenda:

Sunday, March 19^th – Friends and Family Gathering

Friends and Family Gathering

Take a break from InterConnect and fiesta with us for a while! Join the team at CHAYO for our annual Friends and Family Gathering. RSVP to join us.

5:00-7:00pm, CHAYO at The LINQ

______________________________________________________________________________

Monday, March 20^th – CoffeeHour + jSonar and Info Insights Happy Hour

CoffeeHour

We’ll be hosting our CoffeeHour Monday – Wednesday at the Starbucks near The Shoppes at Mandalay Place, right across from RM Seafood. Start your day off with your coffee on us, and avoid the long coffee lines at the conference entrance!

7:00-8:00am, Starbucks, The Shoppes at Mandalay Place

jSonar and Info Insights Happy Hour

Join our teams at one of our favorite post-InterConnect spots for margaritas, tacos and as always, fun conversation! Our special guest is Ron BenNathan, CTO/Founder of jSonar, previous CTO at Guardium and renowned expert and author of database security. RSVP to join us.

5:00-7:00pm, Border Grill inside Mandalay Bay

______________________________________________________________________________

Tuesday, March 21^st -  CoffeeHour + The Doctor is in: Data Protection for Healthcare Panel

CoffeeHour

We’ll be hosting our CoffeeHour Monday – Wednesday at the Starbucks near The Shoppes at Mandalay Place, right across from RM Seafood. Start your day off with your coffee on us, and avoid the long coffee lines at the conference entrance!

7:00-8:00am, Starbucks, The Shoppes at Mandalay Place

The Doctor is in: Data Protection for Healthcare Panel - Matt Simons

To protect patient data across a company's fast-growing organization, greater visibility into who has been accessing what resources and the ability to more quickly correlate and analyze log data is essential. Join this healthcare panel to hear from healthcare clients on: when they decided they needed data security, how they convinced others, how they planned their security rollout, what challenges they faced, who supported the deployment, what kinds of skills they needed, and what were the benefits they found—including any unanticipated benefits.

2:30 PM - 3:15pm, Palm A, Session ID: 6979A

______________________________________________________________________________

Wednesday, March 22 - CoffeeHour + Pre-IBM Rocks Speakeasy

CoffeeHour

We’ll be hosting our CoffeeHour Monday - Wednesday at the Starbucks near The Shoppes at Mandalay Place, right across from RM Seafood. Start your day off with your coffee on us, and avoid the long coffee lines at the conference entrance!

Pre-IBM Rocks @ 1923 Speakeasy

Join us for pre-concert cocktails at 1923 - speakeasy style! RSVP to join us.

4:30 – 6:30pm, 1923 inside Mandalay Bay

______________________________________________________________________________

InterConnect Concourse

We are an InterConnect exhibitor. You can find us daily on the Concourse, booth 930.

We hope to see you at InterConnect! Please feel free to reach out to us with questions: bill@infoinsightsllc.com

Building a New Column to List the Guardium Group Membership of DB Users

by John Haldeman, Enterprise Architect

Sometimes it's useful to know whether some of the data shown in a report is in a Guardium group without having to look up the group data elsewhere or modifying your conditions.

Let's take an example. Say you have three classifications of user:

1. DBAs or other highly privileged users
2. Non-DBA, direct-access users: people that connect directly with personal accounts
3. Service accounts: users that belong to application or batch processes

You want a report showing all connections but a column indicating that the user is in one of those groups or unclassified.

An Apparent Guardium V10 GUI Bug that Prevents Configuration of Domain Authentication for MS SQL Server - And It's Workaround

by John Haldeman, Enterprise Architect

Today someone on our team ran into an issue with connecting to a MS SQL Server database using a domain authenticated user. It was the second time this happened to us, so I thought I would write a blog post in case someone else encounters it. You might already be familiar with the special considerations for making SQL Server domain authenticated connections in order to set up things like entitlement reports and vulnerability assessments. Specifically, you need the jTDS driver and some special configuration as outlined in this support document:
              https://www-01.ibm.com/support/docview.wss?uid=swg21675924

The problem is that we've encountered what looks like a bug in Guardium V10's GUI that prevents connection properties from being saved. This is with V10 GPU 125 applied. I think it's likely it affects all current V10 versions, but can't be sure. What that means is that the "domain=<your domain>" instructions listed at the end of the support document don't seem to work. When you test the connection, you'll get failed login errors and when you exit and try and edit the datasource again you might find that the domain parameter that you enter disappears - it looks like it isn't being applied to the datasource definition.

How Do SonarG and Information Insights Solve Common Infrastructure Optimization Issues for your Existing Guardium Deployments?

Partnering for Even More Secure Enterprise Data Infrastructure

Earlier this year, Information Insights announced a partnership with jSonar, enhancing data security capabilities with the SonarG solution for further optimizing Guardium environments. Led by Ron Ben Natan, former CTO/founder of Guardium, this additional layer of protection takes advantage of next-generation Big Data technology to enhance and expand the platform’s resources in a number of key areas.

Since that announcement, I’ve met with many of jSonar’s Guardium clients to discuss SonarG, receiving feedback on our approach, along with insight into current challenges and goals for expanding the functionality and value that they get from Guardium. 

We were quickly able to pinpoint the source of SonarG’s enthusiastic adoption - it provides a powerful set of capabilities that perfectly complement the challenges and goals that the majority of Guardium deployments are facing.

Over the next few weeks, we will outline the findings from these conversations to address common concerns from customers, along with insight into how these are solved via SonarG – focusing on three major areas of enterprise data management: infrastructure optimization, improving data access and enabling security analytics.