Simplify regulatory compliance with DB2 Tools for z/OS
from CCR2, Issue 9 - 2006
 |
Tom Ramey, IBM DB2 Tools Business Executive, was interviewed for this product update. |
Regulatory compliance is driving big changes to the way companies do business. IBM's suite of IBM regulatory compliance tools for DB2 z/OS, including the newest addition, IBM DB2 Audit Management Expert, gives you the capabilities to confidently comply with regulations while saving time and expense in the data center.
Regulatory compliance takes many forms, from Sarbanes-Oxley (SOX) to the Health Insurance Portability and Accountability Act (HIPAA) to Basel II – to mention just a few. These and other regulations are driving changes to the way IT organizations protect and retain data – and document their compliance. These complex and time-consuming tasks can impact even the most progressive IT organizations.
IBM's regulatory compliance solutions can equip your company with tools to respond effectively to compliance requirements. And in turn give you greater control to improve your overall IT efficiency – protecting both your customers and your business.
Who did what to your data, where and when?
Until now, auditors have lacked the ability to independently gather DB2 information, instead relying on IT staff, such as database administrators (DBAs), to produce the data views needed for an audit trail. Responding to these auditors' requests can distract DBAs from more strategic responsibilities.
To address this situation, IBM recently released the newest member of the IBM DB2 regulatory compliance suite, IBM DB2 Audit Management Expert. This tool can be used by DBAs and auditors themselves to provide all the information needed for an audit while also maintaining database security.
With an easy to use graphical interface, IBM DB2 Audit Management Expert requires no DB2 expertise – allowing auditors to gather and correlate a coherent view of DB2 activity. Auditors are not required to log into DB2 nor are they able to directly manipulate any DB2 resource, thus securing a further layer of protection for your DB2 data.
Auditors are able to collect log and trace data in an audit repository, and then view, analyze and generate comprehensive reports on the data. They can selectively filter SELECT, INSERT, UPDATE and DELETE activity by user or by object and export these filters for use on another DB2 system.
Manage with DB2 Tools to ensure compliance
Data auditing is only one aspect of regulatory compliance. IT staff are also challenged with data retention requirements as well as maintaining the confidentiality of data in test and production environments. You can take on these challenges with the centralized, standardized approaches provided by IBM DB2 Data Archive Expert, IBM DB2 Test Database Generator and IBM DB2 Data Encryption for DB2 and IMS.
Due to regulations such as SOX, HIPAA, Basel II and others, companies are required to maintain more data for longer periods of time. Retaining inactive data in your production environment can significantly degrade performance, which in turn can impact your company's ability to stay competitive. IBM DB2 Data Archive Expert moves seldom used data to a less costly storage medium, DASD or tape. This capability is critical when regulations require you to maintain data seven years or longer.
IBM DB2 Data Archive Expert allows for selective row-based archiving across multiple DB2 tables. The tool keeps track of what was archived and where – for your entire enterprise. Paired with DB2 Audit Management Expert, the tool allows auditors to include historical data views in their auditing requests. This centralized approach allows you to enforce a consistent policy across lines of business and show data retention compliance in audit reports.
An often overlooked part of regulatory compliance is maintaining confidential data when testing applications. IBM DB2 Test Database Generator lets you create data for application test environments while ensuring the referential integrity of the data. To help with regulatory compliance, the tool allows you to mask and sanitize production data used in test. This ensures that sensitive information like telephone numbers, credit card information, salary information, and medical records is not exposed to the group that is testing the business applications.
No one wants to be tomorrow's news of the day for having unencrypted disks, tapes or laptop data go missing during off-site transit or storage. IBM Data Encryption for IMS and DB2 Databases enables you to protect such sensitive data – at the row level for DB2, and the segment level for IMS – by converting it to a form that is unintelligible except to the person authorized by your security administrator. This solution uses the Integrated Cryptographic Service Facility (ICSF) on the z/OS platform.
Organizations today face a bewildering array of government regulations and privacy acts, having to deal with a range of new data security issues. The consequences can be significant if compliance issues are not fully met. Why take that risk? Using IBM DB2 tools gives you the capabilities to confidently comply with regulations while saving time and expense in the data center.
For more information
|
