Get data security and compliance monitoring as a service

The CIO-level business angle on the latest tech

One of the best things about the Software-as-a-Service model for IT services is that it brings sophisticated, high-value IT capabilities to small and midsized companies that otherwise wouldn't be able to afford such services. Now these companies can get critically important data governance and compliance monitoring in the form of an easy monthly service.

It’s all about the data. Everything that network security professionals do is all for the sake of protecting data assets. That feat is hard enough if you have a large staff of IT professionals, but what if the “IT department” is really just one or two people? Chances are, those few people are just trying to keep the computer systems running smoothly, and they don’t have the time – or the expertise – to monitor data for real-time threats or violations of policies and regulations.

At the same time, SMBs have the same needs as large enterprises to protect their data assets and comply with regulations such as HIPAA and Payment Card Industry (PCI).

For example, the Philharmonic Center for the Arts in Naples, Fla., has a small network of about 100 computers. The center accepts credit cards for transactions at its box office, gift shop and café and on its Web site. The PCI Data Security Standard (DSS) dictates that a card holder’s account and transaction information be protected in specific ways that would overwhelm the center’s two person IT staff. As the network administrator puts it, “It’s a big hassle to maintain data and understand it.”

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

One of the best things about the Software-as-a-Service model for IT services is that it brings sophisticated, high-value IT capabilities to small and midsized companies that otherwise wouldn't be able to afford such services. Now these companies can get critically important data governance and compliance monitoring in the form of an easy monthly service.

It’s all about the data. Everything that network security professionals do is all for the sake of protecting data assets. That feat is hard enough if you have a large staff of IT professionals, but what if the “IT department” is really just one or two people? Chances are, those few people are just trying to keep the computer systems running smoothly, and they don’t have the time – or the expertise – to monitor data for real-time threats or violations of policies and regulations.

At the same time, SMBs have the same needs as large enterprises to protect their data assets and comply with regulations such as HIPAA and Payment Card Industry (PCI).

For example, the Philharmonic Center for the Arts in Naples, Fla., has a small network of about 100 computers. The center accepts credit cards for transactions at its box office, gift shop and café and on its Web site. The PCI Data Security Standard (DSS) dictates that a card holder’s account and transaction information be protected in specific ways that would overwhelm the center’s two person IT staff. As the network administrator puts it, “It’s a big hassle to maintain data and understand it.”

The arts center has found a solution to its data security and compliance needs through a service offered by Alert Logic, an IT compliance and security company based in Houston. Alert Logic automates the collection, review, analysis and archives of security event and log data generated by its customers. If a threat or policy violation is detected, Alert Logic can initiate a remediation response and/or notify the customer of the problem.

Alert Logic’s service offers three basic technologies: log management; intrusion detection; and vulnerability assessment. These are technologies that are often too expensive or too complicated for SMBs to implement on their own. For SMBs, it often makes more sense to rent the use of these technologies and their associated services for a small monthly fee.

To get started, Alert Logic delivers a hardened Linux hardware appliance to be installed on the customer’s local network. Alert Logic monitors the customer’s network for suspicious traffic. If a security problem is detected, remediation can take place. For example, if a worm infection is detected behind the customer’s firewall, Alert Logic can quarantine the offending device through containment on the network switch.

In addition to the real-time network monitoring, the appliance collects and compresses the log data of the network. The log data is then transmitted to Alert Logic’s data center, where it is processed, analyzed, reported upon, and stored for archival purposes. Customers log in to a Web portal to view their data and reports.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.