Get data security and compliance monitoring as a service

* Alert Logic makes data compliance possible for companies that otherwise might not be able to provide it

One of the best things about the Software-as-a-Service model for IT services is that it brings sophisticated, high-value IT capabilities to small and midsized companies that otherwise wouldn't be able to afford such services. Now these companies can get critically important data governance and compliance monitoring in the form of an easy monthly service.

It’s all about the data. Everything that network security professionals do is all for the sake of protecting data assets. That feat is hard enough if you have a large staff of IT professionals, but what if the “IT department” is really just one or two people? Chances are, those few people are just trying to keep the computer systems running smoothly, and they don’t have the time – or the expertise – to monitor data for real-time threats or violations of policies and regulations.

At the same time, SMBs have the same needs as large enterprises to protect their data assets and comply with regulations such as HIPAA and Payment Card Industry (PCI).

For example, the Philharmonic Center for the Arts in Naples, Fla., has a small network of about 100 computers. The center accepts credit cards for transactions at its box office, gift shop and café and on its Web site. The PCI Data Security Standard (DSS) dictates that a card holder’s account and transaction information be protected in specific ways that would overwhelm the center’s two person IT staff. As the network administrator puts it, “It’s a big hassle to maintain data and understand it.”

The arts center has found a solution to its data security and compliance needs through a service offered by Alert Logic, an IT compliance and security company based in Houston. Alert Logic automates the collection, review, analysis and archives of security event and log data generated by its customers. If a threat or policy violation is detected, Alert Logic can initiate a remediation response and/or notify the customer of the problem.

Alert Logic’s service offers three basic technologies: log management; intrusion detection; and vulnerability assessment. These are technologies that are often too expensive or too complicated for SMBs to implement on their own. For SMBs, it often makes more sense to rent the use of these technologies and their associated services for a small monthly fee.

To get started, Alert Logic delivers a hardened Linux hardware appliance to be installed on the customer’s local network. Alert Logic monitors the customer’s network for suspicious traffic. If a security problem is detected, remediation can take place. For example, if a worm infection is detected behind the customer’s firewall, Alert Logic can quarantine the offending device through containment on the network switch.

In addition to the real-time network monitoring, the appliance collects and compresses the log data of the network. The log data is then transmitted to Alert Logic’s data center, where it is processed, analyzed, reported upon, and stored for archival purposes. Customers log in to a Web portal to view their data and reports.

The data is also reviewed for compliancy with the customer’s own policies as well as applicable industry regulations like Sarbox, HIPAA, PCI and GLBA. If there is a policy violation, Alert Logic notifies the customer so the company can take action.

Alert Logic also stores its customers’ data for specified periods of time. For example, PCI DSS requires that records of credit card transactions be archived for at least a year. Smaller companies can know that their data is properly archived and secured for as long as needed.

Customers don’t have to lock into a long-term contract for Alert Logic’s services. Unlike larger network security service providers, this provider gives its customers the flexibility of monthly subscriptions. Chris Smith, vice president of marketing for Alert Logic says the company has almost 400 clients today in a variety of industries, including retail, education, energy and others. Smith says a key value proposition is that Alert Logic makes data compliance possible for companies that otherwise might not be able to provide it.

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

IT Salary Survey 2021: The results are in