Welcome to ARIES COMPUTER SYSTEMS, INC.... 19+ enthusing years of placing Professionals including Vice-Presidents and above and Contract Staffers... Deep Domain Knowledge of TELECOM ,ERP - SAP,ORACLE... TOTAL HR Solutions: Recruitment - HR Consultancy - Contract Staffing - Flexi & Permanent Staffing - Corporate Training - Competency Profiling - Performance Appraisal Design - OD Interventions - Assessment Centres .. Most able Executive Team makes Talent Finding very facile...
aSAC - Aries Secure Access Control (Get Control of YOUR Data!)

Clara Shih said "With new technologies promising endless conveniences also comes new vulnerabilities in terms of privacy and security." As technologies continue to evolve, our ability to share or withhold information also continues to evolve. Michael Douglas wrote "Control is what gives you privacy."

Information is contained in data. Protecting the access to data is crucial to all organizations. At the same time, project specific requirements, corporate policies, national laws and regulations, all contribute to a plethora of policies which require increasingly finer controls over how data is manipulated.

Data privacy principles, according to the National Institute of Standards and Technology (NIST), require that private data be collected only for a specified purpose and users be protected against inadvertent disclosure of information. Vendors such as Oracle have introduced tools such as Virtual Private Database (VPD) to let users associate PL/SQL functions to a table. These functions are applied every time a user tries to access the table and information that the user is not authorized to access is filtered out. While a great start, this approach still suffers from several limitations. It may be difficult to scale up and will be a challenge to maintain and enhance on a going forward basis. Policies are spread out and will be difficult to maintain. In addition, there is no support in migrating to a different database.

    Aries Secure Access Control (aSAC) address these issues through:

    • Ability to provide Protected Information.
    • Sunset options to allow Protected Information to expire in a specified time-frame.
    • Flexible audit logs.
    • Administration Panel.
    1. Protected Information:

    Protected Information is information that some or all users or groups are not allowed to access. This is controlled at the individual user level as well as group levels. Information can be set up with access as initially denied or granted. Finer detailed access controls allow specific users and or groups to override these initial settings.

    2. Sunset Options:

    Sunset Options allow Protected Information to expire in a specified time-frame. These options can be initially set up and a series of overrides provide.

    3. Flexible Audit Logs:

    Flexible Audit Logs provide the ability to turn on/off various logging items. Examples are tracking every read access by username/timestamp. Tracking add, update, or delete of records with copies of the before and after records.

    4. Administration Panel:

    These features are activated through an easy to use Administration Panel. Utilizing the Administration Panel access can be granted/revoked, audits controlled, fields masked, Sunset options configured and user activity managed.

    aSAC - Market Opportunity:-

    Data privacy principles, according to the National Institute of Standards and Technology (NIST), require that private data be collected only for a specified purpose and users be protected against inadvertent disclosure of information. In order to follow the myriad of industry standards and government regulations regarding data privacy, organizations need to implement methods and procedures to make sure information is adequately protected. These regulations and standards stipulate that an individual is allowed access only to the subset of that information that is needed to perform their job.

    For example, according to the US Health Insurance Portability and Accountability Act (HIPAA), doctors should only see medically relevant information about their own patients. Patient intake personnel should be able to see relevant insurance data and home addresses but should not have access to diagnoses or doctors’ notes. Application developers and testers who are testing enhancements or fixes should not have access to data that can breach the privacy of any particular patient or expose financial information. Similarly, according to the Payment Card Industry Data Security Standard (PCI DSS), access to cardholder data such as the credit card number must be restricted by business need-to-know.

    There are many — almost too many — options that have evolved for handling these use cases. We have come a long way from relying on database views to restrict access to rows and columns of data. Database vendors have created sophisticated access controls, such as Oracle Virtual Private Databases and DB2 Row and Column Access Control.

    These controls are sensitive to who is asking for the data and will appropriately subset the results for the user or role in a way that does not require the application to customize the database commands for each. Rather, the database command is modified to restrict results based on the user. In addition, this method works without changing most applications. While the existing vendor tools provide this fine grained level of access, they are notoriously difficult to use. aSAC will provide this control, through an intuitive GUI, so it is easy for the end user to configure and maintain.

    HIPPA fines can range from $100 - $50,000 per violation (or per record) with a maximum fine of $1.5M per year for each violation. According to PCI rules, non-compliance fines can run from $5,000 - $100,000 every month. With this level of fines plus the associated damage to branding and market reputation, every organization with personal information must ensure compliance to data privacy.

    Given the high risks of not being in compliance with applicable regulations as well as internal policies, the highest levels of information security for protecting data is imperative. The cost of sensitive information being exposed to deliberate and/or accidental security breaches is too high. External market studies state that it will be a major area of investment over the next five years. The ever-growing list of government and industry standards and regulations is forcing organizations of all sizes and vertical markets to investigate, deploy, and use data protection solutions.

    Organizations must move from a reactive compliance stance to proactive and cost effective information protection and control. Enterprises must go beyond the minimum requirements of regulatory compliance to internal policy compliance at a higher level of assurance. The ability to stop malicious and noncompliant actions before they occur requires a preemptive approach that starts with protecting and controlling information at the source - especially the database management systems. Increasing database security is one of the most effective means an organization has to prevent data leaks.

    Over 40% of the existing database installations are using Oracle databases. Oracle Virtual Private Databases (VPD) is their best selling security package. Therefore, the initial version of aSAC will utilize Oracle VPD. Future enhancements will include support for other provider products such as IBM Row and Column Access Control.

    Enterprises looking to improve their competitiveness, regulatory compliance, and overall data security will be target customers for aSAC.

    Copyright © 1991-2014 by Aries Computer Systems, Inc. All rights reserved