We Can’t Audit Our Lives But We Can Audit Our Data

Two weeks ago my fiancée came home from Christmas shopping. While she was unpacking, she realized she didn’t have her phone with her. She panicked! The idea of losing all her information: phone numbers, addresses, pictures, calendar, etc., was really scary and frustrating. Especially if we consider all the activities we use our phones for today, the data contained in the phone becomes a huge asset and a great risk for us if lost. We called the phone and there was no answer, then we started retracing all her steps during the day. What did she do? Where did she go? Who did she talk to? We had to try to figure out what happened with her phone but we couldn’t remember every place she had visited. We didn’t know if she left it somewhere or someone took it. Because the GPS service kills the battery very quickly, she had turned it off. Imagine the feeling: she had lost valuable and sensitive information, and she didn’t know what happened, how it happened or when it happened. There was no way for us to find it.

If you’ve ever staffed a help desk then you have probably experienced a similar situation when users called you because they couldn’t find their data. They know it was there yesterday but today it is not there anymore and they need you to find it. They don’t know who moved it, or deleted it, or when; they don’t have any idea what happened. If you had native Windows auditing turned on, you might be able to find it, but because of the impact native auditing has on the performance of file servers, most organizations do not use it. Like Brian Vecci said “It’s simply too resource-intensive and doesn’t offer enough functionality.” On the other hand, manual processes are time consuming and ineffective; it takes a long time to try to determine what happened and most of the time we can’t. We can’t identify what exactly happened to the file. Was it deleted? Was it moved to a different folder? Who moved it? At the end you really have no way of finding it, other than restoring a backup, which most likely won’t be up-to-date if it’s there at all. To find lost files, as well as to perform many other data governance activities like identify stale data, remove excessive permissions and identify access abuse, it is necessary to have an audit trail.

Unfortunately we couldn’t locate my fiancées phone; she lost pictures, phone numbers, emails, calendar events, and other valuable information. We will get a new one and load some information from the backup, but the backup is not up to date. It will be impossible to recover all the data stored in that phone, and now it is at risk in the hands of the person who found it or took it which we have no way to find. We still don’t know what happened, but we’ll just have to hope for the best. While we may not yet have a good solution for auditing our daily lives, we do have one when it comes to unstructured data.

Get the latest security news in your inbox.