Auditing File Access

During a recent briefing with <a href="http://www.cofio.com">Cofio Software</a> on its new AIMstor product, the discussion of file auditing or file logging came up. File auditing is the ability to see who has created, modified, or deleted a file and to take appropriate measures.

George Crump, President, Storage Switzerland

September 2, 2008

2 Min Read
Dark Reading logo in a gray background | Dark Reading

During a recent briefing with Cofio Software on its new AIMstor product, the discussion of file auditing or file logging came up. File auditing is the ability to see who has created, modified, or deleted a file and to take appropriate measures.There are a few packages out there that do so as a standalone capability; FileSure from ByStorm and Quest Software's Intrust Plugin for File Access.

There also are various content management platforms out there. The challenge with these is getting everyone to use them consistently, which seldom seems to happen. These file-level utilities exist and will grow in demand because not everyone is going to implement content management platforms and even if you do, that consistent use issue keeps coming up. With file auditing you can know who has accessed what files, who has modified those files, and who has deleted those files. This is good. For example, it would be helpful to know that one of your top administrators had accessed that annual salary spreadsheet prior to your review with him. Ever wonder how someone gets all of that payroll detail? Ever wish you could prove it? File auditing lets you know. These tools are now becoming more sophisticated where they can take action based on this information. For example, you could have a policy that dictates that if the CFO changes a spreadsheet in the finance directory, that version of that file is copied out to a WORM-based Disk Archive for compliance reasons. Or if a file is copied by a user to a USB stick, you are sent an e-mail the moment it happens. Many copies to USB sticks are legitimate, but a quick scan of what is being copied where might be a good idea. Of course, you can stop this copy to USB all together with data blockage (or the more draconian, disablement of USB) which should really be integrated into the whole process ... more on that tomorrow...

Track us on Twitter: http://twitter.com/storageswiss.

Subscribe to our RSS feed.

George Crump is founder of Storage Switzerland, an analyst firm focused on the virtualization and storage marketplaces. It provides strategic consulting and analysis to storage users, suppliers, and integrators. An industry veteran of more than 25 years, Crump has held engineering and sales positions at various IT industry manufacturers and integrators. Prior to Storage Switzerland, he was CTO at one of the nation's largest integrators.

About the Author

George Crump

President, Storage Switzerland

George Crump is president and founder of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. With 25 years of experience designing storage solutions for datacenters across the US, he has seen the birth of such technologies as RAID, NAS, and SAN. Prior to founding Storage Switzerland, he was CTO at one the nation’s largest storage integrators, where he was in charge of technology testing, integration, and product selection. George is responsible for the storage blog on InformationWeek's website and is a regular contributor to publications such as Byte and Switch, SearchStorage, eWeek, SearchServerVirtualizaiton, and SearchDataBackup.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights