|
 |
|
 |
|
Overview
Since December 2005, AXA Technology Services Japan (hereinafter called gAXA Techh) has been engaged in the Oracle Database Audit using eAudit Masterf. AXA Tech has strengthened technological coordination on a global basis, and been providing high-level technological capabilities for its database used in Japan. Generally database audit is said to be difficult to use. Therefore, the companyfs early introduction and successful operation of database audit is sure to be a useful example for all other users.
|
|
|
|
|
|
¡ General outline of AXA Tech
- AXA Tech Japan is an IT service provider for companies of AXA Group, today one of the world largest insurers and financial players, with 87 employees as of April 2007 and its headquarters located at Shirokane-Takanawa in Minato ward, Tokyo.
- Largely due to the fact that AXA Tech has a global presence, it greatly advances in technical and organizational efforts. We believe that Japanese firms may learn many things from its experiences. One of such examples is that the IT firm completely separates in the organization the department providing IT services from that checking and monitoring those services for security.
- When it comes to database, AXA Tech succeeded in offering sophisticated technologies through global coordination, while actively leveraging new ones.
- As the term epositivef was chosen in the first place as one of its corporate philosophy, named eAXA Tech Valuef, the company has positively challenged innovative approaches to system architecture.
|
|
|
|
|
|
¡ Mission of AXA Tech DBA
- Mr. Otani is playing an active role in database-related business within AXA Tech. He is currently committed to major framework to restructure oracle database environment into an integrated platform. This is the idea that integrates the entire database by using eOracle Database 10g RACf to built redundancy structure of database service for almost all applications and thereby to realize stable supply while adjusting the load. We see that this kind of idea may be still rare in Japan. In particular, not only financial institutions but also major companies seem reluctant to adopt it. Quite a few customers of EXE Solutions are also showing a wait-and-see attitude about it. AXA Groupfs innovative attitude may be unique to foreign-affiliated companies, but may come from its business-oriented idea to maximize ROI by keeping positively challenging new technologies and enjoying reaping their benefit at an early stage.
|
|
|
|
|
|
¡ Background of Audit Master introduction
- AXA Tech decided to introduce Audit Master as a supporting tool in carrying out database audit mainly to comply with the Sarbanes-Oxley Act (SOX Act: in U.S. and other foreign countries before in Japan). In our interview, Mr. Otani gave main reasons for its implementation as follows:
- 1) Simply easy to use
- Audit Master has been noted for its usability. Only an hour after starting to use this product, he became convinced that gI can use it!h He also said, gThis is so simple that everyone can operate it by instincth. He had experiences with some other products before, but finally found all of them difficult to use. This point became critical to AXA Tech in deciding which product to adopt, since Audit Master had a great advantage over other competitive products at the time when the company had to establish the system and operational framework of database audit with a limited time frame. They could never afford to spare extra time to tackle with a user-unfriendly product.
- 2) Reasonable price
- 3) Flexible in after-sale support
- Some requirements AXA Tech actually made, including customization requests, were almost fully fulfilled in cooperation with the vendor.
|
|
|
|
|
|
¡ How to use Audit Master
- With its dual servers running both in Australia and Japan, AXA Tech has pursued a more effective audit scheme. In other words, it has tried to achieve a cost- and time- effective audit mechanism that can be operated with a standard approach and can meet its security needs in a timely manner.
- At present with the help of Audit Master, it can simultaneously manage to conduct extremely precise database audit as well as to place limited impact on system load. In order to realize both of them, the following means are taken using functional capabilities of Audit Master:
- 1) Use of audit feature of Oracle database
- With standard function mounted in Audit Master, AXA Tech configures Oraclefs audit function to perform log-in audit and collect log data. This is an event-trigger approach, useful to fully collect data.
- 2) Collection of SQL
- In order to conduct detailed forensics on access data through to the database, AXA Tech attempts to obtain all SQL. This is an approach that checks SGA at a regular interval to obtain SQL as audit log and will later allow to track which SQL a user issues.
|
|
|
|
|
|
¡ Last question: candid views on Audit Master |
|
| - |
Satisfied with its flexible response to vendorfs product.
Customization requirements for AXA Tech were almost fully fulfilled.
|
| - |
Oracle engineers both at the vendor and EXE Solutions made us feel comfortable. |
| - |
Truly easy-to-use |
| - |
At present, we can deal with all Oracle servers with Audit Master.
|
|
|
