Last year, 158 legal proceedings against civil servants in Germany were underway due to misuse of their service databases [1]. Similarly, 237 UK police force staff members were punished for violating their service IT systems [2]. These cases highlight the vulnerability of digital databases and need to allocate substantially greater effort to detect misconduct that only increases in difficulty with the growth in the volume of data and new distributed workflows which are being run outside of enterprise perimeters.
These challenges create a growing need for analysing system logs and securing the integrity of audit trails that record who performs what activity and how the information system responds. This plays an important part of any industry’s overall information governance strategy. Maintaining the integrity of audit trails is vital in order to evoke and enforce societal trust but also to mitigate against negative influences and to protect an organization from liability during legal challenges.
Guardtime Truetrail is a new audit trail management solution for proving the integrity and ensuring the validity and accuracy of audit logs. TrueTrail detects any unauthorized changes and ensures that audit trails can be presented as evidence with independently verifiable proof.
SMIT bears the responsibility for helping rescuers, police officers, and emergency staff prevent accidents and save lives. As such the ICT services provided by SMIT must be irrefutable at all times. Logs from various SMIT information systems serve as evidence in court and provide the certainty that the information in the audit logs has not been altered is vital prerequisite to their use, as any alleged misuse of state’s databases must be supported with indisputable evidence. Truetrail technology supplies SMIT's audit logs with mathematical proof showing that the logs presented are correct.
Head of Information Security Department at SMIT, Uko Valtenberg states:
“Our job in SMIT does not solely require assuring security of mission-critical services but also preventing their misuse and enforcing accountability. Our cooperation with Guardtime provides us the indisputable evidence about the use of our system - or simply put - with the Truetrail solution we can definitively prove who did what and when.”
- independent verifiability and indefinite validity,
- compliance to regulatory requirements,
- proof of the time and integrity of the events, as well as proving that events are in the correct order and none have been deleted;
- 100% data privacy - only hashes of data are processed, customer data is not ingested.
Ivo Lõhmus, Product Manager at Guardtime concludes:
“As a result of the Truetrail implementation project we will be assuring proof value of audit log messages of thousands of services in a highly distributed environment. The project is currently in the implementation phase and we expect to reach full-scale production deployment before the end of the year. “
Discover more and get in touch: https://guardtime.com/truetrail
Guardtime’s development of the TrueTrail solution is supported by European Union’s Horizon 2020 research and innovation programme.
____________________________________________________________________________________________________
[1] https://www.spiegel.de/panorama/justiz/datenschutz-familie-freunde-nachbarn-wie-polizisten-ihr-umfeld-ausspionieren-a-1294411.html
[2] https://www.theregister.com/2019/11/11/police_database_security/