Automated Compliance Code Review for Application Access Objects
Prevent compliance problems before source code is migrated to production. iCatalog provides a quick, dynamic review of code written into application access objects (such as forms, reports, and JSP, .Net, PL-SQL, etc.). A valuable compliance and pre-production step, iCatalog determines if a piece of code could inappropriately expose users to sensitive data. MENTIS metadata classifies all data affected by the code so it can be compared to both the legislative and the compliance requirements that affect your organization. iCatalog also provides an audit of the different means by which sensitive data could be accessed and by whom.
Innovation AND Compliance.
Developers manage important tasks that are central to organizational goals and objectives. Whether writing software or creating reports, developers need to ensure the satisfaction of multiple user groups and are charged with producing innovative solutions that meet market needs. Underlying these tasks are a multitude of details such as functionality, performance, scalability, reliability, realistic implementation schedules, system architecture, and adherence to development goals and principles. Adding compliance expertise to the developer’s already full plate is inefficient and often, simply not feasible.
However, the current open culture surrounding application development creates a dangerous loophole in the security, risk and governance arena. Each piece of new code could expose sensitive trade secrets, or employee, vendor, partner, or customer data. When sensitive data is exposed, security and reputation problems abound. The sheer amount of code that is typically written in most organizations could make inappropriate exposure impossible to detect until it is too late. Until iCatalog.
Compliant Code from Development to Production – Automatically
New Code or Old Code – It Can’t Hide
New Code: iCatalog automates your compliance and security acceptance testing by identifying when a new piece of code is written. Using the MENTIS data classification engine, iCatalog provides templates that Compliance can customize to any law applicable to your organization. Any code that violates a law will trigger a customized alert. Individuals involved in the compliance and development acceptance process will be informed that a potential security loophole has been created. For example, inappropriate user requests that could expose salary information, improperly imbedded code that pulls sensitive financial information, or simple mistakes that expose social security numbers will be caught and corrected, simply and easily.
Old Code: iCatalog can also roll back all previously built applications so you can identify your organization’s true risk. Because of the intelligence of the MENTIS technical platform and data classification engine, implementation is only a matter of days. The results are instantaneous and can be run on multiple database instances. Since Oracle Application metadata is pre-built.iCatalog can be implemented in 2 days for vanilla Oracle Applications. iCatalog can also be completely implemented on customized applications – typically, three to four days, depending upon the application size, the number of customizations and the number of databases involved.
Source Code Library: iCatalog creates a comprehensive digital library of your source code. The library will inform you of which code fragments could access or expose sensitive information. Using iCatalog and the MENTIS data classification engine, you can discern, at a glance, code that exposes, deletes, inserts, updates, modifies, etc. any information that is protected by any legislation such as HIPPA, SOX, GLBA, and FERPA. |
