Innovatum Adds Biometric Authentication to Improve Compliance ‘Auditability’

March 4, 2008 Dan Burger

Regulations that affect the collection, storage, and retrieval of electronic data records have hit IT departments like a snow storm in Miami Beach. IT managers have been shivering ever since mandates such as Sarbanes Oxley, Gramm-Leach-Bliley, HIPAA, and the FDA’s 21 CFR part 11, plus a blizzard of other industry-specific compliance rules have entered their domain. Early efforts to make the grade were manual labor intensive. To get out from under that heavy load, organizations looked to technology for automated solutions. Innovatum, with its data monitoring software, has been in the thick of it.

Coupled with the cold blast of government and industry regulations has been the transition from traditional paper-based to electronic-based data management. This transition has not been entirely smooth, as your particular experience may painfully demonstrate. Costs–yes, it’s true–have been known to exceed expectations.

Just as there are costs associated with a surge in manual labor, there will be costs involved with implementing technology. The point is acknowledged in Innovatum’s white paper on electronic records management strategy. Compared to the costs associated with noncompliance, inaccurate data, inefficiencies, and slow response to informational requirements, the technology is less expensive, according to the Innovatum report.

Collecting information from a variety of source systems and loading it into a system for storage and quick retrieval is part of the electronic records management equation. But with regulatory compliance comes the huge responsibility of implementing security measures and auditability features.

Each government and industry mandate demands a unique but persistent monitoring of database activity. The monitoring must adhere to both internal and external audit demands. So far, so good, right? Maybe. The difficult part comes with identifying beyond the last change and identifying that change by user and date field. You likely have this record, but it gets overlaid each time the record is updated.

That brings us to Innovatum’s latest enhancement to its DataThread software that monitors database access at the record and field level. It has accomplished this by incorporating transaction-level user authentication into all System i applications.

Innovatum turned to Valid Technologies for this expanded capability. Valid Secure System Authentication (VSSA) replaces passwords with fingerprint biometric authentication. It makes use of centralized authentication processes and journals that track each transaction.

VSSA runs natively on i5/OS and in conjunction with standard USB-based fingerprint scanners from APC. It interacts with applications through calls to source code embedded into the RPG, COBOL, Java, C++, or Visual Basic.

“The integration of VSSA and DataThread will enable a 360-degree view of System i activity and real-time authentication at the most granular level, on the data, where you need it,” says Valid Technologies’ CTO Tom Secreto, who also promises this user authentication “adds significantly to security, accountability, and productivity.”

Innovatum will sell and support DataThread with or without the VSSA option. VSSA is marketed through OEMs and IBM business partners on a one-time license basis, and is priced based on the number of active enrolled VSSA users.

The announcement by Innovatum signals more traction for biometric authentication in the System i market. One month ago, Patrick Townsend & Associates, a software company that provides data encryption, key management, and security logging solutions to enterprise-level companies, announced it has integrated VSSA with its i5/OS encryption offerings.