File Server event logs: Why it is important to audit file activity
Written by Judy
File servers are convenient because company administrators can assign and register employees to have access to files stored on the server. If your company has reasonable security for the file server (i.e. secure physical location, antivirus and malware protection, access control), then it’s safe to assume that your files are secure, right?
This is a common misconception and surprisingly, even with the growth of data breaches and compromises, many companies do not realize that the risks run much deeper. At this point, digital rights management should already be considered for the company file server to prevent data from leaving the server without authorization.
For instance, what stops an employee from copying a file off of the file server and accidentally (or maliciously) leaking the data outside of the company? According to a study done by Ponemon and Symantec Corp., 64% of data breaches and compromises are caused by human and system errors combined while only 37% are caused by malicious attacks. So what can companies do to prevent these risks and stop it at the source?
Aside from digital rights management to prevent files from leaving the server unless the employee is authorized, administrators also need file activity event logs. Event logs with recorded details such as affected file, action taken, user, time, date, and file location is crucial for auditing purposes and stopping a leak at its source. Event logs that update in real time allow administrators to accurately audit file activity and see if any suspicious activity is occurring. Administrators can also audit files that have been taken out by an employee with permission from the FTO, and the original file is backed up on the server. This way, administrators will always know which files were taken out. On December 14, 2013, an article from the New York Times states, “American intelligence and law enforcement investigators have concluded that they may never know the entirety of what the former National Security Agency contractor Edward J. Snowden extracted from classified government computers before leaving the United States, according to senior government officials.” Think of how useful event logs could have been in the Edward Snowden Case.