Villanueva de la Cañada is a municipality in the Community of Madrid, Spain, and like any local government holds a wealth of information about citizens and their activity. They are therefore required to comply with the Esquema Nacional de Seguridad (ENS).
The Spain ENS was established as part of Royal Decree 3/2010 and serves to establish principles and requirements for the adequate protection of information for Spanish public sector entities.
Traceability of files for ENS compliance
At the core of the ENS compliance is the desire to protect information. To do so, the Ayuntamiento Villanueva de la Cañada requires visibility into who has access, who is using access, and what actions are being taken upon this protected data.
Juan and his team therefore needed a granular and detailed audit trail that they could present to any auditors to demonstrate proper access controls were in place to protect sensitive information against unwanted access.
Juan was thus looking for a solution that would monitor and record all file accesses and would also alert him when suspicious behaviour is detected.
Constant data visibility & ability to alert the IT team of suspicious behaviour
Juan was looking for an intuitive third-party solution to provide real-time data and meet the ENS requirements. Danysoft, software distributor and one of IS Decisions’ partners, recommended FileAudit as they knew it would do exactly what they needed.
The visibility, automatic alerts and scheduled reports were everything Juan was looking for.
Especially important were FileAudit’s mass access alerts. They allowed the company to be alerted on the most common ‘potential red flags’ - the presence of mass copying or bulk deletion or movement of data.
On testing FileAudit, the installation and configuration of the software was very fast. Juan commented, “FileAudit is compatible with everything we already have. We do not need to change backup systems or directory systems, nor do we need a dedicated server, or anything like that. It has been easy to use and its implementation has been fast. What’s more, the software is reasonably priced.”
Prove that ENS compliance-specific controls are in place
Juan was able to see the value of the mass access alert feature when it was triggered due to abnormal accesses on the server. 400 MB of files had been deleted by mistake by an employee. Thanks to FileAudit he was able to pinpoint immediately the machine and fix the issue.
Having FileAudit in place has helped the Ayuntamiento Villanueva de la Cañada reach requirements needed for the ENS compliance. FileAudit provides actionable information about all access made to folders, files and file shares. It allows them to show proper access controls and reporting tools are in place to protect data against unauthorized access.
The alerts and reports make it easy to further investigate within FileAudit the full access history in case of a security issue.