GDPR readiness: Considerations when configuring Guardium
Learn how Personal Identification Information (PII) data gets stored on your Guardium system, and how to manage this.
- Policy Builder
- If Log full details is selected in your Policy Rule Actions in the Policy Builder, Guardium logs data for each separate request, with unmasked values. Depending on the type of traffic being examined, it could contain PII. For more information, see: Rule actions
- Inspection Engine
- If Inspect return data is selected in the Inspection Engine configuration, data from the traffic, including result sets, is returned to the Guardium collector. Depending on the type of traffic being examined, it could contain PII. For more information, see: Network mirroring methods (SPAN , N-TAP) and related inspection engines
Follow these deployment guidelines for GDPR readiness:
- If you need to configure Policy Rule Actions to Log full details or Inspection Engines to Inspect Return Data, consider encrypting the disks in the appliances. For more information, see: How to partition with an encrypted LVM.
- Purge Intervals
- Guardium may capture debug information that could contain PII if the database traffic that triggered the exception contained PII. Guardium admins can purge data by setting the purge interval via the GUI purge panel or the CLI command store purge objects age. For more information, see: Enabling and disabling the Investigation Dashboard.
- The default for several of these items can be viewed using the CLI complementary command, show purge objects age. Interval is defined as number of days.
- SQL Masking
- Guardium may capture PII if a SQL query that contains PII fails. For more information, see Logging Exceptions.