To do truly useful monitoring and analysis of data access requires understanding who the users are and what permissions they have, Summers says, so he expects EDD tools to begin monitoring policy servers and directory services in the next year. That requires a cohesive strategy for compliance and security, one that requires coordinating IT, business, security and legal needs. To accomplish that strategy, the CIO needs to ensure that monitoring and analysis is deployed holistically, not by just the security team or the network administration staff. Effective fraud and compliance monitoring requires having the right policies in place to manage data and access, as well as analyzing ongoing events in the network, in key applications and in key data stores.

The new breed of EDD tools are fairly expensive and difficult to deploy, notes Gartner’s Williams. Costs for a large enterprise start at $300,000 and can rise beyond

$1 million to deploy, since storage needs can be multiple terabytes and require an information management system. The actual deployment can take up to six months if it involves custom development, which is often the case. Over time, the tools will become more standardized and thus easier to deploy as vendors see broad patterns from the custom deployments, Williams notes. But today, the high costs have limited the tools’ adoption mainly to regulated enterprises or ones where fraud costs more than its prevention, he says. For more on the different EDD tools that are available, go to www.cio.com/041506.

EDD tools can be part of an overall security and compliance effort, but by themselves, EDD tools are barely Band-Aids—unless, of course, you’re just making a pro forma, "cover-your-ass investment," says Gartner’s Litan. That kind of lip-service monitoring and analysis may help you complete a checklist to impress naive shareholders, but it won’t really help your company, says Good Harbor’s Schwalm. After all, as Summers of Unisys notes, "most companies already do logs, but no one looks at them."