IDERA recently released a Database Management Report Survey with interesting industry trends such as “nearly 90% of enterprise IT respondents agree that the complexity of their database environment has increased over the past five years, while more than 45%, state these environments have grown significantly or extremely more complex during this time.” One of the items that rank high on the list of challenges is security and compliance requirements.
Craig Mullins did an interview with TechTarget for an article about the evolving responsibilities of Database Administrators. One area in particular was the topic of Security. He stated, “Security has always been a built-in part of managing a DBMS, but 10 or 15 years ago it wasn't quite as interesting a topic for DBAs. Now most new apps…are Web-based, and security is one of the first things that DBAs look at.”
It is pretty common to hear of new data breach revelations and keeping up with industry and government compliance regulations make security concerns not only top of mind, but increasingly complicated to find and plug potential holes. Adding another layer of complexity is the growing movement to cloud environments introducing a another layer of security concerns and questions of control over the data and possible vulnerabilities.
DBAs may know where some security gaps exist in their servers, but often they are unaware of issues until disaster strikes. Auditing of databases is a common practice to find vulnerabilities and there are things you can do using SSMS, agent jobs and SQL Server scripts. K Brian Kelley, a Microsoft MVP, wrote a white paper on the topic Top 5 Things to Audit White Paper to help aid in this task. However, we hear customers time and again say there is a growing amount of data to secure and confusion about what all to audit besides the obvious SA passwords and failed login attempts where SSMS can't help. There is a lot more out there to identify, monitor and manage amidst a growing number of databases and this is where folks ask for help to effectively address this rather daunting task.
IDERA has a few products which can help you setup, monitor and report on security and compliance policies across your organization to simplify the tasks. SQL Compliance Manager is one such tool; an award-winning auditing and compliance solution for SQL Servers. Customers use SQL CM to audit suspicious transactions, track changes to sensitive data, generate reports for Auditors and comply with regulations such as HIPAA, PCI, SOX and FERPA.
SQL CM includes several Activity dashboards that display the activity at the enterprise and individual SQL Server instance levels. These dashboards allow you to quickly check activity in each event category audited, view SQL Server activity statistics, and short-term activity trends that can be used to identify security problems and give you more in-depth analysis.
SQL Secure is another product available to help you craft a handy security report card to identify vulnerabilities, manage permissions and adhere to security policies more effectively. For example, security checks are listed within the security report card to identify specific risks and vulnerabilities such as data integrity, configuration changes, logins, access and permissions. You can also read this MSSQLTips product review to learn more about use cases where SQL Secure can be helpful.
Managing databases and acting as data protector can be tricky. Hopefully you found some of these resources and product tool mentions informative. If you have questions, let us know on IDERA’s Security & Compliance Community Forum – we are here to help!