In week two of our blog series The Tradeoff Between Database Security and Database Performance, we explore the roles of database administrator and security administrator and why it is best practice not to combine the roles. If you missed it, you can read our blog series introduction on the apparently conflicting goals of improving both database security and performance.
Asking database administrators to act as a security administrator to manage database security is counterproductive. The two job categories have conflicting incentives. The goal of a database administrator is to ensure database availability, health, and performance. The objective of a security administrator is to control access to databases. As such, the goals of those two jobs are often in conflict. The contradiction is problematic because many database administrators are also part-time security administrators. It is best practice to avoid assigning the same person to both database security and database administration.
A security administrator needs to be someone who understands database administration, but whose job it is to think about security first and performance second. The security administrator needs to work closely with the database administrator. Moreover, both people need to collaborate well. However, in the intersection between performance and security, conflict is unavoidable. Only by having two people with different goals is it possible to find the optimal balance between security and performance. It is also valuable to have access to two separate sets of tools to manage security versus performance while being able to share common views such as via reporting.
How IDERA Can Help:
SQL Secure discovers security vulnerabilities and permissions for SQL Server and Azure SQL databases. Find out who has access to what and identify each user’s effective rights across all SQL Server and Azure SQL Database objects. Alert on violations of organizational policies, monitor changes made to security settings, and generate security audit reports as well as recommendations on how to improve the security model.
SQL Diagnostic Manager Pro is a robust performance monitoring, alerting and diagnostics solution for SQL Server. It proactively notifies administrators to health, performance or availability problems via a desktop console, a web console add-on, and a mobile console. It provides agentless, real-time monitoring and alerting for fast diagnosis and remediation.
Read more in the full whitepaper.