Auditing is More Than a Way to Get the Security Team Off Your Back

by Nov 11, 2014

As a DBA, you probably look at auditing tools as a something forced upon you by the security officer. You are asked to provide continuous auditing of SQL Server activity and to generate reports to satisfy PCI, HIPAA, FERPA and SOX requirements. You buy a tool just to reduce the time spent meeting these needs. Of course, Idera’s SQL Compliance Manager can do all these with no problem.

However, SQL Compliance Manager was also designed to be an invaluable tool in the DBA toolset. It includes features that will let you do many things such as diagnosing problems, keeping an eye on your developers or just implementing basic change management. One of our users watches for: 

PRIIVLIGED USER AUDITING
Often, DBAs will find that the application developers at their company ask for sysadmin privileges. The developers say they will use this only in emergencies and to just “look:” at the data. When something goes wrong the cry of “I didn’t change anything” rings out. The SQL CM privileged user auditing feature lets you do some focused auditing to track everything done by certain accounts. While tracking every read operation may be too much for general accounts acting against a database, you can use this feature to see every read/write/administrative change done by the sysadmins. The great new is that when something does go wrong you can find out not only what changed to cause the issue but who changed it so you can have a chat with them about processes.

CHANGE MANAGEMENT
Auditors like to make sure the data in your databases is safe. But as a DBA you are in charge of making sure the database is up and running. Being a control freak comes as part of the job. You want to make sure you are aware of every schema change such as creation of new tables or columns and security changes so that you can make sure everything is OK. This is especially valuable when you are breaking in new staff members. SQL Compliance Manager lets you audit all the DDL and administrative activities on databases so that you can perform effective change management on your databases.

I hope these features show you some of the power that SQL Compliance Manager adds to your toolset. Although it is a great tool to make the auditors happy, it can also be a very valuable and effective tool for your personal arsenal!

Have questions or comments? Please let us know in the SQL Compliance Manager Forum.