Uncategorized

What Is Your SQL Server Security Plan and Approach?

by Ben Taylor

SQL Server Video Show Available

SelectViews #110: Partitioning Large Databases, USB Devices, Performance and Clustered Indexes, Upcoming Events. Also, the Accidental DBA Tip, the 60-Second SQL Server Tip of the Day and a Lot More.

[Watch The Show]

What is Your Security Plan?
How do you work to put new security in place, add new things to your systems and logic flow to address issues like injection and better learning about best practices?

What’s kind of interesting is that everyone looks to the DBA (or the person responsible for the databases for those accidental DBAs out there) as the person that is supposed to be taking care of the information in the systems. At the same time, many of those systems are susceptible because of things that are beyond the domain of a database person. This includes things like injection and other policies and entry points that are out of the control of the typical database person.

How do you handle this? Typically, what I’ve seen work is getting a meeting together with the various responsible parties and having a "look, this is serious" kind of meeting and doing what amounts to peeling back the layers of the onion to explain how things are inter-related. It goes beyond just looking at the DBA for performance and backup/recovery issues. It really goes to realizing that there is much more to the equation – and the teams (or even just the individuals) have to work together to control the vulnerable points. These meetings are usually the first of many – and hopefully they open the door to getting people in a frame of mind that includes not only a developer or DBA working to correct an issue, but people realizing that for all of the attack vectors that there are, there are that many defensive vectors as well – and it takes working together to address them.

Featured White Paper(s)
ESG Lab Validation Report of the HP PolyServe Database Utility for SQL Server
ESG Lab, the testing facility of industry analyst firm Enterprise Strategy Group, reports its comprehensive testing of HP’s s… (read more)

Overcoming the Barriers to Business Intelligence Success
Read this EMC Perspective, Overcoming the Barriers to Business Intelligence Success, and learn how to create complete Busines… (read more)

Author: Ben TaylorBen is a Relational Database veteran starting in the early eighties on DEC Vax database systems such as Bloom and Harvest. He has specialized in SQL engines for more than two decades, with a primary focus on Microsoft SQL Server. Ben has worked with small and large databases for both OLAP and OLTP working on systems for many industries such as Medical (Medical Claims and Eligibility Warehouse, HMO Provider Management, Enrollment), Financial (credit card processing, mortgage, stock portfolio management), Manufacturing (Assembly Line and Product Assemblies), Sales, Auto Auctions and more.