SQLServerCentral Editorial

Insider Security Threats

,

Are you worried about internal users at your company compromising your data security? I'd hope that you are at least a little worried, after all, we find out regularly that people we thought we knew acted in a surprising manner, or did something inappropriate that we hadn't expected. It's not always malicious or intentional, but even when it's accidental, our security gets compromised and we receive some of the blame.

Security is a hard process to implement, especially over time. Too much security implies too little trust, and as humans, we want to trust each other. As we work together, and build trust, we tend to let security lapse a bit. As organizations grow, evolve, and change people around, we introduce security loopholes from mis-configurations, poor architectural foundations, or simple mistakes like failing to remove someone from a security role.

This piece talks a bit about the internal security threats you face, while ranting a bit about the term "insider threat". The threats you face from external attackers are different from those you face from internal employees. However in each case, there's one thing that's important for getting close to a secure environment: monitoring.

We can't determine every type of attack vector, protect every system or database completely, but we can monitor for issues and be prepared to react when a problem occurs. The auditing capabilities of SQL Server have grown tremendously with the eventing enhancements to the platform, and I urge you to spend some time learning about Extended Events, which give you even more of an insight into what is happening on your server.

Steve Jones


The Voice of the DBA Podcasts

We are having some technical issues with our hosting provider and are working to get the podcasts back online soon. Our apologies for the delays.

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there. Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

You can also follow Steve Jones on Twitter:

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating