Keeping your database secure is something that every DBA strives for, and I think every manager expects to just happen. Even when they don't want to implement your stringent procedures, or want you to short cut a process to "get something done, " it seems managers and users still expect that your data will be secure.
So what can you do? Do your best, is really all you can do. Learn about security, try to follow best practices, and follow your own procedures, even when they are a pain. What does that mean? I wish I had a detailed security guide for you, and I'm working to get one set up.
I ran across this article from eWeek recently that talks about how to monitor and protect your databases. As with most mainstream articles, it's got just general information about what you should do, but there was one item I wasn't sure what to think about. There are three things they recommend, and the third piece of advice was to monitor access to your databases in real time.
Real time? Detect all access to sensitive information? Apparently the author of this article has never seen a Profiler trace and the amount of information that can be captured. SQL Server 2008 gives us more auditing capabilities, but still setting up an auditing system is a complex process. And I'm not sure there is some easy way to set up real-time monitoring and alerting that would allow you to respond to inappropriate access.
From what I can imagine a system to look like, you really need a real-time SSIS package running and moving auditing data through some data mining system to determine if there is a need to respond to some action. That's something I'm not sure is easily built with the current tools. And if it's not easily built, it's often not implemented, or not done well. Neither of which makes for an effective solution.
The next evolution in auditing is making the system able to easily audit changes in data and then alert someone to take a look, either in real time or queued up for later perusal. I'm not sure when this will get added to SQL Server, but it's something that is needed to ensure that effective auditing can be built into applications.
Steve Jones
The Voice of the DBA Podcasts
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.
You can also follow Steve Jones on Twitter:
or now on iTunes!
- Windows Media Podcast - 22.3MB WMV
- iPod Video Podcast - 23MB MP4
- MP3 Audio Podcast - 4.7MB
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.