Basic SQL Server security principles you can't afford to miss

People in management – especially IT management – often refer to the terms accountability, compliance and risk management. "They're our goal and our process and that's how we do it here" is the mantra. Yet, the very essence of the business's existence – its electronic databases – often lacks even the most basic security controls. To keep database security in check, you've got to have them. There's no amount of technical controls that can fix this gaping hole and prevent breaches long term. Unfortunately, it's the big iron firewalls, fancy database intrusion prevention technologies and database encryption that are getting all the attention.

If you step back and look at your database environ

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SQL Server Security The keys to database backup protection for SQL Server Understanding transparent data encryption in SQL Server 2008 The fine line between not encrypting your databases and breach notification Securing SQL Server with access control, login monitoring and DDL triggers SQL Server security: Controlling access via database roles Implementing security audit in SQL Server 2008 New security features in SQL Server 2008 leave some work for you Can I encrypt and restore a database backup in SQL Server 2005? FAQ: How to troubleshoot and grant SQL Server permissions Secure SQL Server from SQL injection attacks SQL Server Management A first look at Microsoft SQL Server 2008 R2 Maintaining high availability of SQL Server virtual machines Creating fault-tolerant SQL Server installations Using Microsoft Hyper-V for SQL Server consolidation Scaling up vs. scaling out with SQL Server 2008 Migrating to SQL Server 2008 and leveraging new features Testing a SQL Server environment before an upgrade Does upgrading to SQL Server 2008 fit your business? Meeting business needs with SQL Server full-text search Using dynamic management views to improve SQL Server index effectiveness

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary data corruption  (SearchSQLServer.com) data hiding  (SearchSQLServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ment closely, it's easy to find many real-world weaknesses where not using the practices of least privilege, delegated administration and separation of duties shines clear. SQL Server database security weaknesses include:

These data security weaknesses can, at the least, lead to an unnecessary remote system compromise and malware infection. More important, they create accountability and oversight problems and lead to the situation where no one is truly responsible for security of the system.

If you want to buy yourself better SQL Server database security, then focus less on fancy security products and technical controls and more on the basics of security operations. It's hard to fight the marketing machine and their all-in-one technologies that can harden your database environment virtually guaranteeing security and compliance. But go against the grain. Set your sights on getting your processes right first.

Once you have the basics down pat, you can then go about finding ways to automate your controls to take some of the effort out of the process. This will have the double benefit of closing that ever-evasive change management loop and providing a rock solid database environment that you know you've gone the extra mile to lock down.

[TABLE]

Rate this Tip To rate tips, you must be a member of SearchSQLServer.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.