Get your SQL Server security goals in order

For example, you've made your New Year's resolutions and you've vowed to finally work on database security to limit security weaknesses. They are the same things you meant to accomplish last year – and maybe even the year before.

Why is it that we make resolutions like these but they never seem to stick? It's because resolutions don't work. They're a short-term motivation at the beginning of each year, but then we get busy and the things we wanted to do get pushed to the side day after day and month after month. Before we know it, the New Year is upon us. Again.

This cycle of continuous let-down is actually pretty simple to fix. It's called goal setting. The difference between resolutions and goal setting is rather small, but it can make a profound difference in how much you accomplish on your job. We often resolve but we don't lay out specifics for getting it done. With goal setting, you dream up what you want to happen in the same way, but then you write out clear, concise steps on how to make things happen. You also assign deadlines to hold yourself accountable. Then it's just a matter of sitting down and doing it slowly over time.

Determine your SQL Server security needs

It's one thing to say (or assume) you're going to have a secure SQL Server environment. But what does that mean? How do you take action? It starts with saying things like, "I'm going to work with management this quarter to put together some database-related security policies and next week I'm going to harden my SQL Servers based on the CIS Benchmarks." Or, "We're going to hire an outside firm to perform a security assessment this year." You'

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SQL Server Security Setting up SQL Server Service Broker for secure communication The keys to database backup protection for SQL Server Understanding transparent data encryption in SQL Server 2008 The fine line between not encrypting your databases and breach notification Securing SQL Server with access control, login monitoring and DDL triggers SQL Server security: Controlling access via database roles Implementing security audit in SQL Server 2008 New security features in SQL Server 2008 leave some work for you Can I encrypt and restore a database backup in SQL Server 2005? FAQ: How to troubleshoot and grant SQL Server permissions Database Administration Setting up SQL Server Service Broker for secure communication Top load balancing methods for SQL Server Performance implications of transaction log autogrowth in SQL Server The keys to database backup protection for SQL Server Understanding transparent data encryption in SQL Server 2008 Working with sparse columns in SQL Server 2008 Determining the source of full transaction logs in SQL Server Implementing SQL Server 2008 FILESTREAM functionality Improving SQL Server full-text search performance Using the OPENROWSET function in SQL Server

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary data corruption  (SearchSQLServer.com) data hiding  (SearchSQLServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ll likely have both short- and long-term goals. Once you start thinking about what's needed with regards to database security – that is, what you can do to help reduce business risks – you can start writing out specifics.

The following are sample short- and long-term SQL Server security goals you may want to shoot for this year in order to limit database security weaknesses:

Short-term goals

Long-term goals

Where the rubber meets the road

Notice that the goals listed above are written in present tense. This makes each objective more action-oriented and helps program your subconscious mind that "this is how things are." By reviewing your goals every day – or at least every other day – you'll soon be making decisions subconsciously that help you work toward your goals. This isn't some New Age psychology hocus-pocus. These are proven methods for goal setting that I've learned from others, and they work.

Assuming that management at least understands some semblance of database security and the associated business risks, by carrying out the following steps, nothing should get in your way of attaining your SQL Server security objectives:

I know it's a lot easier said than done when you've got a hundred things to juggle at any given moment. But if you sit down and write out what you want and need to accomplish in your job and then take small steps every day, you can make it happen.

Always remember that everything you do counts with regards to database security and creating a more secure SQL Server environment. Likewise, everything you don't accomplish will push you further away from your goals. If you ditch the resolutions and take responsibility for making your goals happen, you'll undoubtedly help your business and yourself to make for a great 2008.

[TABLE]

Rate this Tip To rate tips, you must be a member of SearchSQLServer.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.