Keeping an organization’s SQL Servers secure is the supporting DBAs’ most critical responsibility. The performance and availability of the databases are certainly also important and cannot be neglected. But having the fastest response time or maintaining uninterrupted access for decades will not be the thing that’s remembered when your system suffers a data breach. It will be the ramifications of the compromised sensitive data that you failed to adequately protect.
The increasing value of enterprise data makes it one of the company’s most important resources. Many organizations have databases that contain personally identifiable information (PII) on their customers and employees. These make attractive targets for hackers who can compromise thousands of individuals in the wake of a data breach.
Public concern over data breaches is increasing as more people conduct business online and corporations store larger amounts of data that need to be protected. Regulations like the GDPR are designed to hold organizations accountable for protecting the personal information they have collected. In the U.S., legislation was introduced in late 2019 that would impose fines and potentially jail executives of firms that violated data privacy rules.
So it’s safe to say that there’s not a DBA out there who wants to have their system breached. There are some things you can do to minimize the chances that a breach happens to your databases.
Best Practices for SQL Server Security
Here are best practices that should be followed to attain the highest degree of security for your SQL Server environment.
- Isolate the SQL Server to protect it from other compromised applications or services. If possible, you should consider using a restricted network segment to offer further protection.
- Avoid installing unnecessary software or activating extraneous features on the system running SQL Server. This eliminates the possibility that attackers can get to your database through other apps that have been compromised.
- Keep all SQL Server tools and applications updated and install security patches immediately. Obsolete software can often be exploited by determined hackers.
- Manage logins by deleting credentials that are no longer needed and implementing strong password policies for administrator and root accounts. SQL Server security audits should be performed regularly to identify irregularities and demonstrate compliance with regulatory standards.
- Restrict access by following the principle of least privilege. Users should only have the level of access required to do their jobs. Run SQL Server as a local account on Windows machines to minimize potential problems with compromised user accounts.
- Protect against SQL injection attacks by instituting measures such as refraining from dynamic SQL and minimizing the information available in error messages.
- Perform continuous monitoring of your SQL Server environment. This can alert you to suspicious activity that may indicate your systems are under attack and enable you to take the appropriate action to protect them.
- Control access to backups which can be an overlooked element of providing security in all areas of the IT environment. Since backups contain the same information as your systems, they should receive the same level of protection as the original systems.
A Tool to Help Enforce SQL Server Security
IDERA’s SQL Secure can help DBAs lockdown their SQL Servers with a host of features that enable comprehensive security analysis and reporting. The tool can be used for physical and virtual instances of SQL Server in on-premises data centers and the cloud. SQL Secure does not install any components on the SQL Servers and uses a web-based interface that is compatible with all popular browsers.
Some of the specific tools that SQL Secure provides DBAs include:
- Analysis of user database roles and effective rights indicates areas that need to be addressed to close security holes.
- Detection of weak or blank passwords and unresolved Windows accounts is provided when viewing all logons on the target server.
- A complete history of SQL Server security settings is stored to be used as a baseline for comparison and to provide an audit trail for compliance reports.
- Powerful reporting capabilities that include standard and customized reports give you detailed information for security auditing and demonstrating compliance.
SQL Secure can help harden your SQL Server security policies and provides templates designed to assist in complying with many regulatory policies like GDPR, SOX, HIPAA, and PCI DSS. DBAs can identify vulnerabilities and prevent security violations that might put their organization’s information resources at risk. Then they can address other issues like speeding up the performance of their databases.