There are several examples where data theft has brought organizations to a halt or resulted in a bad press that will leave a tarnished image. For example, in 2017, Equifax disclosed how malicious actors exposed the personal information of over 145 million people, including social security numbers and credit card numbers. In 2018, Facebook suffered at least two separate data privacy incidents, affecting over 90 million user accounts. There are many more horror stories from banks, financial institutions, healthcare providers, and retail organizations in the recent past, and they get even scarier as we move into this digital only world. As organizations look at security as a first-class citizen and work on it proactively, these incidents will still keep happening and one will always play the catch-up game.
A deep introspection can get one into thinking about security differently. What about security in the software we develop? Why is security not a consideration during the design phase itself? Securing data is one of the most important aspects to keep trade secrets from prying competition.
Security is a core area and non-negotiable for mission-critical applications. One knows how companies have lost business and lost respect in the industry because of a lack of security measures. With every release of SQL Server, there are tons of additions that get added as part of the platform. It is important to use them in our application deployment design so that you can avoid loopholes.
Read the 13-page whitepaper “SQL Server Security Practices” by Pinal Dave to learn more about general best practices as they developed with SQL Server versions. The whitepaper also reviews specific sysadmin privileges and how one can secure servers using some permissions added in SQL Server. The whitepaper also explains how one needs to implement security measures within their deployment of SQL Server. These are like checklists database administrators do not want to miss when working with a database engine like SQL Server. The whitepaper covers details around the logins and authentication area.