What are best practices for security practices for SQL Server?

by Aug 7, 2020

There are several examples where data theft has brought organizations to a halt or resulted in a bad press that will leave a tarnished image. For example, in 2017, Equifax disclosed that the personal information for over 145 million people was exposed, including social security numbers and credit card numbers. In 2018, Facebook suffered at least two separate data privacy incidents, affecting over 90 million user accounts. There are many more horror stories from banks, financial institutions, healthcare providers, and retail organizations in the recent past and they get even scarier as we move into this digital only world. As organizations look at security as a first-class citizen and work on it proactively, these incidents will still keep happening and one will always be playing the catch-up game.

A deep introspection can get one into thinking about security differently. What about security in the software we develop? Why is security not a consideration during the design phase itself? Securing data is one of the most important aspects for keeping trade secrets from prying competition.

Security is a core area and non-negotiable for mission-critical applications. One knows how organizations have lost business and lost respect in the industry because of lack of security measures. With every release of SQL Server, there are tons of additions that get added as part of the platform. It is important to use them in our application deployment design so that loopholes can be avoided.

Read the 13-page whitepaper “SQL Server Security Practices to learn about general best practices as they developed with SQL Server versions. The whitepaper also reviews specific sysadmin privileges and how one can secure servers using some permissions added in SQL Server. The whitepaper also explains how one needs to implement security measures within their deployment of SQL Server. These are like checklists database administrators do not want to miss when working with a database engine like SQL Server. Specifically, the whitepaper covers details around the logins and authentication area.

Click here to download the PDF file.

The presenter, Pinal Dave, is a developer evangelist. He has authored eleven SQL Server database books, 14 Pluralsight courses, and over 2,900 articles on the database technology on his blog at http://blog.sqlauthority.com. Along with over ten years of hands-on experience, he holds a Masters of Science degree and several certifications, including Microsoft Certified Technology Specialist (MCTS), Microsoft Certified Database Administrator (MCDBA), and Microsoft Certified Application Developer (MCAD) for the .NET Framework. His past work experiences include Technology Evangelist at Microsoft and Senior Consultant at SolidQ.