SQL Server Security.
Evenryone's least favorite subject.
Security of data is of paramount concern. We offer a fair, intimidation-free, shaming-free, unbiased security review of your system to help you improve your SQL Server security configurations.
Securing a SQL Server is a never-ending process. There are always some aspects to nit-pick at, no matter how well you secure the system. Let us help you navigate this often murky territory.
Our approach: Are you sufficiently secure?
If you are asking if you have perfect security, you are asking the wrong question. If you are asking if all the best practices are implementd, that's still the wrong question. Here's what we believe and what we do: You must first know what is secure enough in your particular situation. Here are some items to consider in order to define what is sufficiently secure for you:
* Your integration partner's security requirements
* Your integration partner's business requirements
* legal/contractural obligations
* Your budget
* Your hardware resources
* Your human resources
The idea here is to define your own version of security requirements, document them, and then implement them.
Step 1. First, we help you nail "How secure is secure enough" and help you document it.
* Do we allow SQL Server Authentication? Yes/No?
* Do we allow plain text file storage of passwords? Yes/No? (no shame in it if you say YES, it's okay)
* Do we allow unencrypted credit card digits in tables? Yes/No?
* Do we allow Server Administrators and Domain Administrators to work on SQL Servers?
* Do we allow anyone in the company to grant remote desktop access to outsiders?
* Do we want to keep production backups out of reach for developers?
This step is not meant to be an interrogation, but rahter a discovery process in which there is no shame to any answer. If your organization agree that SQL Server Authentication is needed for a legacy app, it's okay. We Just write it down as such. You get the idea.
Step 2. We help you find and fix the discrepancy.
We'll work with you to gather pertinent information for your organization. While you can do this all on your own, if you engage us, we'll provide you with our exprience and insights along the way, provide you with questionnaires, lists and tools, making your job easier. You are still in the driver's seat, we are the nagivators.
We hope that now you see, we will not come in to your organization, go down the static list of best practices and ding you on the items that do not meet the criteria. That's not what we do: if you wanted that, you could go to MSDN and do it yourself for free, or contact those very expensive consulting firms. What we will do, is to help you document what your busienss really need from an unbiased, professinal, third-party perspective, and then help you implement it.