Typically, small to medium enterprises create and administer their databases in such a way as to ensure high performance and immediate data availability; security becomes a secondary concern. If you’re deploying SQL Server databases, it’s important to ensure that your database integrity is protected from malicious threats and unauthorized access, as this is pivotal to ensuring business continuity in the event of disaster.
Today, there are increasing instances of database breaches as well as disasters that affect businesses’ information banks. This is because databases store the business’s most important asset: information, and all in a single location. For small businesses, these are much easier breached since they lack resources to employ state-of-the-art protection strategies.
So how can today’s entrepreneur keep their SQL Server databases safe?
1. Understand the risks
Just because you are a small company in your local town doesn’t mean you are safe, even if you don’t store your sensitive customer information in a database that is connected to the web. Research has shown that about 70% of breaches in databases arise from internal sources – not over the internet.
It may be difficult to pinpoint who an internal attacker might be, given that the biggest risk factor to the safety of the database is the DBA himself. Given the level of expertise and leeway required for proper performance, it can be hard to identify a malicious DBA. They may alter information in a database without your knowledge.
To take care of this, ensure that your database system records a foolproof method to log every transaction carried out on the database. This database monitoring tool should be secure and accessible only to you.
2. Prioritize security
If you have employed a DBA, ensure that they make upholding database security and ensuring that backups are up-to-date a priority. On average, DBAs in smaller businesses only spend 7% of their time ensuring/upholding database security. This is normal, since as earlier said, much of the SMB’s needs relate to ensuring performance and availability. However, if you are to keep your databases secure, this must change.
3. Confirm security capability
Most databases, including SQL Server, do not have many out-of-the-box security-enabled features. It’s up to you and your DBA to define your backup schedule, establish authentication controls and user permissions, among other security features. Most databases have the three main security features: authorization, authentication and access control. However, these must be defined within the parameters of your business and enabled.
4. Evaluate patch levels
Before using your database, examine the configuration system and identify any potential vulnerability e.g. default user names and default access features, among others. A comprehensive assessment at the start can save you a lot of effort in future. You can use free or premium database vulnerability scan tools which are commercially available.
5. Protect the backup
Every production database should have an owner/’gatekeeper’ responsible for ensuring its integrity. However, once a backup copy of the database is created, this is not given as much attention. This creates an internal threat, especially since different staff members have appropriate permissions to access the backups from where they can do what they want.
Ensure your backups and recovery files are stored with the same level of security as the original database, and are subject to similar checks and balances.