Focus on: SQL Server Auditing & Regulatory Compliance

Welcome to SQLsmarts, Idera’s newsletter for SQL Server Professionals! We welcome your questions, comments or suggestions.
Email us at SQLsmartseditor@Idera.com.
 

In this issue:

• Announcing new SQL compliance manager v1.2: Auditing and continuous compliance for SQL Server enterprises
• Case Study: Premier Lease & Loan Services Gets SOX Compliant with Idera’s SQL compliance manager
• Article: “Surviving Sarbanes-Oxley Audits: Lessons Learned by DBAs” from Informit.com
• Tips & Tricks: SQL compliance manager

Announcing new SQL compliance manager v1.2:
Auditing & continuous compliance for SQL Server enterprises

Designed in partnership with Ernst & Young, SQL compliance manager from Idera provides real-time auditing and continuous compliance for SQL Server databases. Easy to deploy and easy to manage, SQL compliance manager continuously captures all the audit data you need to meet internal audit standards or for regulations such as Sarbanes-Oxley, GLBA, HIPAA and BASEL II.

Why Idera SQL compliance manager?

Continuous Compliance – SQL compliance manager goes beyond traditional auditing approaches by providing real-time monitoring and auditing of all data access, updates, data structure modifications and changes to security permissions. This enables compliance to be an on-going activity, rather than a one-time fire drill, enabling SQL Server DBAs to dramatically reduce the time, effort, and cost typically associated with formal auditing practices.

Self-auditing – Captured audit data is stored in a self-auditing central repository for reporting, querying and forensic analysis. If any attempts to change the policies or contents of the repository are detected an alert will be recorded and sent. This provides a trusted, immutable source of audit data that even the most discriminating auditor cannot dispute.

Powerful reporting and analytics – SQL compliance manager provides ‘out of the box’ auditing and compliance reports that were developed with advice from industry experts such as Ernst & Young. Customized reports and ad-hoc queries are also easy to generate for internal audit requirements or forensic analysis. Data can also be imported into reporting services for further reporting.

Low overhead, guaranteed, data collection – Uses only a “lite” agent with no triggers, profiling, ‘heavy’ tracing, or log scraping. Data can be streamed to the repository in real-time or sent in batches to minimize network traffic.

Rapid deployment and ease of management – A central enterprise management console allows you to quickly define audit policies and deploy SQL compliance manager agents across your entire SQL Server environment. Simply set it and forget it. Real-time or historical monitoring is also done from this central console, making it easy to manage and track audit activity over a large number of servers.

New features in Idera's SQL compliance manager v1.2 include:

Cluster Support

• Supports Active/Active and Active/Passive: For both single and multiple virtual SQL Server instances. Virtual instances are now supported within the user interface.
• Auto Failover: Services and auditing restart automatically on failover. Design assures that no data is lost.

• Now compatible with international operating systems. Also now supports single-byte special characters & context-sensitive databases

• Domains: Now audit across security boundaries within secured domains and work groups.
• Firewalls: Enable auditing without changing firewall rule sets.

Learn more about the SQL compliance manager 1.2
Try it FREE for 30 days!

Premier Lease & Loan Services Gets SOX Compliant with Idera’s SQL compliance manager

Premier Lease and Loan Services – a division of Great American Insurance Group -- headquartered in Cincinnati, Ohio, purchased Idera’s SQL Compliance Manager for assistance with multiple annual audits, including both internal and external Sarbanes-Oxley audits and internal general IT control audits.

“Our old solution required daily administration that was very time-consuming. Idera’s SQL compliance manager, however, was simple. It’s easily customizable, so you can set your environment just the way you want, and then we don’t worry about it, we know that we will be alerted when necessary,” said Heather Haake, Database Administrator, Premier Lease & Loan Services.

“Surviving Sarbanes-Oxley Audits:
Lessons Learned by DBAs”
Author: Louis Columbus
Informit.com
September 2005

If you’re a DBA and faced with Sarbanes Oxley (SOX) compliance, this article may provide some helpful tips! Louis Columbus explains how SOX, particularly Section 404, affects databases in the enterprise resource planning arena.”

Balance the auditing need with the resources available

To get the most out of SQL compliance manager or any auditing product, it is important that you first evaluate your environment and your specific needs to determine what needs to be auditing. Otherwise you may be inundated with data and may miss critical information.

Three auditing tips to consider:

• Determine the appropriate methodology of auditing
  SQL compliance manager can audit based on the instance, database, and table (for DML and Select activity). You can also limit the auditing to specific users on the privileged users tab.
   
• What are the auditing requirements for data collection?
  For instance do you need to collect all failed logins, security changes, DDL, DBCC, etc? In order to get a clear concise audit trail it is recommended to limit the audit data collected to the minimal amount required for both external auditing and internal controls.
   
• Limit auditing to critical databases
  For example, limit auditing to Select and DML auditing to specific tables. If appropriate, audit stored procedures, indexes, views. Auditing every system table may unnecessarily increase overhead and make it more difficult to follow the audit trail due to the large amount of data that is generated from SQL system specific transactions.

We want to hear from you!

Have an interesting story about how Idera product(s) have helped you?
Want to share a product tip, trick or hint?
Have product suggestions or questions?

Your feedback helps us ensure that our solutions continue to best serve your SQL Server management and administration needs. You may even find your input published here in future newsletters.

Please send your comments and suggestions to SQLsmartseditor@idera.com
 

• Microsoft Ready Launch Tour 2005
  Wash DC, Jan 11, 2006
   
  
• Little Rock .NET
  Tech Expo
  March 9, 2006

Seven Steps to Successful SQL Server Auditing
 
Simplify and dramatically reduce the cost and time associated with ensuring compliance to internal and external standards.
 
DOWNLOAD NOW!