|
Click here to forward-to-a-friend! Send a colleague the SQLsmarts e-newsletter to keep them up-to-date with current tips and information for managing SQL Server data. |
|
|
|
|
|
|
|
|
|
|
 |
|
SQL Server Security & Compliance Resources from Idera |
| |
On Demand Webcasts: |
|
Understanding SQL Server Security
View it now! |
|
Best Practices in SQL Server Security & Compliance
View it now! |
| |
|
| |
SQL Server Management Resources from Idera |
| |
On Demand Webcasts: |
|
|
|
|
|
|
Tradeshow:
DevConnections 2008
Nov. 5-8, 2007
www.devconnections.com
Local Seminars:
"Achieving SQL Server Compliance:
How to make your auditors happy in 2 minutes or less!"
New York City
November 13 | 5:30 p.m.
Register here now
Boston Area
November 15 | 8:30 a.m.
Register here now
Webcasts:
"Creating, Managing & Reviewing Jobs with SQL Server 2005"
November 13 | 2:00 p.m. CST
Register here now
"Troubleshooting and Maintaining SQL Server 2005"
November 20 | 2:00 p.m. CST
Register here now |
|
|
|
|
|
| |
|
|
|
Focus on SQL Server Security & Compliance
- Just announced: SQL compliance manager version 3.0
- Survey finds that companies are lacking sufficient database security and compliance
- "Data Security in 5 Steps!" eWeek article excerpt
- NEW On Demand Webcast: "How to Secure, Monitor and Audit your databases"
Just announced:
SQL compliance manager version 3.0! |
|
New “compliance scorecards” let you quickly see all SQL Server compliance alerts, user activity, key events, and trends |
SQL compliance manager tells you who did what, when and how with powerful, low-impact auditing, alerting, and compliance reporting across all of the SQL Servers in your environment. SQL compliance manager will help you ensure compliance with internal audit standards or federal regulations such as Sarbanes Oxley, PCI DSS, GLBA, and The Patriot Act by tracking any or all SQL Server user activity or events, providing an immutable source of audit data, and offering pre-defined audit reports.
New features in SQL compliance manager v3.0 include:
Enterprise, Server and Database Activity “Scorecards”
Summarizes key database security and compliance information in a single screen so that you can quickly determine if your SQL Servers rate a PASS or FAIL on key compliance criteria. Also gives you at-a-glance visibility of alerts, failed logins, privileged user activity, overall activity, and more.
Alert thresholds
Customize warnings so that you will be alerted if server activity exceeds normal levels.
Auditing templates
Create audit rules, event filters, and alerts to address common auditing needs. These can be used as common templates across multiple servers and users.
Enhanced reporting
Provides a comprehensive catalog of over 25 key compliance reports in the SQL compliance manager console and SQL Server Reporting Services to enable easy customization.
New management console design
Based on Microsoft Office 2007 “ribbon” motif.
Custom Views
Quickly create and save your own views of audit data, filter and sort though millions of events to highlight the most important details.
Trusted User
Allows specific users to be defined as “trusted” and therefore excluded from auditing activity. This is particularly useful for self-auditing ERP systems such as SAP and eliminates large amounts of unneeded audit data.
Other Security & Compliance Tools from Idera
SQLsecure analyzes user & group permissions across SQL Server, Active Directory and Windows so that you know exactly who can access what on your SQL servers:
- View user and group effective access rights
- View inherited rights on server or database objects
- Highlight concerns such as suspect Windows accounts
- Track changes to your SQL Server security model
- Satisfy audit requirements with entitlement reports
Survey Reveals Companies Lack Sufficient Database
Security & Compliance
According to a PASS Insights Study conducted by Idera and Unisphere Research in May 2007, most companies still have significant room to improve database security and compliance practices. The research surveyed over 200 members of the Professional Association for SQL Server (PASS) and found that most companies:
- Are not able to audit changes made directly to the database versus those made by a business application -- leaving open a “back door” where privileged users could violate data security policies with no audit trail.
- Have no procedures to notify administrators when a company’s compliance or security policy has been violated. Typically the more time that passes between a violation and detection/reporting of that violation, the higher the resulting business impact.
- Cannot guarantee the integrity of their audit data. As a result, users with access to the audit data could potentially clear their tracks after accessing confidential financial or customer databases.
- Are relying on inadequate home-grown or “cobbled-together” solutions to manage compliance.
- Have difficulty getting funding for the additional hardware, software, and manpower that is needed to manage compliance and compliance data effectively.
"Data Security in 5 Steps"
By Brian Prince
eWeek
September 5, 2007
Forrester Research analyst Noel Yuhanna stresses that enterprises need a database security plan.
“Monster.com, TJX, Pfizer—the list of companies and organizations affected by database breaches grows bigger and badder every week, but most enterprises remain focused on the perimeter and ignore the database. Some 80 percent of enterprises lack a basic database security plan, according to Forrester Research surveys.”
NEW On Demand Webcast: "SQL Server Security:
How to Secure, Monitor & Audit Your Databases"
Hosted by: SQL Server Magazine & Idera
Speaker: Randy Wilson Smith, UltimateWindowsSecurity.com
In this webcast, we discuss:
- Challenges of DB security
- The three layers of security in most systems today
- Why secure the database layer?
- Challenges securing the database layer
- Best practices for securing, monitoring & auditing SQL Server databases
- Tools to help you secure SQL Server:
Idera SQL compliance manager & SQLsecure
SQLsmarts is Idera’s monthly newsletter for SQL Server Professionals.
We welcome your questions, comments or suggestions! Tell us more about how you’re using any of Idera’s products and we’ll send you a free Idera “SQL Server Superhero” t-shirt! Email us: SQLsmartseditor@idera.com.
Thank you! |
|
