Transcript

Expand

Hi. Welcome to our IDERA Virtual Education. In this video, we are going to talk about the SQL Column Search product. It is a tool to help you understand and identify where your sensitive data likely resides within SQL Server. So what it does, it allows you to configure a search based off of different string names. And being able to identify what is likely to be sensitive data within your database. If you would like to add or create new custom strings, you can also have the tool search for those strings as well. When you are setting up your search string configuration settings. Now in my case, what I want to go ahead and do is just kind of point you to this. What we are doing here the items that you see checked or the items that we are looking for in this case. Now what we are going to show you in this video is going to show you how you can take the data that has identified within the SQL Column Search product and then be able to export that out. And we will show you then how you can import that data back into the IDERA SQL Compliance Manager product. So for those of you that are using SQL Compliance Manager, it makes it really easy for you to obviously, first of all, identify where the sensitive data is. It also makes it easier for you to administer that. In SQL Compliance Manager just say these are the columns that I want to audit. Now that said, obviously once that happens, the benefit is the SQL Compliance Manager can then report against that activity, can alert against that activity. And you can show a full accounting of anybody that has accessed that sensitive data. Which is obviously really important. In most cases to auditors that you might be dealing with when you are dealing with certain types of regulatory requirements like payment card industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX). You know just to name a few. So that has said, let us go ahead and get started and show you how we do this. The first thing we need to do is configure the search. And that has going to be done in this view here. And as I said before, you can create and customize your own strings of data which we will not do in this case. But what we will do is, we are going to point it to an instance. So let me go ahead and first connect to that instance. And once I have connected, then we have the choice of database. Or even down to the table in terms of what we want to analyze. And I can also look through all databases mind you. But in our case, we are just going to search against our healthcare database. So I select the healthcare database. I can then leave it open-ended. And of the tables. And I am just going to go ahead and perform that search. So what when I do that now. As you can see it is quickly coming back. And show me the columns that were identified that our suspect to be containing sensitive information. And so that I could go through and validate that. And then when I am ready I could go out and export this information to a comma-separated value (CSV) file. So when I do this just notice a couple of things. I am going to go ahead and export it. And I am just going to copy this path. So we will have it for later. And the demonstration here. And let us save it over this one that we had used before as an example. So now I have saved it and I want you to notice it is in the comma-separated value (CSV) format. In order to actually get this to import into SQL Compliance Manager, there is a couple of steps we need to do to massage the data. The first is to remove the header, okay. The second is to remove the last three columns in the output, all right. So now we are just dealing in terms of the database and then the columns in the tables themselves. So what I am going to now be able to do is I am going to save this. So save it again. We will save it as an Excel workbook. actually I am sorry. Changing that to a comma-separated value (CSV). Making sure that it is a comma-separated value (CSV) format. After we have deleted the header and the right three columns. We save it again. So now that I have done that, let us go ahead and close out of Excel. And we will show you how we would actually go through the import of this. And the way that that has going to be done. As we would go into SQL Compliance Manager. And we would need to select the instance that we would want to import against. and then all we need to do is go to the auditing menu. And choose to import sensitive columns from a comma-separated value (CSV). And when I do that I am going to browse, in this case to the location where we saved that information. And now that I have done that we can surely see all the columns that we have identified as part of our search. And when I say OK, I can validate now that if I go to properties and go over here to sensitive columns for that database. We now see all of those columns are populated in this view. So I did not have to actually go in and manually select each one. And obviously this is just a small example of how this can benefit you but from a time efficiency standpoint. Obviously if the larger environment the more valuable this is to you in terms of being able to search find quickly the sensitive information and then import it into the tool that is performing your auditing. So hopefully this has been helpful to you. If you would like to try either of these two products as I mentioned before the SQL Column Search product is free. So you can go out and use that all day long. The SQL Compliance Manager product is a paid-for tool from IDERA. But if you would like to try it you can go up to our website and try it for 14 days. And it is going to let you know some of the benefits of the SQL Compliance Manager product are that it lets you selectively audit the areas where sensitive data resides rather than having to audit everything. It is very low overhead, low maintenance type of solution. And it is very helpful in situations as I mentioned where you have either an auditor coming on-site asking you a lot of questions. Or if you just have your own internal compliance officers that you want to appease. Or maybe part of your change control process. Just validating who is making changes to what and when. Thanks again for watching this video. Hopefully, it helps and we will see you next time.

Using SQL Compliance Manager and SQL Column Search to Identify and Audit Sensitive Data

IDERA SQL Compliance Manager allows you to audit sensitive data within an SQL server database so you can know who did what, when, where, and how. Track changes to the database, be alerted to suspicious activity, and satisfy audits for PCI, HIPPA, SOX, and FERPA. Learn More →

IDERA SQL Column Search free tool is a simple and powerful tool to help DBAs identify potentially sensitive data in an SQL Server database. Search a specific database or table or the entire instance. The tool comes with 45 pre-configured search strings or you can define your own. View results in the tool or output to CSV for analysis or to import into SQL Compliance Manager to audit. To import simply save results as a CSV file, then open that file and remove the header row and last three columns and save it as a CSV again.

Start a FREE Trial of SQL Compliance Manager
Share This
Contact IDERA: