Data Protection

Security in the world of data has become very important.  Computer viruses, Identity theft, hacked websites and more have put “data security” at the forefront of this new era of "having lots of data and storage."  This is the first time in known human history that we have been able to store as much data as we have!  Even at this very moment that you are reading this, data storage technology is improving at radical speeds.  Not only are we able to store more data than we could yesterday, but we are now able to retain, save and archive this data with better safety precautions.  Increased Disaster recovery plans over time have given us the abilities to have more insight so that data will tell us what we have done wrong in the past as well as how we can improve our future.  Companies are now realizing that data is what acquires new customers, retains customers, generates money, etc… Bottom line - data doesn’t lie!  I can go on and on about the importance of protecting data.  Here are a few security items mentioned in my new song:
​

1. Physical protection – Where does your data live?  Is the server in a secure location? Who has access to it?
2. Disaster Recovery – Can your infrastructure handle a disaster?  Having a cloned server at a different site that can assist with keeping the database going just in case.
3. Firewall – Network security that can monitor traffic in and out of servers.
4. Update fixes – It is important to install updates to address bugs and security issued from time to time (my song says always… but … it depends)
5. Disable unused data protocol – for example… if you are using TCP/IP – disable shared memory and named pipes.
6. Monitoring – alerts against the database can help out tremendously.  Long queries, failed jobs, storage issues, etc…
7. Transparent Data Encryption – Encrypts data at rest: Data files, Logs and backups.
8. Xp_cmdshell – Allows admionitrators to use command shell through SSMS or t-sql
9.  Disable SA – This is a default account.  Knowing that there is a login called SA gives a hacker 50% closer to his goal!
10.  Passwords – change your SQL login or Windows authenticated password from time to time.
11.  SQL Browser – This service can really come in handy where there are multiple instances of SQL Server running on a server.  It should be disabled on single instance servers.
12.  SQL Injection – Within application code, nasty sql statements can be scripted within the entry fields to do unimaginable things within a database.  In my song, I make a funny about the developer handling this issue, but in fact, having the right database permissions can also help to eliminate SQL injection.
13. Always encrypted – Encrypts sensitive data and only those with key can see data.
14. TLS – or Transport Layer Security is a protocol that provides security over a network between two applications.
15. Row Level Security – This feature allows the admin to restrict a user or role’s access to the row level only.
16. DDM – or Dynamic Data Masking limits the amount of sensitive data seen by user.  For example:  having the last 4 digits of a social security number or bank account card shown as opposed to having the complete number exposed.
17. Data – My last statement or lyric in this song is a theory that puts in perspective the importance of data.  It may come across as crude, but I mention that the data is more important than a company’s hardware, real estate and/or even people
    
    ​ 

A FEW REFERENCE Sites:
 https://www.mssqltips.com/sqlservertip/3159/sql-server-security-checklist/
http://searchsqlserver.techtarget.com/tip/Microsoft-SQL-Server-security-best-practices-checklist/
​