Tag Archives: security

Deploying Row Level Security with SQL Compare

Row Level Security (RLS) is a great new feature in SQL Server 2016. It’s been in Azure SQL Databases for some time, but we now have it on premise. It’s easy to setup and use, and worth taking a look … Continue reading

Posted in Blog | Tagged , , , , | Leave a comment

Security is Getting Serious

OK, if we can’t trust computer chips, what do we do? It almost feels like the security war to protect information, or at least keep it private, might be lost before our very eyes in the next decade. There’s a … Continue reading

Posted in Editorial | Tagged | Leave a comment

DevOps and Security

DevOps is a buzzword these days, and like many of the hyped concepts written about, it has a lot of meanings. There is this idea releasing software more often, using automation, having various groups talk to each other, and more, … Continue reading

Posted in Editorial | Tagged , | Leave a comment

The Penalty for a Data Breach

Many of us that work with data are somewhat insulated from the effects of a data breach. Each of us is responsible for writing software, managing the database platform, perhaps even in charge of configuring security. However, in the event … Continue reading

Posted in Editorial | Tagged | 2 Comments

Paying for Data

Would you recommend your organization pay a ransom to get the key to decrypt data that’s become encrypted on your database systems? What if the data were encrypted in backups going back two weeks? It’s an interesting question, and one … Continue reading

Posted in Editorial | Tagged , | Leave a comment

Half Baked Features

I gave a talk recently on some of the data protection features being added in SQL Server 2016, along with a few that have been available for some time. I think the talk went well, but I point out lots … Continue reading

Posted in Editorial | Tagged , | Leave a comment

The Proliferation of Roles

The best practice guidance for SQL Server security is to use roles for permissions, instead of granting rights to users. I’ve always followed this guidance in my career. I’ve learned that if one person needs access, sooner or later someone … Continue reading

Posted in Editorial | Tagged | Leave a comment

Am I a sysadmin?–#SQLNewBlogger

Another post for me that is simple and hopefully serves as an example for people trying to get blogging as #SQLNewBloggers. I was doing some security testing and wondered if I was a sysadmin. There are a few ways to … Continue reading

Posted in Blog | Tagged , ,

The Pen Test

We need something like the Air Force project seeking network vulnerabilities for our database systems. While there are tools that can help from the outside, but we need SQL Server specific tools. Why don’t we have a Best Practices Analyzer for … Continue reading

Posted in Editorial | Tagged

Changing the sa Password with SQLCMD

Another post for me that is simple and hopefully serves as an example for people trying to get blogging as #SQLNewBloggers. I wanted to make a quick note on changing the sa password, as this is a sensitive account, and … Continue reading

Posted in Blog | Tagged , , , | 1 Comment