I ran across a survey of Oracle DBAs that examined their concerns about security that I found it very interesting. Considering how much data from companies and governments supposedly resides in Oracle databases, it’s shocking to see how large a percentage of the DBAs don’t know or understand what security measures are being used in some cases. It’s also surprising to see that so many of the threats these DBAs perceive are internal threats or problems with a lack of some sort of process.
It makes me wonder if a survey of SQL Server DBAs would be any different.
My guess is that it would not. SQL Server would have a good percentage of people that don’t encrypt data, a good percentage that don’t apply patches or don’t know what processes are being used to secure and protect data. I would expect that a lack of process, lack of priority from management, and other internal threats would be concerns as well.
As DBAs, I think that the integrity of the data we deal with is paramount. We must comply to our own version of the ACID principles for databases by ensuring that data is secure, available, intact, and recoverable in the event of a disaster. If we cannot guarantee the safety of the data, we aren’t very good custodians.
The best data professionals I know leave nothing to chance. They don’t depend on their own skills or memory. They implement a process everywhere they can, and automate these processes as much as possible to ensure they are followed. As you learn how your environment should function, use code to assure yourself that the processes are followed. Then use other tools available to verify those processes are actually running correctly.
The best DBAs aren’t necessarily smarter, or more talented than anyone else. They’re often just more methodical and focused, ensuring that the work that needs to be done, gets done. Usually by coding the server to handle most things on its own.