{"id":17,"date":"2014-08-27T10:54:45","date_gmt":"2014-08-27T10:54:45","guid":{"rendered":"http:\/\/sqlity.dev.lbdesign.eu\/?page_id=17"},"modified":"2014-11-09T17:37:26","modified_gmt":"2014-11-09T22:37:26","slug":"database-audits","status":"publish","type":"page","link":"https:\/\/sqlity.net\/en\/services\/database-audits\/","title":{"rendered":"Database Audits"},"content":{"rendered":"<h2>Your SQL Server Database Audit<\/h2>\n<p>\nDatabase auditing is critical for compliance reasons and database security. It enables you to detect suspicious activity and establish accountability after the fact. Also, while database auditing cannot directly prevent malicious acts, it can have a deterrent influence on would-be adversaries. Remember, about 75% of all breaches are caused by internal personal.\n<\/p>\n<p>\nOur experience includes working with clients requiring compliance with PCI (payment card industry), Sarbanes-Oxley and HIPAA. We\u2019ve worked with businesses of all sizes from small businesses with a single database to large scale database installations for a Fortune 50. This means we understand the different database auditing techniques and requirements.\n<\/p>\n<h2>Here are 3 SQL Server Auditing Techniques:<\/h2>\n<ul>\n<li>SQL Server Audit \u2013 This technology is built on the mechanisms of extended events. That means that it can be used to monitor on a very fine-grained scale deep inside the SQL Server engine. However, it is based on a platform that provides this functionality with minimal performance impact.<\/li>\n<li>Application Audit \u2013 Depending on your unique requirements, this technique might be advantageous. It enables you to provide a unified experience to the auditor while not only auditing database access but also application activity not related to the database.<\/li>\n<li>External \u201cHardware\u201d Auditing \u2013 This third technology is based on systems that sit outside your application or database servers. It employs technologies like network monitoring and enables a unified auditing experience across an entire organization. These tools provide the same interface while auditing across different applications and even different database platforms.<\/li>\n<\/ul>\n<p>\nWhen designing your database auditing strategy, what questions should you ask? Potential questions fall into two categories: Static or preventive and dynamic or reactive.\n<\/p>\n<p>\nPreventive questions help you discover areas where the Least Privilege Principle is not followed. Examples for preventative questions are:\n<\/p>\n<ul>\n<li>Who has sysadmin rights? Who needs sysadmin rights?<\/li>\n<li>Who has and who needs other forms of elevated permissions like dbo?<\/li>\n<\/ul>\n<p>\nReactive questions however try to provide the information needed to investigate after the fact. Examples are:\n<\/p>\n<ul>\n<li>Who accessed the database and when?<\/li>\n<li>What SQL statements were issued?<\/li>\n<li>Was important data modified?<\/li>\n<\/ul>\n<p>\nWhen sqlity.net handles your database audit, you can have the peace of mind that it will provide answers to the right questions.\n<\/p>\n<p>\nDo you know the #1 thing we find with new clients?\n<\/p>\n<h2>Most Databases Have Security Gaps<\/h2>\n<p>\nIn our experience, we find security is often overlooked or an afterthought. It takes a backseat to functionality and performance because people take shortcuts in the rush to finish a project. They\u2019re up against a deadline and they think they\u2019ll have time to come back later to fix it. But often that does not happen because something else \u201cmore important\u201d takes precedence.\n<\/p>\n<p>\nThen, the unthinkable happens.\n<\/p>\n<p>\nTarget, Adobe, Home Depot, the American Military VA, Community Health Systems, the list goes on. From major retailers to renowned research hospitals, no one is impervious to a data breach.\n<\/p>\n<p>\nDid you know that each customer record affected by a breach could cost your company $188(USD)? Multiply that by the number of records your company stores. How many millions is it? And this calculation does not even take the inevitable PR nightmare into account. Nobody likes to do business with a company affected by a breach.\n<\/p>\n<h2>Introducing: The Sqlity.net Database Audit Plan<\/h2>\n<p>\n<strong>Peace of Mind for your SQL Server Security Questions.<\/strong>\n<\/p>\n<p>\nA surprising number of businesses leave their SQL Server security to chance. In the event something happens, they\u2019re faced with loss of customer trust and costs that easily go into the millions.\n<\/p>\n<p>\nDon\u2019t leave security to chance. You likely already have many types of insurance for your business. Your SQL Server security is as important as any type of insurance policy. After all, the data in your database is the lifeblood of your company.\n<\/p>\n<p>\nDo you store credit cards or other payment related information? Do you have to comply with HIPAA regulations? Is your company affected by the Sarbanes-Oxley Act? Do you handle other protected PII? If you answered yes to any of these questions, you are likely also required to follow increased audit log requirements. These requirements include detailed data access logs identifying the individual person and the type of access. Does your current database audit plan live up to these requirements?\n<\/p>\n<p>\nCall us now to discus these questions:\n<\/p>\n<ul>\n<li>What type of data access do you want to audit?<\/li>\n<li>What are your legal audit requirements?<\/li>\n<li>Which are the best tools to achieve the task?<\/li>\n<li>How do you make sure that your auditing system stays effective in the long run?<\/li>\n<\/ul>\n<p>\nOur experience includes compliance with PCI (payment card industry), Sarbanes-Oxley and HIPAA. Don\u2019t wait for the Auditor. Start on your way to a compliant Database Audit Plan today.\n<\/p>\n<p>\n<strong>Call 832-377-5489 or <a title=\"Contact\" href=\"http:\/\/sqlity.net\/contact\/\">email us<\/a> now.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Your SQL Server Database Audit Database auditing is critical for compliance reasons and database security. It enables you to detect suspicious activity and establish accountability after the fact. Also, while database auditing cannot directly prevent malicious acts, it can have <a href=\"https:\/\/sqlity.net\/en\/services\/database-audits\/\">[more&#8230;]<\/a><\/p>\n","protected":false},"author":3,"featured_media":1642,"parent":5,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-17","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>A Database Audit Plan for your SQL Server<\/title>\n<meta name=\"description\" content=\"Do you store PCI, PII or PHI? Do you have to comply with HIPAA or Sarbanes Oxley? Get a sqlity.net Database Audit Plan today to comply with current laws and regulations.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sqlity.net\/en\/services\/database-audits\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Database Audit Plan for your SQL Server\" \/>\n<meta property=\"og:description\" content=\"Do you store PCI, PII or PHI? Do you have to comply with HIPAA or Sarbanes Oxley? Get a sqlity.net Database Audit Plan today to comply with current laws and regulations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sqlity.net\/en\/services\/database-audits\/\" \/>\n<meta property=\"og:site_name\" content=\"sqlity.net\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/sqlity.net\" \/>\n<meta property=\"article:modified_time\" content=\"2014-11-09T22:37:26+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@sqlity\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/services\\\/database-audits\\\/\",\"url\":\"https:\\\/\\\/sqlity.net\\\/en\\\/services\\\/database-audits\\\/\",\"name\":\"A Database Audit Plan for your SQL Server\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/services\\\/database-audits\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/services\\\/database-audits\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2014-08-27T10:54:45+00:00\",\"dateModified\":\"2014-11-09T22:37:26+00:00\",\"description\":\"Do you store PCI, PII or PHI? Do you have to comply with HIPAA or Sarbanes Oxley? Get a sqlity.net Database Audit Plan today to comply with current laws and regulations.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/services\\\/database-audits\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sqlity.net\\\/en\\\/services\\\/database-audits\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/services\\\/database-audits\\\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/services\\\/database-audits\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sqlity.net\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Services\",\"item\":\"https:\\\/\\\/sqlity.net\\\/en\\\/services\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Database Audits\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/sqlity.net\\\/en\\\/\",\"name\":\"sqlity.net\",\"description\":\"Quality for SQL\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sqlity.net\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Database Audit Plan for your SQL Server","description":"Do you store PCI, PII or PHI? Do you have to comply with HIPAA or Sarbanes Oxley? Get a sqlity.net Database Audit Plan today to comply with current laws and regulations.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sqlity.net\/en\/services\/database-audits\/","og_locale":"en_US","og_type":"article","og_title":"A Database Audit Plan for your SQL Server","og_description":"Do you store PCI, PII or PHI? Do you have to comply with HIPAA or Sarbanes Oxley? Get a sqlity.net Database Audit Plan today to comply with current laws and regulations.","og_url":"https:\/\/sqlity.net\/en\/services\/database-audits\/","og_site_name":"sqlity.net","article_publisher":"https:\/\/www.facebook.com\/sqlity.net","article_modified_time":"2014-11-09T22:37:26+00:00","twitter_card":"summary_large_image","twitter_site":"@sqlity","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/sqlity.net\/en\/services\/database-audits\/","url":"https:\/\/sqlity.net\/en\/services\/database-audits\/","name":"A Database Audit Plan for your SQL Server","isPartOf":{"@id":"https:\/\/sqlity.net\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sqlity.net\/en\/services\/database-audits\/#primaryimage"},"image":{"@id":"https:\/\/sqlity.net\/en\/services\/database-audits\/#primaryimage"},"thumbnailUrl":"","datePublished":"2014-08-27T10:54:45+00:00","dateModified":"2014-11-09T22:37:26+00:00","description":"Do you store PCI, PII or PHI? Do you have to comply with HIPAA or Sarbanes Oxley? Get a sqlity.net Database Audit Plan today to comply with current laws and regulations.","breadcrumb":{"@id":"https:\/\/sqlity.net\/en\/services\/database-audits\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sqlity.net\/en\/services\/database-audits\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sqlity.net\/en\/services\/database-audits\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/sqlity.net\/en\/services\/database-audits\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sqlity.net\/en\/"},{"@type":"ListItem","position":2,"name":"Services","item":"https:\/\/sqlity.net\/en\/services\/"},{"@type":"ListItem","position":3,"name":"Database Audits"}]},{"@type":"WebSite","@id":"https:\/\/sqlity.net\/en\/#website","url":"https:\/\/sqlity.net\/en\/","name":"sqlity.net","description":"Quality for SQL","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sqlity.net\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/P2wXuw-h","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/pages\/17","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/comments?post=17"}],"version-history":[{"count":0,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/pages\/17\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/pages\/5"}],"wp:attachment":[{"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/media?parent=17"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}