Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Lax Security - Database Weekly (June 22, 2009)

By Steve Jones,

Please tell me we're better than Oracle. Please tell me that less than 11% of you have never patched your database server.

Who am I kidding? This is Microsoft software, of course you've patched your server. Heck, I bet half of you wouldn't even install SQL Server 2005 or SQL Server 2008 until you had SP1 on a disk right next to you so you could patch the instance before you did anything else.

I was reading an article this week about database security on the Dark Reading site and it referenced a poll from the Independent Oracle Users Group that said 26% of respondents take more than 6 months to patch their servers and 11% have never patched them. I had seen similar numbers a year or two ago, and I always wanted to follow up with people on the SQL Server side. Actually if anyone reading this runs a user group, do a poll of your member and let me know who hasn't patched a server.

I know that many people are overworked in today's corporations. It seems there's a never ending supply of things to do, and a huge demand that they get done, but a lack of resources. Those resources are DBAs and developers, and they're people with lives outside of work who let things slide so they can get home at a decent hour or not work all weekend.

The things they let slide? Patches, documentation, and other nuisance s that aren't usually checked on. Patches are especially a big thing to ignore since they cause downtime, which usually upsets all kinds of people and requires numerous approvals.  Patches can also break things, which means more work, so if there was something to ignore, that is a big one.

Not patching your system usually doesn't cause a problem. Until it does cause a problem, and then it's a big problem. Patches aren't all about security, but many are.

I'm amazed how few security groups worry about database security, and how little most management teams emphasize security for databases. Getting the application working is way more important, and receives so much focus that protecting the information is ignored. The report linked in the article above (a separate download) starts out talking about banks and safes, and how they spend a lot of money protecting them because "that's where the money is."

Why don't we do the same for our jewels, our information?

Steve Jones

Steve's Pick of the Week

Luck, Preparation, and Opportunity - From MVP Jonathan Kehayias, a great post. You make your own luck, primarily through hard work.

Note: I didn't do a podcast this week and I am thinking to discontinue the Database Weekly ones. They create a time crunch for me, and since I only do every 3rd or 4th Database Weekly editorial, they are very inconsistent. If you like the Database Weekly podcast and would like it to continue, let me know and I'll bring them back.

Total article views: 104 | Views in the last 30 days: 1
 
Related Articles
FORUM

security patch????

Do we have security patch for sql server.

BLOG

Patching

Probably the least enjoyable thing about being a DBA is patching servers. We received the bad news i...

ARTICLE

Patch Week

This week Steve Jones notes there were quite a few patches from Microsoft for a variety of products....

ARTICLE

Security Alert : SQL Server Security Bug and Patch

Happy Holidays database administrators! As a parting present before you go home for your year-end br...

FORUM

Security Patches

patching SQL Server

Tags
database weekly    
editorial    
patches    
security    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones