SQL Server Blog

Security, Ransomware, and the DBA

I hope you joined us for our monthly webinar and team discussion about SQL Server Health Checks in June! Our web guy should have the recording for that and some other posts from it soon. Check it out!

This month – on Thursday, 7/21/2022, we’ll be discussing Security and Ransomware. Why are we talking about that to DBAs? Because it matters. Security, it turns out, is everyone’s responsibility. And as I’ve long argued, DBAs are the “Advocates and Stewards of Data” in our companies – these attacks ultimately attack that data. We’ve now been brought in a handful of times after an attack to either be a part of a team ultimately delivering bad news to the clients or being part of a really expensive heroic march to resolution.

There are things your company can and should be doing right now to prevent an attack. There are things you as a DBA should be doing right now to insulate yourself if an attack still slips in. And you should be ready to act. This is a situation where an ounce of prevention now will almost be guaranteed to save you later.

The Webinar will be this Thursday, 7/21/2022, at Noon US EDT. Follow-up blog posts will go out with the recording. The webinar will be around 30 minutes of discussion followed by Q&A with members of our team. You can register to attend and receive an e-mail follow-up with a recording here:

We’ll cover these topics:

  • General Security – Not our job necessarily but a proper posture for e-mail and web security matters. We can remind our colleagues and family members about it.
  • Ransomware Protection Tools – The good, bad, and ugly about them (Protection is critical – but if you want to keep your SQL Servers and clusters online. Don’t just blindly implement them – but you need tools.)
  • Good old-fashioned Availability – Our role as the data people ultimately comes down to being able to recover, not lose backups, have solid run books, and rebuild efficiently. It’s nothing new to have backups that are protected from malicious sysadmins or viruses – but Ransomware attacks typically will nuke any backups on your network as a priority. “Air gapped” and protected backups are key. If you don’t have those – you DO NOT have backups.
  • SQL Server Security – These concepts haven’t really changed, so since we have you – let’s talk about AD vs SQL Auth, Group based, Role Based, and Least Privilege. I know – you are good here – I’m talking to them 😉

See you on Thursday!

Article by Mike Walsh

Subscribe for Updates


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share This