When I first took on my role as Supervisor for my team I implemented policies for our team. As first every was saying, "Waste of time". We know what we want our policies to be but we will never be able to enforce them because our user's needs are all over the place.
Policies may seem like it is just an excursive in academics but if you invest the time in it, it has huge payoffs. Let me give you a story to example how it helps.
Bob is a very good DBA. he has been around for years and knows a little bit of everything. Bob was working with an application owner about his database and they said my account needs sysadmin permissions on the server because of the way it works. Bob pushes back on the request but in the end, he gives up and provides the customer with the access they need. If there was a policy that read "sysadmin permissions are only to be used if they can provide documentation on why it is needed. Now Bob looks at the policy says, Our policy says I can give your application sysadmin permissions if you have documentation on why that level of permissions is required. Most of the time the user will back down from their request saying, Oh, can you give me the Owner and the ability to manage the SQL jobs. Which is much more reasonable. Without the policy, Bob had no way to defend what he knew was right.
Since we created policies the following improvement has taken place.
- Backups are standardized
- Configurations are standardized
- Security has been changed to least privileged
- User's accounts are no longer assigned to the database. permission are assigned by group names
Feel free to start with these policies and adjust them to you environment.
- 0.1 Security
- 0.1.1 DM AD Group/User/Service Access and Permissions
- 0.1.1.2 DM NERC SQL Server Auditing
- 0.1.2 Encryption
- 0.1.2.1 DM Encryption Connection
- 0.1.2.2 DM Data Protection
- 0.1.3 DM SQL Auditing and Logging
- 0.2 Administration
- 0.2.1 SQL Server Design and Configuration
- 0.2.1.1 DM Guest Level Configurations
- 0.2.1.2 DM SQL Server Version Standard
- 0.2.1.3 DM Database Installation and Configuration
- 0.2.1.4 DM Database Environments and Usage
- 0.2.1.5 DM Email Notification
- 0.2.2 DM Backups and Backup Retention
- 0.2.3 DM SQL Vulnerabilities
- 0.2.4 DM Disaster Recovery
- 0.2.5 DM NERC Testing
- 0.2.6 DM SQL Server Patching and Cumulative Updates
- 0.2.7 DM Monitoring and maintenance
DM AD Group/User/Service Access and Permissions
Purpose: | Implement and maintain database access. |
Roles and Responsibilities: | Service Desk - Creates users and groups. Data Management Team – Uses users/service/groups to allow the least privilege to the database |
Implementation and Usage Standards: |
|
Reference Requirements: |
|
Effective date: | 8/6/2019 |
Date last reviewed: |
|
Information contact: | Data Management <<email address>> |
Procedure link: |
Purpose: | Implement and maintain auditing and logging for proactive monitoring. |
Roles and Responsibilities: | Data Management - Responsible for configuring alerts and thresholds on 3rd party tool(s) and auditing of the SQL servers. Delivery of daily reports via email |
Implementation and Usage Standards: |
|
Reference Requirements: |
|
Effective date: | 8/6/2019 |
Date last reviewed: |
|
Information contact: | Data Management <<email address>> |
Procedure link: |
|
Purpose: | Encrypt confidential SQL Server data in transit using Transport Layer Security (TLS) encryption.. |
Roles and Responsibilities: | Infrastructure Team and the Data Management Team - Implementation and administration of TLS encryption for SQL Server. Responsible for enforcement of this standard and make exceptions.
Data Management Team - Supporting clients and aid the Service Desk in troubleshooting.
Service Desk team - Responsible for loading TLS 1.2 complaint drivers on the workstations. |
Implementation and Usage Standards: |
|
Reference Requirements: |
|
Effective date: | 8/6/2019 |
Date last reviewed: |
|
Information contact: | Data Management <<email>> |
Procedure link: |
|
Purpose: | Protecting confidential data. |
Roles and Responsibilities: | Data Management – Performing yearly audits to ensure that old accounts are cleaned up and sysadmin permissions are using least privileges.
|
Implementation and Usage Standards: |
|
Implementation and Usage standards |
|
Reference Requirements: |
|
Effective date: | 8/6/2019 |
Date last reviewed: |
|
Information contact: | Data Management <<email>> |
Procedure link: |
|
Purpose: | Determine when the SQL versions need to be upgraded and what versions to support. |
Roles and Responsibilities: | Data Management - Responsible for ? |
Implementation and Usage Standards: |
|
Reference Requirements: |
|
Effective date: | 8/6/2019 |
Date last reviewed: |
|
Information contact: | Data Management <<email>> |
Procedure link: |
|
ose: | Implement and maintain database backup and retention of SQL Servers managed by EDFR IT department. |
Roles and Responsibilities: | Infrastructure team - Responsible for providing security for the backup storage SQL backups. Data Management team - Responsible for implementation and administration of SQL Server backup and retention |
Implementation and Usage Standards: |
|
Reference Requirements: |
|
Effective date: | 8/6/2019 |
Date last reviewed: |
|
Information contact: | Data Management <<email>> |
Procedure link: |
|
Purpose: | Monitoring and Maintenance Policy |
Roles and Responsibilities: | Data Management – Daily Monitoring and Maintenance of SQL servers. Infrastructure team - Responsible for all 3rd party SQL server monitoring tool(s) or dashboards. |
Implementation and Usage Standards: | Data Management, will monitor and maintain SQL servers / databases providing preventive/protective measures.
|
Reference Requirements: |
|
Reason: |
|
Effective date: | 9/13/2019 |
Date last reviewed: |
|
Information contact: | Data Management <<email>> |
Procedure link: |
|
0 Comments