Uncategorized

DBA Responsibilities for Data Uses

Last Day To Catch the Current SelectViews SQL Server Show
…before tomorrow’s show posts. Watch it here. (Don’t forget, you can win $200 – congrats to our latest winner, Donna M.!)

Webcast Today
Moving from SQL Server 2000 to SQL Server 2005 Security
We’ll look into the differences between the approaches to security, how they apply to your database, the information you’re managing and tips along the way. There are some strong abilities in SQL Server 2005 and this show will look to explain the differences from the perspective of moving from SQL Server 2000. We’ll compare and contrast and make sense of the updates so you’re ready to move forward. Sponsored by Idera. (www.idera.com)

> Register Now
> Oct 4 2007 12:00pm Noon Pacific

Like Having an EKG for Your Server
Knowing what’s happening on your server is a mixed bag of knowing the counters to use, balancing the wealth of information you need to know and managing the impact of that monitoring in terms of performance of your SQL Server. With SQL Power Tools, you can monitor your server with real-time server alerts, baseline and historical performance comparisons and much more… all of this, without impacting server. Zero impact monitoring gives you a choice. Your choice is what exactly you really want to keep track of and how closely you want to monitor it to make sure your server is humming along nicely. Check out SQL Power Tools and download a 15 day trial to see for yourself the types of information you can be keeping track of – with zero impact. Get more information here.

DBA Responsibilities for Data Uses
Peter
wrote in about whole DBA responsibilities debate: "Where is the line? Is a DBA responsible for the data wherever its used? For example, encryption of the data as it flows through the application stack?

It varies depending on the scale of the operation ie formal DBA team versus the wearer of all hats in a small shop. In large, more formal environments that responsibility lies with the chief security officer. It works that way because there is much much more to security than just the technical aspect of our solutions, up to and including the reluctance of business to incur cost for secure practices. But even if the CSO is ‘responsible’, that takes no one off the hook… so everyone in the entire application stack is obligated to apply professional due diligence, from the folks who harden the servers to the DBAs to the app solution designers to the coders. In our organization we work really hard to make sure the business clients understand that the RISK is THEIRS… they ultimately choose how secure their systems are, by allocating resources to ensure they are secure.

This includes skill-sets and training, and this is where you often find the line-crossing – the experienced DBA with a good handle on application best practices, dealing with junior or incompetent developers…. but righteous DBAs, keep in mind that the solution designer might also be laboring under constraints of time and budget which are not of their own choosing. So of course it can all devolve into a Dilbert cartoon… DBAs have a role to play, but in the ideal world the ‘DBA line’ you are fishing for is:

Responsibility ends once the data is running in some application process above the database. Fuzziness creeps in as the shop gets smaller, and the DBA has more and more skin in the applications; and then there is ETL/data transfer which is a flavor of application often owned by DBAs. Ideally there is no line at all: the entire stack is understood in terms of responsibility and delivery. But in the real world the issue is not technical, its organizational… ‘Securing the data’ is simply too large and general a statement to parse in terms of ‘data = database admin’, but that might not help you when the breach occurs and the fingers start pointing."

I think it definitely changes as the organization size changes. Larger organizations may "get it" better – they may have staff to address data security beyond the database and system administrators that are specifically "tuned" to the security aspects of the network and supporting infrastructure. As the org gets smaller, I think management tends to think more of data as being, well, data. So, if it’s information, wherever it’s generated, used, transmitted, etc. – it falls under the control of the DATAbase administrator person who takes care of all of that

I think this is where education comes in, education of management. They need to understand that there are considerations and things to address at that level, not just storage and retrieval. I have been in SO many shops where they simply assume that the data is safe on its way to the database (whatever that means – could be the paper source, transmission, data entry, etc.) and they really only focus on doing what they can at the database level. If something messes up, it’s the DBAs fault – just because it’s data.

Anyway, I think the statement that it’s not a technical issue, but rather an organizational one is very true. I just hope that we can collectively step up to point out the organizational pieces that need to be covered, and how those apply to the technical aspects of working with information.

Featured White Paper(s)
Microsoft T-SQL Performance Tuning Part 1: Analyzing and Optimizing T-SQL Query Performance on Microsoft SQL Server using SET and DBCC
This white paper, authored by SQL Server expert Kevin Kline, discusses the basics of indexes, such as density and selectivity… (read more)

Enterprise Strategies to Improve Application Testing – Optimized Test Environments Speed the Deployment of Reliable Applications
Today’s applications drive revenue and satisfy sophisticated marketplace initiatives. These customer-facing and mission-criti… (read more)

Architecting the Infrastructure for SOA and XML
As application systems are developed using SOA principals and implemented using XML and Web Services, the increasing sophisti… (read more)

Minimizing Downtime and Maximizing Performance in Microsoft® SQL Server 64-bit environments
… (read more)