Is Your Company’s Database Protected Against a Disaster?

There’s an old adage in IT that goes something like this: “people only notice/value technology when it doesn’t work as expected.” This is never truer than with the databases that sit behind so many of the applications we use every day. We expect applications to perform as quickly as we’ve grown accustomed to. We also expect the information contained in them to be kept securely, accurately, and for as long as we need it. A substantial part of an application’s capability to satisfy these baseline requirements depends on the database. So, while most of us never interact directly with databases, most of us become acquainted with them when they become slow, or worse, lose data to theft or other disaster.

Fortunately, database servers such as Microsoft SQL Server have become, like much of our technology, ever more reliable and stable. Unfortunately, they are not yet capable of maintaining themselves flawlessly as the data they manage changes, and especially as external technical and human factors impact them. It is for this reason that maintenance plans, monitoring, patching, and security audits are still critical to database function and safety over time.

However, because modern database server platforms are relatively stable, many of us don’t proactively guard against disaster. We are like optimistic motorists who never change the oil nor check the struts and bearings. We get away with it for many blissful miles, until the engine smokes, or worse. Or, to explore a related and perhaps more closely correlated analogy, we are like early adopters of self-driving cars. While the technology can enable us to be hands-off most of the time, we dare not fall asleep at the wheel.

If you have one or more servers with databases, and you don’t have a dedicated DBA (and even if you do) consider taking time to ensure that adequate maintenance and backups are scheduled and functioning as expected. Also, if the scheduled maintenance fails, especially backups, review how you or your DBA will be notified. If preemptive performance intervention, or enhanced forensic capabilities are required, make sure you have good monitoring in place. Finally, though this is far too short a blog to begin to catalog the risks, review what security safeguards you have in place; from database login accounts and privileges, to backup storage practices, to firewall patching and threat detection. If you don’t, one day your database servers may demand that you, and your company, and maybe your customers notice them and recon with their value.