Over the past few years I have been applying DISA STIGs on countless SQL Server environments and never had a “go to” single source that would answer all my SQL Server security-related questions. If not answer, at least guide me in the right direction. That’s why I was super excited when I heard Brent Ozar recommend a book called, “Securing SQL Server” by Denny Cherry’s on his new Office Hours podcast.
I wish I came across Denny Cherry’s “Securing SQL Server” book earlier, but I believe everything happens for a reason so I’m not going to complain.
Securing SQL Server 3rd Edition
I purchased the latest 3rd edition which includes SQL Server 2014. The book has a little over 400 pages spread over 15 chapters and is extremely easy to read. Denny does a great job taking a dry and boring topic like ‘security’ and making it interesting.
Over the span of 15 chapters, Denny talks not only about SQL Server database related security but network security (Chapter 2), SAN security (Chapter 11), Analysis Services and Reporting Services.
If you’re new to database security, there’s nothing to fear because Denny starts the very first chapter with “Identifying Security Requirements.” He goes over basic concepts and questions such as; what is PII (Personal Identifiable Information), what are security objectives, and how to identify them. So a SQL Server “accidental DBA” or novice won’t feel lost.
SQL Server security is something that a lot of people (including myself at one point) take for granted. It’s a very daunting task to learn and implement security settings within SQL Server as there are a huge number of factors to consider. There is always the fear of “breaking” something. A well-rounded knowledge of networking, windows system administration, database and storage concepts is crucial to understand security as a whole. By including real world client scenarios, Denny does an awesome job explaining these complicated topics in a simple fashion.
About the Author
Denny Cherry (b | t) is a Microsoft Certified Master (MCM), MVP and has over 15 years of experience in all areas of SQL Server such as performance tuning, troubleshooting and system architecture. He is the owner and Principal Consultant for Denny Cherry & Associates.