<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Data Security Archives - The SERO Group</title>
	<atom:link href="https://theserogroup.com/category/data-security/feed/" rel="self" type="application/rss+xml" />
	<link>https://theserogroup.com/category/data-security/</link>
	<description>SQL Servers Healthy, Secure, And Reliable</description>
	<lastBuildDate>Wed, 03 Jun 2026 15:37:02 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://theserogroup.com/wp-content/uploads/2024/07/cropped-Canister-only-1-32x32.png</url>
	<title>Data Security Archives - The SERO Group</title>
	<link>https://theserogroup.com/category/data-security/</link>
	<width>32</width>
	<height>32</height>
</image> 
<site xmlns="com-wordpress:feed-additions:1">121220030</site>	<item>
		<title>An Overview of Accelerated Database Recovery</title>
		<link>https://theserogroup.com/azure/an-overview-of-accelerated-database-recovery/</link>
					<comments>https://theserogroup.com/azure/an-overview-of-accelerated-database-recovery/#respond</comments>
		
		<dc:creator><![CDATA[Lee Markum]]></dc:creator>
		<pubDate>Wed, 17 Jun 2026 12:00:00 +0000</pubDate>
				<category><![CDATA[Azure]]></category>
		<category><![CDATA[Data Security]]></category>
		<category><![CDATA[DBA]]></category>
		<category><![CDATA[Events]]></category>
		<category><![CDATA[Professional Development]]></category>
		<category><![CDATA[SQL Community]]></category>
		<category><![CDATA[SQL Server]]></category>
		<category><![CDATA[SQL Server Consulting]]></category>
		<category><![CDATA[The Sero Group]]></category>
		<category><![CDATA[Clustering]]></category>
		<category><![CDATA[Clusters]]></category>
		<category><![CDATA[Database]]></category>
		<category><![CDATA[Database Administration]]></category>
		<category><![CDATA[Database Development]]></category>
		<category><![CDATA[IT Manager]]></category>
		<category><![CDATA[Microsoft Azure]]></category>
		<category><![CDATA[Public Speaking]]></category>
		<category><![CDATA[Script Library]]></category>
		<category><![CDATA[Sero]]></category>
		<category><![CDATA[Sero Group]]></category>
		<category><![CDATA[Serogroup]]></category>
		<category><![CDATA[Shared Disks]]></category>
		<category><![CDATA[SQL]]></category>
		<category><![CDATA[SQL Assessment]]></category>
		<category><![CDATA[SQL Audit]]></category>
		<category><![CDATA[SQL Conference]]></category>
		<category><![CDATA[SQL Consultant]]></category>
		<category><![CDATA[SQL Events]]></category>
		<category><![CDATA[SQL Security]]></category>
		<category><![CDATA[SQL Server Consultant]]></category>
		<category><![CDATA[SQL Server Management]]></category>
		<category><![CDATA[SQL Training]]></category>
		<category><![CDATA[TempDB]]></category>
		<guid isPermaLink="false">https://theserogroup.com/?p=7775</guid>

					<description><![CDATA[<p>SQL Server has had a number of really wonderful new features over the last several releases. One of those features is Accelerated Database Recovery. This enhancement has received some coverage in the community and I want to make my own contribution to promoting this feature. What is Accelerated Database Recovery? Accelerated Database Recovery (ADR) came&#8230; <br /> <a class="read-more" href="https://theserogroup.com/azure/an-overview-of-accelerated-database-recovery/">Read more</a></p>
<p>The post <a href="https://theserogroup.com/azure/an-overview-of-accelerated-database-recovery/">An Overview of Accelerated Database Recovery</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">SQL Server has had a number of really wonderful new features over the last several releases. One of those features is Accelerated Database Recovery. This enhancement has received some coverage in the community and I want to make my own contribution to promoting this feature.</p>



<h2 id="h-what-is-accelerated-database-recovery" class="wp-block-heading">What is Accelerated Database Recovery?</h2>



<p class="wp-block-paragraph">Accelerated Database Recovery (ADR) came out in SQL Server 2019 and is an enhanced way for SQL Server to do database crash recovery. It uses a new Streaming Log (SLOG) feature that allows much faster redo and undo phases of the process by tracking any non-versioned actions.</p>



<p class="wp-block-paragraph">The Persistent Version Store is another new component to the process. It holds row versions in the database itself, either on the data pages being modified or in a separate system table. This persisted version store is very similar to how read committed snapshot isolation uses row-versions to allow for read and write queries to operate without blocking each other. This holding mechanism for row versions is cleaned up periodically by a background process that removes unneeded row versions. This persisted version store, in combination with the SLOG, allows a couple of things.</p>



<p class="wp-block-paragraph">First, in the redo phase there is no longer the need to read the transaction log serially from the oldest uncommitted transaction forward to the time of the crash to replay and redo records for creating a consistent state in the database. Instead, SQL Server uses the SLOG to recover any non-versioned actions from the oldest uncommitted transaction forward up to the point of the last checkpoint. This is much faster. Once the last checkpoint is reached, only then will SQL Server start reading the transaction log for any redo work.</p>



<p class="wp-block-paragraph">Second, in the Undo phase, the SLOG is used again to undo any non-versioned operations, and the persistent version store is used to simply switch the database rows back to whatever the proper current row was at the time of the crash.</p>



<p class="wp-block-paragraph">Traditional Recovery: Picture from <a href="https://learn.microsoft.com/en-us/sql/relational-databases/accelerated-database-recovery-concepts?view=sql-server-ver17">https://learn.microsoft.com/en-us/sql/relational-databases/accelerated-database-recovery-concepts?view=sql-server-ver17</a></p>



<figure class="wp-block-image size-large"><a href="https://theserogroup.com/wp-content/uploads/2026/06/TraditionalSQLServerRecovery_2026-06-01-141057.png"><img fetchpriority="high" decoding="async" width="1024" height="528" src="https://theserogroup.com/wp-content/uploads/2026/06/TraditionalSQLServerRecovery_2026-06-01-141057-1024x528.png" alt="" class="wp-image-7776" srcset="https://theserogroup.com/wp-content/uploads/2026/06/TraditionalSQLServerRecovery_2026-06-01-141057-1024x528.png 1024w, https://theserogroup.com/wp-content/uploads/2026/06/TraditionalSQLServerRecovery_2026-06-01-141057-300x155.png 300w, https://theserogroup.com/wp-content/uploads/2026/06/TraditionalSQLServerRecovery_2026-06-01-141057-768x396.png 768w, https://theserogroup.com/wp-content/uploads/2026/06/TraditionalSQLServerRecovery_2026-06-01-141057.png 1376w" sizes="(max-width: 1024px) 100vw, 1024px" /></a></figure>



<p class="wp-block-paragraph">Recovery using Accelerated Database Recovery: Picture from <a href="https://learn.microsoft.com/en-us/sql/relational-databases/accelerated-database-recovery-concepts?view=sql-server-ver17">https://learn.microsoft.com/en-us/sql/relational-databases/accelerated-database-recovery-concepts?view=sql-server-ver17</a></p>



<figure class="wp-block-image size-large"><a href="https://theserogroup.com/wp-content/uploads/2026/06/SQLServerRecoveryWithADR_2026-06-01-141057.png"><img decoding="async" width="1024" height="573" src="https://theserogroup.com/wp-content/uploads/2026/06/SQLServerRecoveryWithADR_2026-06-01-141057-1024x573.png" alt="" class="wp-image-7777" srcset="https://theserogroup.com/wp-content/uploads/2026/06/SQLServerRecoveryWithADR_2026-06-01-141057-1024x573.png 1024w, https://theserogroup.com/wp-content/uploads/2026/06/SQLServerRecoveryWithADR_2026-06-01-141057-300x168.png 300w, https://theserogroup.com/wp-content/uploads/2026/06/SQLServerRecoveryWithADR_2026-06-01-141057-768x430.png 768w, https://theserogroup.com/wp-content/uploads/2026/06/SQLServerRecoveryWithADR_2026-06-01-141057.png 1271w" sizes="(max-width: 1024px) 100vw, 1024px" /></a></figure>



<h2 id="h-why-would-you-want-to-enable-accelerated-database-recovery" class="wp-block-heading">Why would you want to enable Accelerated Database Recovery?</h2>



<p class="wp-block-paragraph">Accelerated database recovery can save you and your clients from extended outages due to long rollback times under heavy load. I’ve seen rollback times of 45-60 minutes be reduced to seconds with this feature enabled. The use-case I had was during SQL Server patching clients weren’t always out of the system as requested. In some cases, the client activity had a lot of changes in-flight when patching was applied and the traditional recovery method took a very long time after the server rebooted.</p>



<p class="wp-block-paragraph">I enabled ADR and never had that problem again. This feature can also save you from pain you inflict on yourself. If you’re running a query to make a lot of changes and it is decided to kill the query, causing rollback, then the ADR feature can execute rollback almost instantaneously. This is much better than waiting a long time for single threaded rollback of a query that has been running a long time.</p>



<h2 class="wp-block-heading">How to determine if Accelerated Database Recovery is enabled?</h2>



<p class="wp-block-paragraph">The system table sys.databases can be queried to show whether this feature is enabled or not.</p>



<pre class="wp-block-code"><code>SELECT name
FROM sys.databases 
WHERE is_accelerated_database_recovery_on = 1;
</code></pre>



<h2 class="wp-block-heading">How to enable Accelerated Database Recovery?</h2>



<p class="wp-block-paragraph">An exclusive database lock is required to enable Accelerated Database Recovery. This means the change should be done in a maintenance window where no activity is expected. The feature can be enabled in the presence of other activity using the termination clause WITH ROLLBACK [IMMMEDIATE | AFTER {Number} SECONDS | NO_WAIT] . Using the &nbsp;IMMEDIATE option will immediately rollback other transactions so that the ALTER statement will complete. The NO_WAIT option will terminate the ALTER statement if it can’t be executed immediately. Choose one of the three options.</p>



<pre class="wp-block-code"><code>ALTER DATABASE &#91;&lt;db_name&gt;] SET ACCELERATED_DATABASE_RECOVERY = ON WITH ROLLBACK &#91;IMMMEDIATE | AFTER {Number} SECONDS | NO_WAIT;</code></pre>



<h2 class="wp-block-heading">What sp_configure settings should be adjusted for Accelerated Database Recovery?</h2>



<p class="wp-block-paragraph">First, the ADR Cleaner Thread Count option in sp_configure controls the number of cpu threads to use for the background cleaner process that removes old row versions from the Persisted Version Store. This option was introduced in SQL Server 2022. It is advisable not to set this to a large number. You can increase it from the default of 1 to 2 or perhaps 4 to ensure that Persisted Version Store cleanup is happening quickly enough across a large number of databases.</p>



<pre class="wp-block-code"><code>-- Configure ADR cleaner to use 4 threads
EXEC sp_configure 'show advanced options', 1;
RECONFIGURE;

EXEC sp_configure 'ADR Cleaner Thread Count', 4;
RECONFIGURE WITH OVERRIDE;
</code></pre>



<p class="wp-block-paragraph">Second, the ADR Pre-allocation Factor setting can also be adjusted. If the “just in time” mechanism to allocate pages to store rows in the persisted version store is above zero by a significant amount, then this sp_configure option can be set to allocate pages ahead of time for the version store. There is an extended event called tx_version_optimized_insert_stats that can be reviewed to see what the “just in time” value is. The value to check is labeled “foreground_allocation_percent.”</p>



<p class="wp-block-paragraph">The default value for the ADR pre-allocation factor is 4. The number of pages allocated at any one time is 512 X the ADR Pre-allocation Factor. It isn’t recommended to set this fact too high because pre-allocating too many pages can cause contention.</p>



<pre class="wp-block-code"><code>-- Configure ADR Preallocation Factor
EXEC sp_configure 'show advanced options', 1;
RECONFIGURE;

EXEC sp_configure 'ADR Preallocation Factor', 6; -- Defaults vary based on workload
RECONFIGURE WITH OVERRIDE;
</code></pre>



<p class="wp-block-paragraph"></p>



<h2 id="h-is-a-long-rollback-costing-you-downtime" class="wp-block-heading"><strong>Is a Long Rollback Costing You Downtime?</strong></h2>



<p class="wp-block-paragraph">SQL Server recovery issues can turn a routine maintenance window into a multi-hour outage. The SERO Group specializes in exactly this kind of proactive SQL Server management. <a href="https://theserogroup.com/contact-us/" target="_blank" rel="noreferrer noopener">Schedule a free discovery call</a> and let&#8217;s talk about your environment.</p>
<p>The post <a href="https://theserogroup.com/azure/an-overview-of-accelerated-database-recovery/">An Overview of Accelerated Database Recovery</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://theserogroup.com/azure/an-overview-of-accelerated-database-recovery/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">7775</post-id>	</item>
		<item>
		<title>How to Use VSSADMIN Commands To Manage Low Disk Space</title>
		<link>https://theserogroup.com/azure/how-to-use-vssadmin-commands-to-manage-low-disk-space/</link>
					<comments>https://theserogroup.com/azure/how-to-use-vssadmin-commands-to-manage-low-disk-space/#respond</comments>
		
		<dc:creator><![CDATA[Lee Markum]]></dc:creator>
		<pubDate>Wed, 03 Jun 2026 15:14:07 +0000</pubDate>
				<category><![CDATA[Azure]]></category>
		<category><![CDATA[Data Security]]></category>
		<category><![CDATA[DBA]]></category>
		<category><![CDATA[Events]]></category>
		<category><![CDATA[Professional Development]]></category>
		<category><![CDATA[SQL Community]]></category>
		<category><![CDATA[SQL Server]]></category>
		<category><![CDATA[SQL Server Consulting]]></category>
		<category><![CDATA[The Sero Group]]></category>
		<category><![CDATA[Clustering]]></category>
		<category><![CDATA[Clusters]]></category>
		<category><![CDATA[Database]]></category>
		<category><![CDATA[Database Administration]]></category>
		<category><![CDATA[Database Development]]></category>
		<category><![CDATA[IT Manager]]></category>
		<category><![CDATA[Microsoft Azure]]></category>
		<category><![CDATA[Public Speaking]]></category>
		<category><![CDATA[Script Library]]></category>
		<category><![CDATA[Sero]]></category>
		<category><![CDATA[Sero Group]]></category>
		<category><![CDATA[Serogroup]]></category>
		<category><![CDATA[Shared Disks]]></category>
		<category><![CDATA[SQL]]></category>
		<category><![CDATA[SQL Assessment]]></category>
		<category><![CDATA[SQL Audit]]></category>
		<category><![CDATA[SQL Conference]]></category>
		<category><![CDATA[SQL Consultant]]></category>
		<category><![CDATA[SQL Events]]></category>
		<category><![CDATA[SQL Security]]></category>
		<category><![CDATA[SQL Server Consultant]]></category>
		<category><![CDATA[SQL Server Management]]></category>
		<category><![CDATA[SQL Training]]></category>
		<category><![CDATA[TempDB]]></category>
		<guid isPermaLink="false">https://theserogroup.com/?p=7767</guid>

					<description><![CDATA[<p>Low disk space alerts are a common occurrence in I.T. For SQL Server consultants, there could be a few causes: This last scenario related to volume shadow service is what I want to talk about today. This one can be a little confusing at first because your organization may get a low disk space alert&#8230; <br /> <a class="read-more" href="https://theserogroup.com/azure/how-to-use-vssadmin-commands-to-manage-low-disk-space/">Read more</a></p>
<p>The post <a href="https://theserogroup.com/azure/how-to-use-vssadmin-commands-to-manage-low-disk-space/">How to Use VSSADMIN Commands To Manage Low Disk Space</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">Low disk space alerts are a common occurrence in I.T. For SQL Server consultants, there could be a few causes:</p>



<ul class="wp-block-list">
<li>A runaway transaction filling up a log file or even an mdf file in a user database or tempdb.</li>



<li>Someone or some process took an extra backup that wasn&#8217;t planned for.</li>



<li>A new database was created with larger than expected files sizes.</li>



<li>An application is using the Volume Shadow Service to make backups of databases to a local volume.</li>
</ul>



<p class="wp-block-paragraph">This last scenario related to volume shadow service is what I want to talk about today. This one can be a little confusing at first because your organization may get a low disk space alert that doesn&#8217;t seem to make sense. The alert may indicate that there is less than 10% free space, but looking at the volume in Windows Explorer doesn&#8217;t show that at all. It turns out that VSS files aren&#8217;t visible to Windows explorer. You might come across this when investigating the following error, &#8220;Volsnap &#8211; 36 &#8211; The shadow copies of volume E: were aborted because the shadow copy storage could not grow due to a user imposed limit.&#8221;</p>



<p class="wp-block-paragraph">To investigate what is happening, try some of the <a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc754968(v=ws.11)">VSSAdmin</a> commands, like this:</p>



<pre class="wp-block-code"><code>vssadmin list shadowstorage</code></pre>



<p class="wp-block-paragraph">The output pf this PowerShell command will show what volumes are being backed up by VSS, and what the target volume is for those VSS files. If the volumes are already low on space, deleting some of the shadow copies may be the first thing needed. This can be done with the following command:</p>



<pre class="wp-block-code"><code>vssadmin delete shadows /for=&lt;ForVolumeSpec&gt; &#91;/oldest | /all | /shadow=&lt;ShadowID&gt;] &#91;/quiet]</code></pre>



<p class="wp-block-paragraph">Then a limit can be placed on the amount of storage allocated to VSS files using this command:</p>



<pre class="wp-block-code"><code>vssadmin resize shadowstorage /for=&lt;ForVolumeSpec&gt; /on=&lt;OnVolumeSpec&gt; &#91;/maxsize=&lt;MaxSizeSpec&gt;]</code></pre>



<p class="wp-block-paragraph">Keep in mind that someone will need to determine first if the older VSS files are needed prior to executing the delete and resize commands. </p>



<h2 id="h-tired-of-chasing-sql-server-alerts" class="wp-block-heading">Tired of Chasing SQL Server Alerts?</h2>



<p class="wp-block-paragraph">Dealing with disk space issues on your SQL Servers? That&#8217;s exactly the kind of problem The SERO Group solves every day. <a href="https://theserogroup.com/contact-us/">Schedule a free discovery call</a> and let&#8217;s take a look.</p>
<p>The post <a href="https://theserogroup.com/azure/how-to-use-vssadmin-commands-to-manage-low-disk-space/">How to Use VSSADMIN Commands To Manage Low Disk Space</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://theserogroup.com/azure/how-to-use-vssadmin-commands-to-manage-low-disk-space/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">7767</post-id>	</item>
		<item>
		<title>Why Quiet Reflection Leads to Better IT Strategy Decisions</title>
		<link>https://theserogroup.com/azure/why-quiet-reflection-leads-to-better-it-strategy-decisions/</link>
		
		<dc:creator><![CDATA[Joe Webb]]></dc:creator>
		<pubDate>Wed, 17 Dec 2025 13:00:04 +0000</pubDate>
				<category><![CDATA[Azure]]></category>
		<category><![CDATA[Data Security]]></category>
		<category><![CDATA[DBA]]></category>
		<category><![CDATA[Events]]></category>
		<category><![CDATA[Professional Development]]></category>
		<category><![CDATA[SQL Community]]></category>
		<category><![CDATA[SQL Server]]></category>
		<category><![CDATA[SQL Server Consulting]]></category>
		<category><![CDATA[The Sero Group]]></category>
		<category><![CDATA[Clustering]]></category>
		<category><![CDATA[Clusters]]></category>
		<category><![CDATA[Database]]></category>
		<category><![CDATA[Database Administration]]></category>
		<category><![CDATA[Database Development]]></category>
		<category><![CDATA[IT Manager]]></category>
		<category><![CDATA[Microsoft Azure]]></category>
		<category><![CDATA[Public Speaking]]></category>
		<category><![CDATA[Script Library]]></category>
		<category><![CDATA[Sero]]></category>
		<category><![CDATA[Sero Group]]></category>
		<category><![CDATA[Serogroup]]></category>
		<category><![CDATA[Shared Disks]]></category>
		<category><![CDATA[SQL]]></category>
		<category><![CDATA[SQL Assessment]]></category>
		<category><![CDATA[SQL Audit]]></category>
		<category><![CDATA[SQL Conference]]></category>
		<category><![CDATA[SQL Consultant]]></category>
		<category><![CDATA[SQL Events]]></category>
		<category><![CDATA[SQL Security]]></category>
		<category><![CDATA[SQL Server Consultant]]></category>
		<category><![CDATA[SQL Server Management]]></category>
		<category><![CDATA[SQL Training]]></category>
		<category><![CDATA[TempDB]]></category>
		<guid isPermaLink="false">https://theserogroup.com/?p=7691</guid>

					<description><![CDATA[<p>Last Saturday, I woke up before dawn to a quiet house. My family was still asleep, as I’m the only morning person in our household. The Christmas tree lights cast a warm glow across the room, and I was alone with my thoughts and a hot cup of coffee. No urgent emails, no fire drills,&#8230; <br /> <a class="read-more" href="https://theserogroup.com/azure/why-quiet-reflection-leads-to-better-it-strategy-decisions/">Read more</a></p>
<p>The post <a href="https://theserogroup.com/azure/why-quiet-reflection-leads-to-better-it-strategy-decisions/">Why Quiet Reflection Leads to Better IT Strategy Decisions</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">Last Saturday, I woke up before dawn to a quiet house. My family was still asleep, as I’m the only morning person in our household. The Christmas tree lights cast a warm glow across the room, and I was alone with my thoughts and a hot cup of coffee. No urgent emails, no fire drills, no meetings starting in five minutes. Just space to think.</p>



<p class="wp-block-paragraph">As I sat there, I ended up reflecting back on 2025. I found myself gravitating to these three questions:</p>



<ul class="wp-block-list">
<li>What went well this year?</li>



<li>What did I learn?</li>



<li>What should I focus on next year?</li>
</ul>



<p class="wp-block-paragraph">If you’re a leader, I’m guessing you rarely get this kind of thinking time during your workday. I know I don’t. Our calendars are packed with calls, team meetings, and those &#8220;quick questions” that turn into two-hour troubleshooting sessions.</p>



<p class="wp-block-paragraph">But here&#8217;s what I&#8217;ve learned: <strong>the quality of your strategic decisions is directly tied to the quality of your thinking time.</strong></p>



<p class="wp-block-paragraph">And thinking time doesn&#8217;t happen by accident. You have to protect it.</p>



<h3 class="wp-block-heading" id="h-what-went-well-this-year">What Went Well This Year?</h3>



<p class="wp-block-paragraph">When I asked myself this question, I didn&#8217;t think about our biggest projects or flashiest achievements. I didn&#8217;t think about when we migrated almost 2,000 databases as part of an upgrade project. Or the performance tuning we did that resulted in a $36,000 reduction in annual Azure spend for a client. </p>



<p class="wp-block-paragraph">Instead, I thought about the relationships we strengthened. The trust we built with clients. The problems we solved before they became crises.</p>



<p class="wp-block-paragraph">For you, this might look like:</p>



<ul class="wp-block-list">
<li>The audit that went smoothly because your security documentation was solid</li>



<li>The successful disaster recovery test that was possible because you kept refining the process</li>



<li>The team member you mentored who&#8217;s now ready for more responsibility</li>



<li>The support resources you provided your team through a trusted partner</li>
</ul>



<p class="wp-block-paragraph">These aren&#8217;t always the things that make it into board reports. But they&#8217;re the foundation that everything else is built on.</p>



<h3 class="wp-block-heading" id="h-what-did-i-learn">What Did I Learn?</h3>



<p class="wp-block-paragraph">This year reminded me of something Eisenhower once said: <strong>&#8220;Plans are worthless, but planning is everything.&#8221;</strong></p>



<p class="wp-block-paragraph">The need for planning cannot be overstated. It&#8217;s critical. Even if the plan doesn&#8217;t always work out the way you intended. </p>



<p class="wp-block-paragraph"><strong>The plan itself wasn&#8217;t the point. The thinking I did while creating the plan was the point.</strong></p>



<p class="wp-block-paragraph">Because I’d thought through our capacity, our ideal client profile, and our service delivery model, I could adjust quickly when reality didn’t match my spreadsheet. I knew which opportunities were a good fit for us and which ones to let go. Because we’ve intentionally built a small but incredibly talented team that genuinely wants to see our clients succeed, we were able to identify and create ways to help them.</p>



<p class="wp-block-paragraph">I watched the same dynamic play out with clients. The institutions that had documented their SQL Server environments, tested their disaster recovery plans, and mapped their compliance requirements adapted quickly when needed. They were positioned for success even when the unexpected happened.</p>



<p class="wp-block-paragraph">Planning isn&#8217;t about predicting the future. It&#8217;s about <strong>building the muscle memory to respond when the future surprises you.</strong></p>



<p class="wp-block-paragraph">What did you learn this year about planning and adapting? Maybe it was:</p>



<ul class="wp-block-list">
<li>That your three-year technology roadmap needs quarterly reviews, not just annual ones</li>



<li>That the disaster recovery plan sitting in a SharePoint folder isn&#8217;t the same as a tested DR plan</li>



<li>That &#8220;we&#8217;ll address that next quarter&#8221; eventually becomes &#8220;why didn&#8217;t we address this sooner?&#8221;</li>



<li>That having an expert on call beats having a plan to find an expert when something breaks</li>
</ul>



<p class="wp-block-paragraph">These lessons matter. Write them down. They&#8217;re not just hindsight—they&#8217;re your blueprint for better decisions ahead.</p>



<h3 class="wp-block-heading" id="h-what-should-i-focus-on-next-year">What Should I Focus On Next Year?</h3>



<p class="wp-block-paragraph">For me, the answer was clear: <strong>I need to help more financial institutions and healthcare organizations understand that they have options.</strong> Most CIOs think they have two choices for database management: hire a full-time DBA (expensive and hard to find) or make do with whoever can &#8220;figure it out&#8221; (risky and unsustainable).</p>



<p class="wp-block-paragraph">There&#8217;s a third option: fractional DBA services that give you expert oversight without the full-time price tag. </p>



<p class="wp-block-paragraph">For you, your focus might be different. Maybe it&#8217;s:</p>



<ul class="wp-block-list">
<li>Finally getting your SQL Server environment documented and audit-ready</li>



<li>Building a disaster recovery plan that you&#8217;ve actually tested</li>



<li>Move a little further along the <a href="https://theserogroup.com/data-strategy/sql-server-maturity-curve-how-banks-move-from-reactive-risk-to-strategic-advantage/">SQL Server Maturity Curve</a></li>



<li>Finding a partner who understands banking compliance, not just databases</li>
</ul>



<p class="wp-block-paragraph">Whatever it is, the key is to actually choose something. Not everything. Something. And move toward it. Make progress.</p>



<h3 class="wp-block-heading" id="h-the-power-of-quiet-reflection">The Power of Quiet Reflection</h3>



<p class="wp-block-paragraph">Here&#8217;s the thing about those early Saturday morning moments: they&#8217;re rare. And precious. </p>



<p class="wp-block-paragraph">During the week, we’re in execution mode. We’re responding, reacting, solving, and fixing. That’s necessary work. But it’s not strategic work.</p>



<p class="wp-block-paragraph">Strategic work requires space. It requires stepping back from the urgent to focus on the important.</p>



<p class="wp-block-paragraph">So, here&#8217;s my challenge to you as we wind down 2025 and usher in the new year:</p>



<h3 class="wp-block-heading" id="h-block-off-time-just-to-think-then-protect-it">Block Off Time Just to Think, Then Protect It</h3>



<p class="wp-block-paragraph">Maybe it&#8217;s Saturday mornings before your family wakes up. Maybe it&#8217;s a long walk at lunch. Maybe it&#8217;s 90 minutes with your calendar blocked and your office door closed. </p>



<p class="wp-block-paragraph">Whatever it is, protect it. The decisions you make during that quiet time about where to focus, what risks to address, and which partnerships to invest in will help shape your entire year.</p>



<h3 class="wp-block-heading" id="h-your-turn">Your Turn</h3>



<p class="wp-block-paragraph">As you think about the year ahead, I&#8217;d encourage you to ask yourself those three questions:</p>



<ol class="wp-block-list">
<li>What went well this year? Celebrate it. Learn from it.</li>



<li>What did I learn? Write it down. It&#8217;s wisdom you paid for.</li>



<li>What should I focus on next year? Pick one or two things. Not everything.</li>
</ol>



<p class="wp-block-paragraph">And if one of those focus areas is &#8220;finally get our SQL Server environment to a place where I&#8217;m confident, not just hopeful,&#8221; let&#8217;s talk. That&#8217;s exactly what we help institutions do.</p>



<p class="wp-block-paragraph">If you&#8217;re a CIO wondering whether your SQL Server environment is as healthy and secure as it should be, I&#8217;d be happy to have a conversation. No sales pitch. Just two people talking candidly about database management. <a href="https://theserogroup.com/contact-us/" target="_blank" rel="noreferrer noopener">Schedule a time here</a>.</p>
<p>The post <a href="https://theserogroup.com/azure/why-quiet-reflection-leads-to-better-it-strategy-decisions/">Why Quiet Reflection Leads to Better IT Strategy Decisions</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">7691</post-id>	</item>
		<item>
		<title>5 SQL Server Security Priorities Every Bank CIO Must Address</title>
		<link>https://theserogroup.com/data-security/5-sql-server-security-priorities-every-bank-cio-must-address/</link>
		
		<dc:creator><![CDATA[Joe Webb]]></dc:creator>
		<pubDate>Wed, 20 Aug 2025 12:00:10 +0000</pubDate>
				<category><![CDATA[Data Security]]></category>
		<category><![CDATA[Database]]></category>
		<category><![CDATA[Database Administration]]></category>
		<category><![CDATA[Database Development]]></category>
		<category><![CDATA[SQL]]></category>
		<category><![CDATA[SQL Events]]></category>
		<category><![CDATA[SQL Security]]></category>
		<category><![CDATA[SQL Server]]></category>
		<category><![CDATA[SQL Server Management]]></category>
		<guid isPermaLink="false">https://theserogroup.com/?p=7535</guid>

					<description><![CDATA[<p>If you’re a new CIO at a bank or financial institution, chances are your organization relies heavily on Microsoft SQL Server. From core banking systems to regulatory data, SQL Server often holds your most critical and most targeted information. However, over time, many SQL Server environments quietly drift out of alignment with security best practices.&#8230; <br /> <a class="read-more" href="https://theserogroup.com/data-security/5-sql-server-security-priorities-every-bank-cio-must-address/">Read more</a></p>
<p>The post <a href="https://theserogroup.com/data-security/5-sql-server-security-priorities-every-bank-cio-must-address/">5 SQL Server Security Priorities Every Bank CIO Must Address</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">If you’re a new CIO at a bank or financial institution, chances are your organization relies heavily on Microsoft SQL Server. From core banking systems to regulatory data, SQL Server often holds your most critical and most targeted information.</p>



<p class="wp-block-paragraph">However, over time, many SQL Server environments quietly drift out of alignment with security best practices. Configurations age. Backups go untested. Access privileges expand without oversight. Multiple vendors are granted elevated access. And without a clear owner, risks grow quietly until something breaks.</p>



<h2 class="wp-block-heading" id="h-5-sql-server-security-actions-to-take">5 SQL Server Security Actions to Take</h2>



<p class="wp-block-paragraph">Here are five simple, high-impact actions you can take to reduce SQL Server risk and strengthen your institution’s security posture:</p>



<h3 class="wp-block-heading" id="h-1-know-what-sql-servers-you-actually-have"><strong>1. Know What SQL Servers You Actually Have</strong></h3>



<p class="wp-block-paragraph">Untracked or “orphaned” SQL Server instances are more common than you think. Over time, shadow IT, legacy systems, or test environments can go unnoticed. As CIO, make sure you have an up-to-date inventory of all SQL Server instances. Get a comprehensive list, along with who’s responsible for maintaining each one.</p>



<h3 class="wp-block-heading"><strong>2. Review Who Has Access—and Why</strong></h3>



<p class="wp-block-paragraph">Access control is one of your biggest areas of exposure. Application vendors often want elevated permissions, especially during the initial installation. Developers or business analysts may have been granted elevated permissions in the past to troubleshoot a query for an important report. The same is true for data engineers.</p>



<p class="wp-block-paragraph">To check just how many hands are in the cookie jar, ask your team to provide a list of:</p>



<ul class="wp-block-list">
<li>All logins with sysadmin or elevated privileges</li>



<li>All databases owned by someone other than sa or another designated account</li>



<li>Any use of shared or generic SQL accounts</li>
</ul>



<p class="wp-block-paragraph">Restrict access to only what users need, and tie access to individual, auditable accounts.</p>



<h3 class="wp-block-heading" id="h-3-make-sure-backups-are-encrypted-and-verified"><strong>3. Make Sure Backups Are Encrypted</strong> and Verified</h3>



<p class="wp-block-paragraph">A backup strategy isn’t just about having copies of your data—it’s about knowing those backups will work when you need them most. Ask your team how often backups are tested and whether they’re encrypted. Encryption ensures that sensitive financial data isn’t exposed if backup files fall into the wrong hands. </p>



<p class="wp-block-paragraph">Equally important is regular verification using tools like RESTORE VERIFYONLY or full restore tests and integrity checks. A corrupted or incomplete backup doesn’t help you during a crisis. </p>



<p class="wp-block-paragraph">Confirm there’s a clear retention policy in place that aligns with regulatory and business requirements. Backup success logs should be reviewed, and failed jobs should never go unnoticed. Don’t wait until something breaks to find out your recovery plan has holes.</p>



<p class="wp-block-paragraph">Ask your team:</p>



<ul class="wp-block-list">
<li>Are backups encrypted to protect sensitive data?</li>



<li>Are they tested regularly using tools like VERIFYONLY or, better yet, with complete test restores followed by an integrity check?</li>



<li>What’s the retention policy, and is it enforced?</li>
</ul>



<p class="wp-block-paragraph">One bad backup can turn a small incident into a costly disaster.</p>



<h3 class="wp-block-heading" id="h-4-confirm-that-audit-logs-are-running-and-secure"><strong>4. Confirm That Audit Logs Are Running and Secure</strong></h3>



<p class="wp-block-paragraph">Audit logs can be an invaluable tool for spotting suspicious activity and proving compliance. However, since audit logs are helpful only if they’re complete, accessible, and protected, make sure that:</p>



<ul class="wp-block-list">
<li><strong>Auditing is enabled</strong> on all production servers.</li>



<li>Logs are <strong>stored securely and encrypted</strong>.</li>



<li>Someone is <strong>reviewing logs regularly</strong> to flag unusual activity.</li>
</ul>



<h3 class="wp-block-heading"><strong>5. Assign Clear Ownership for SQL Server Security</strong></h3>



<p class="wp-block-paragraph">Securing your SQL Server is a key component of a multi-layered approach to security. But SQL Server security isn’t a “set it and forget it” project. It needs ongoing attention. </p>



<p class="wp-block-paragraph">If your team doesn’t have a dedicated DBA, consider bringing in outside help. A trusted SQL Server partner (like The SERO Group) can help you monitor, maintain, and secure your environment without adding headcount.</p>



<h2 class="wp-block-heading" id="h-final-thought-s"><strong>Final Thought</strong>s</h2>



<p class="wp-block-paragraph">SQL Server often holds your institution’s most sensitive data. These five actions can help improve your data security posture and reduce risk. </p>



<p class="wp-block-paragraph">If you’re unsure where your SQL Server environment stands, or if your team is simply stretched too thin, we can help. </p>



<p class="wp-block-paragraph">At The SERO Group, we specialize in helping banks and financial institutions reduce risk, improve reliability, and maintain compliance without the cost of a full-time DBA. Let’s schedule a quick call to talk through your current setup and see where we can support you. <a href="https://theserogroup.com/contact-us/" target="_blank" rel="noreferrer noopener">Schedule a no-obligation discovery call</a>&nbsp;with us to get started.</p>
<p>The post <a href="https://theserogroup.com/data-security/5-sql-server-security-priorities-every-bank-cio-must-address/">5 SQL Server Security Priorities Every Bank CIO Must Address</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">7535</post-id>	</item>
		<item>
		<title>Five Ways to Protect Your SQL Server from Cybersecurity Threats</title>
		<link>https://theserogroup.com/data-security/five-ways-to-protect-your-sql-server-from-cybersecurity-threats/</link>
					<comments>https://theserogroup.com/data-security/five-ways-to-protect-your-sql-server-from-cybersecurity-threats/#comments</comments>
		
		<dc:creator><![CDATA[Joe Webb]]></dc:creator>
		<pubDate>Wed, 02 Apr 2025 12:00:35 +0000</pubDate>
				<category><![CDATA[Data Security]]></category>
		<category><![CDATA[Database]]></category>
		<category><![CDATA[Database Administration]]></category>
		<category><![CDATA[IT Manager]]></category>
		<category><![CDATA[SQL]]></category>
		<category><![CDATA[SQL Security]]></category>
		<category><![CDATA[SQL Server]]></category>
		<category><![CDATA[SQL Server Management]]></category>
		<guid isPermaLink="false">https://theserogroup.com/?p=7294</guid>

					<description><![CDATA[<p>Microsoft SQL Server is mission-critical for many organizations, storing customer data, financial records, and essential business operations. That makes it a prime target for cybercriminals. SQL Server faces serious risks—from insider threats to ransomware—that can lead to data breaches and business disruptions. If your organization relies on SQL Server, you can’t afford to take its&#8230; <br /> <a class="read-more" href="https://theserogroup.com/data-security/five-ways-to-protect-your-sql-server-from-cybersecurity-threats/">Read more</a></p>
<p>The post <a href="https://theserogroup.com/data-security/five-ways-to-protect-your-sql-server-from-cybersecurity-threats/">Five Ways to Protect Your SQL Server from Cybersecurity Threats</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">Microsoft SQL Server is mission-critical for many organizations, storing customer data, financial records, and essential business operations. That makes it a prime target for cybercriminals. SQL Server faces serious risks—from insider threats to ransomware—that can lead to data breaches and business disruptions.</p>



<p class="wp-block-paragraph">If your organization relies on SQL Server, you can’t afford to take its security for granted. This post outlines key strategies to secure your SQL Server and strengthen your organization’s overall data protection efforts.</p>



<h3 class="wp-block-heading" id="h-1-harden-your-sql-server-configuration">1. Harden Your SQL Server Configuration</h3>



<p class="wp-block-paragraph">Out-of-the-box installations of SQL Server aren’t secure by default. Misconfigured servers are one of the top causes of successful cyberattacks, and even small oversights—like unnecessary enabled features or open ports—can provide a foothold for attackers.</p>



<p class="wp-block-paragraph">Start with a hardening baseline, such as the <a href="https://www.cisecurity.org/benchmark/microsoft_sql_server" target="_blank" rel="noreferrer noopener">CIS® Benchmarks™ for SQL Server</a>. These community-developed best practices provide a comprehensive checklist for reducing risk—from setting appropriate authentication requirements to disabling unused services and ensuring proper auditing configurations.</p>



<p class="wp-block-paragraph">Many organizations are surprised by how many of their SQL Server settings fall short of these benchmarks. Evaluating against their standard is a low-cost, high-impact step toward improving your security posture.</p>



<h3 class="wp-block-heading" id="h-2-keep-patches-and-updates-current">2. Keep Patches and Updates Current</h3>



<p class="wp-block-paragraph"><a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates#latest-updates-available-for-currently-supported-versions-of-sql-server" target="_blank" rel="noreferrer noopener">SQL Server patches and cumulative updates</a> don’t just include performance improvements—they also fix known vulnerabilities that cybercriminals can exploit.</p>



<p class="wp-block-paragraph">Whether you&#8217;re running SQL Server on-premises or in the cloud, patch management needs to be part of your ongoing operations strategy. Implement a structured update process that includes:</p>



<ul class="wp-block-list">
<li>Testing patches in staging before production</li>



<li>Coordinating patch timing with other application dependencies</li>



<li>Automating patch notifications and scheduling when possible</li>
</ul>



<p class="wp-block-paragraph">Waiting too long to apply patches can leave you vulnerable for months, especially as exploits for known issues are often publicly available shortly after disclosure.</p>



<h3 class="wp-block-heading" id="h-3-implement-role-based-access-control-rbac">3. Implement Role-Based Access Control (RBAC)</h3>



<p class="wp-block-paragraph">Not everyone needs full access to everything. One of the simplest and most effective ways to reduce risk is limiting access privileges based on the principle of least privilege.</p>



<p class="wp-block-paragraph">Use role-based access control to ensure users only have access to the databases, objects, and actions necessary for their job. Avoid using sysadmin-level accounts unless absolutely necessary, and regularly audit permissions to identify over-provisioned users.</p>



<p class="wp-block-paragraph">In addition, always use Windows Authentication where possible. It integrates better with Active Directory policies and enables centralized password and identity management.</p>



<h3 class="wp-block-heading" id="h-4-monitor-and-audit-database-activity">4. Monitor and Audit Database Activity</h3>



<p class="wp-block-paragraph">Even well-configured SQL Server environments can be breached. That’s why real-time monitoring and auditing are critical for detecting threats early and responding quickly.</p>



<p class="wp-block-paragraph"><a href="https://learn.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-database-engine?view=sql-server-ver16" target="_blank" rel="noreferrer noopener">SQL Server’s built-in audit features</a> allow you to track logins, permission changes, data access, and schema modifications. This data can help identify unusual patterns that may indicate a compromised account or insider threat.</p>



<p class="wp-block-paragraph"><a href="https://theserogroup.com/data-security/5-reasons-you-should-use-sql-audit-to-enhance-database-security/" target="_blank" rel="noreferrer noopener">In our blog post on SQL audit features</a>, we highlighted how auditing can deter malicious activity, support compliance efforts, and provide vital information during forensic investigations.</p>



<p class="wp-block-paragraph">For enhanced protection, consider integrating audit logs with a <a href="https://www.microsoft.com/en-us/security/business/security-101/what-is-siem" target="_blank" rel="noreferrer noopener">Security Information and Event Management (SIEM)</a> platform for centralized monitoring and alerting.</p>



<h3 class="wp-block-heading" id="h-5-protect-against-ransomware-and-data-exfiltration">5. Protect Against Ransomware and Data Exfiltration</h3>



<p class="wp-block-paragraph">Ransomware attacks against database systems are becoming more sophisticated—and more costly. In addition to encrypting your data, some threat actors now exfiltrate data and threaten public leaks if a ransom isn’t paid.</p>



<p class="wp-block-paragraph">To protect your SQL Server:</p>



<ul class="wp-block-list">
<li>Segment your network to prevent lateral movement</li>



<li>Regularly back up your databases and test your recovery process</li>



<li>Encrypt sensitive data both at rest and in transit</li>



<li>Use endpoint protection and file integrity monitoring tools</li>
</ul>



<p class="wp-block-paragraph">Don’t forget physical security too—especially if you host SQL Server on-premises. Server room access should be restricted, monitored, and logged.</p>



<h3 class="wp-block-heading" id="h-need-help-securing-your-sql-servers">Need Help Securing Your SQL Servers?</h3>



<p class="wp-block-paragraph">SQL Server security is a constantly evolving challenge—and it’s easy to miss critical vulnerabilities when you’re focused on daily operations.</p>



<p class="wp-block-paragraph">At The SERO Group, we specialize in helping organizations like yours secure their SQL Server environments, identify weaknesses, and stay ahead of threats. Whether you need a comprehensive <a href="https://theserogroup.com/sql-server-cis-benchmarks-assessment/" target="_blank" rel="noreferrer noopener">SQL Server CIS® Benchmarks™ Assessment</a> or <a href="https://theserogroup.com/download-self-assessment/" target="_blank" rel="noreferrer noopener">want to take our free SQL Server Security Self-Assessment</a> to get started, we’re here to help.</p>



<p class="wp-block-paragraph">Let’s work together to protect your data and build a more secure SQL Server environment. <a href="https://theserogroup.com/contact-us/" target="_blank" rel="noreferrer noopener">Contact us</a> today to learn more.</p>
<p>The post <a href="https://theserogroup.com/data-security/five-ways-to-protect-your-sql-server-from-cybersecurity-threats/">Five Ways to Protect Your SQL Server from Cybersecurity Threats</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://theserogroup.com/data-security/five-ways-to-protect-your-sql-server-from-cybersecurity-threats/feed/</wfw:commentRss>
			<slash:comments>70</slash:comments>
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">7294</post-id>	</item>
		<item>
		<title>Farewell, CAT: FFIEC Cybersecurity Tool Will Sunset This August</title>
		<link>https://theserogroup.com/data-security/ffiec-cybersecurity-tool-scheduled-to-sunset-in-august-2025/</link>
		
		<dc:creator><![CDATA[Joe Webb]]></dc:creator>
		<pubDate>Wed, 05 Mar 2025 13:00:00 +0000</pubDate>
				<category><![CDATA[Data Security]]></category>
		<category><![CDATA[Database]]></category>
		<category><![CDATA[Database Administration]]></category>
		<category><![CDATA[IT Manager]]></category>
		<category><![CDATA[SQL]]></category>
		<category><![CDATA[SQL Security]]></category>
		<category><![CDATA[SQL Server]]></category>
		<category><![CDATA[SQL Server Management]]></category>
		<guid isPermaLink="false">https://theserogroup.com/?p=7110</guid>

					<description><![CDATA[<p>Banks&#8217; Replacement Options for the FFIEC CAT Since 2015, the FFIEC CAT has helped financial institutions assess cybersecurity risks and maturity levels. However, the FFIEC recently announced that the CAT will sunset on August 31, 2025. Now, banks must determine the best alternative to ensure continued compliance and security. The FDIC’s official announcement encourages institutions&#8230; <br /> <a class="read-more" href="https://theserogroup.com/data-security/ffiec-cybersecurity-tool-scheduled-to-sunset-in-august-2025/">Read more</a></p>
<p>The post <a href="https://theserogroup.com/data-security/ffiec-cybersecurity-tool-scheduled-to-sunset-in-august-2025/">Farewell, CAT: FFIEC Cybersecurity Tool Will Sunset This August</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<h2 class="wp-block-heading" id="h-banks-replacement-options-for-the-ffiec-cat">Banks&#8217; Replacement Options for the FFIEC CAT</h2>



<p class="wp-block-paragraph">Since 2015, the FFIEC CAT has helped financial institutions assess cybersecurity risks and maturity levels. However, the <a href="https://www.ffiec.gov/press/an082924.htm" target="_blank" rel="noreferrer noopener">FFIEC recently announced that the CAT will sunset on August 31, 2025</a>. Now, banks must determine the best alternative to ensure continued compliance and security. The <a href="https://www.fdic.gov/news/financial-institution-letters/2024/sunset-ffiec-cybersecurity-assessment-tool" target="_blank" rel="noreferrer noopener">FDIC’s official announcement</a> encourages institutions to adopt a risk-based approach that aligns with broader industry standards. Yet, this shift leaves many banks searching for a practical, structured replacement that integrates seamlessly with financial IT environments.</p>



<h3 class="wp-block-heading" id="h-top-three-replacement-options-for-the-ffiec-cat">Top Three Replacement Options for the FFIEC CAT</h3>



<p class="wp-block-paragraph"><em>Read about each of the three best replacement options, or skip ahead to the next section to see our top recommendation. </em></p>



<h3 class="wp-block-heading" id="h-1-center-for-internet-security-cis-benchmarks">1. <a href="https://www.cisecurity.org/about-us" target="_blank" rel="noreferrer noopener">Center for Internet Security® (CIS®)</a> Benchmarks™</h3>



<p class="wp-block-paragraph"><a href="https://www.cisecurity.org/cis-benchmarks" target="_blank" rel="noreferrer noopener">CIS® Benchmarks™ provide security configuration recommendations</a> to help organizations safeguard their IT environments, <a href="https://www.cisecurity.org/benchmark/microsoft_sql_server" target="_blank" rel="noreferrer noopener">including Microsoft SQL Server</a>.</p>



<h4 class="wp-block-heading" id="h-benefits-of-cis-benchmarks">Benefits of CIS® Benchmarks™:</h4>



<ul class="wp-block-list">
<li><strong>Proactive Defense Against Cyber Threats</strong>: Financial institutions face growing threats, including ransomware, insider threats, and zero-day exploits. The CIS® Benchmarks™ offer security recommendations to help mitigate vulnerabilities before attackers can exploit them.</li>



<li><strong>Industry-Recognized Security Recommendations</strong>: Developed through a collaborative, expert-driven process, the CIS® Benchmarks™ align with global security frameworks and are widely adopted by organizations seeking to enhance their security posture.</li>



<li><strong>Microsoft SQL Server Security Hardening</strong>: The CIS® Microsoft SQL Server Benchmark™ includes detailed recommendations to help reduce attack surfaces, strengthen authentication, and enforce encryption—all essential for banks handling sensitive financial data.</li>



<li><strong>Specific Alignment with FFIEC Guidelines</strong> <strong>for Stronger Security:</strong> CIS® Benchmarks™ offer specific security recommendations tailored to IT infrastructure.</li>
</ul>



<h3 class="wp-block-heading" id="h-2-national-institute-of-standards-and-technology-nist-cybersecurity-framework-csf-2-0">2. National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0</h3>



<p class="wp-block-paragraph">The NIST CSF 2.0 is a widely recognized framework designed to help organizations manage cybersecurity risks using a flexible, risk-based approach.</p>



<h4 class="wp-block-heading" id="h-benefits-of-the-nist-csf-2-0">Benefits of the NIST CSF 2.0:</h4>



<ul class="wp-block-list">
<li><strong>High-Level Framework for Risk Management: </strong>The NIST CSF 2.0 is structured around six key functions: Govern, Identify, Protect, Detect, Respond, and Recover. These functions help banks develop a comprehensive cybersecurity strategy that aligns with regulatory expectations.</li>



<li><strong>Broad Application Across Industries: </strong>Unlike the FFIEC CAT, which was specifically designed for banks, the NIST CSF 2.0 applies across multiple industries.</li>
</ul>



<h3 class="wp-block-heading" id="h-3-financial-sector-cybersecurity-profile-fsp">3. Financial Sector Cybersecurity Profile (FSP)</h3>



<p class="wp-block-paragraph">Designed specifically for financial institutions, the FSP aligns with NIST CSF 2.0 and existing financial regulations to provide a banking-focused cybersecurity framework.</p>



<h4 class="wp-block-heading" id="h-benefits-of-the-fsp">Benefits of the FSP:</h4>



<ul class="wp-block-list">
<li><strong>Regulatory Compliance Simplification: </strong>The FSP integrates best practices from FFIEC, NIST, ISO, and other regulatory bodies, helping financial institutions map cybersecurity controls directly to compliance requirements.</li>



<li><strong>Scalability: </strong>Unlike one-size-fits-all models, the FSP provides tiered recommendations based on a bank’s size, complexity, and risk exposure. This makes it an effective, adaptable solution for financial institutions of all sizes.</li>
</ul>



<h3 class="wp-block-heading" id="h-why-cis-benchmarks-are-a-great-choice-for-banks">Why CIS® Benchmarks™ Are a Great Choice for Banks</h3>



<p class="wp-block-paragraph">Industry experts designed CIS® Benchmarks™ to provide prescriptive security recommendations for real-world threats. Unlike broad frameworks, CIS® Benchmarks™ offer actionable configuration guidance, making implementation and measurement easier. Financial institutions benefit from standardized security settings that align with industry regulations and best practices. By following CIS® Benchmarks™, banks proactively harden Microsoft SQL Server environments and reduce cybersecurity risks.</p>



<h3 class="wp-block-heading" id="h-how-to-implement-cis-benchmarks-in-your-cybersecurity-strategy">How to Implement CIS® Benchmarks™ in Your Cybersecurity Strategy</h3>



<p class="wp-block-paragraph">Here’s how financial institutions transitioning from the FFIEC CAT can leverage CIS® Benchmarks™:</p>



<ul class="wp-block-list">
<li><strong>Microsoft SQL Server CIS® Benchmarks™ Assessments: </strong>Regularly assess SQL Server configurations using CIS® Benchmark™ recommendations to help improve security and maintain compliance.</li>



<li><strong>Automate Compliance and Monitoring:</strong> Utilize security tools that support CIS® Benchmark™ assessments to monitor compliance and security configurations through automated processes.</li>



<li><strong>If Your Institution Already Has Access to NIST CSF 2.0</strong>, <strong>Get Specific Recommendations: </strong>Align risk assessments and security policies with the NIST CSF 2.0 while using CIS® Benchmarks™ for implementation guidance.</li>
</ul>



<h3 class="wp-block-heading" id="h-partnering-with-the-sero-group-for-a-secure-and-compliant-future">Partnering with The SERO Group for a Secure and Compliant Future</h3>



<p class="wp-block-paragraph">Looking for a structured cybersecurity approach because of the FFIEC CAT sunset? The SERO Group offers <a href="https://theserogroup.com/sql-server-cis-benchmarks-assessment/">assessments based on CIS® Benchmark™ recommendations</a> to help banks enhance security and maintain compliance. <a href="https://theserogroup.com/contact-us/" target="_blank" rel="noreferrer noopener">Schedule a no-obligation discovery call</a> with us today to learn more.</p>



<p class="wp-block-paragraph"></p>
<p>The post <a href="https://theserogroup.com/data-security/ffiec-cybersecurity-tool-scheduled-to-sunset-in-august-2025/">Farewell, CAT: FFIEC Cybersecurity Tool Will Sunset This August</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">7110</post-id>	</item>
		<item>
		<title>How to Encrypt Sensitive Text in SQL Server with ENCRYPTBYPASSPHRASE</title>
		<link>https://theserogroup.com/data-security/how-to-encrypt-sensitive-text-in-sql-server-with-encryptbypassphrase/</link>
		
		<dc:creator><![CDATA[Eric Cobb]]></dc:creator>
		<pubDate>Wed, 23 Oct 2024 12:00:00 +0000</pubDate>
				<category><![CDATA[Data Security]]></category>
		<category><![CDATA[Data Strategy]]></category>
		<category><![CDATA[DBA]]></category>
		<category><![CDATA[SQL Server]]></category>
		<category><![CDATA[Database]]></category>
		<category><![CDATA[Database Administration]]></category>
		<category><![CDATA[Database Development]]></category>
		<category><![CDATA[Script Library]]></category>
		<category><![CDATA[SQL]]></category>
		<category><![CDATA[SQL Security]]></category>
		<guid isPermaLink="false">https://theserogroup.com/?p=6786</guid>

					<description><![CDATA[<p>Storing sensitive information in a database, like passwords or social security numbers, is common practice. However, storing them securely is less common. Unfortunately, one of the most typical approaches is to store sensitive information in a table as clear text. That means that anyone with access to that table can see all of that sensitive&#8230; <br /> <a class="read-more" href="https://theserogroup.com/data-security/how-to-encrypt-sensitive-text-in-sql-server-with-encryptbypassphrase/">Read more</a></p>
<p>The post <a href="https://theserogroup.com/data-security/how-to-encrypt-sensitive-text-in-sql-server-with-encryptbypassphrase/">How to Encrypt Sensitive Text in SQL Server with ENCRYPTBYPASSPHRASE</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">Storing sensitive information in a database, like passwords or social security numbers, is common practice. However, storing them securely is less common. Unfortunately, one of the most typical approaches is to store sensitive information in a table as clear text. That means that anyone with access to that table can see all of that sensitive data.</p>



<p class="wp-block-paragraph">Just to be clear, storing sensitive information as a clear text string is a really, really,&nbsp;<em>really</em>&nbsp;bad idea.</p>



<p class="wp-block-paragraph">Not encrypting information in a database can cause serious problems. As just one example, if the database is compromised, all user passwords could be exposed. Data breaches are becoming more and more common. If the authorities come knocking on your door, you need to be able to show them that you at least made a concerned effort to protect that data.</p>



<h2 class="wp-block-heading" id="h-encrypting-text-that-will-need-to-be-decrypted">Encrypting text that will need to be decrypted</h2>



<p class="wp-block-paragraph">In some cases, you may be able to store your sensitive data as strongly encrypted text that will never need to be decrypted. For example, hashing a password used for your application login and then just comparing the hashed password for the login instead of the actual password. But, in most cases, being able to decrypt the sensitive data is going to be necessary.</p>



<p class="wp-block-paragraph">In these cases,  <a href="https://docs.microsoft.com/en-us/sql/t-sql/functions/encryptbypassphrase-transact-sql" target="_blank" rel="noreferrer noopener">ENCRYPTBYPASSPHRASE</a> (available in SQL Server 2008 and up) offers one of the simplest ways for you to encrypt sensitive information in a way that can also be decrypted (by using <a href="https://docs.microsoft.com/en-us/sql/t-sql/functions/decryptbypassphrase-transact-sql" target="_blank" rel="noreferrer noopener">DECRYPTBYPASSPHRASE</a>). At its very basic, ENCRYPTBYPASSPHRASE requires two mandatory arguments: a passphrase used to generate the encryption key and the text to be encrypted.  Notice that it specifies a pass<strong><em>phrase</em></strong>, not pass<strong><em>word</em></strong>. There is an important difference between these two.</p>



<h2 class="wp-block-heading" id="h-a-passphrase-vs-a-password">A passphrase vs. a password</h2>



<p class="wp-block-paragraph">As described in the ENCRYPTBYPASSPHRASE documentation:&nbsp;</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>A passphrase is a password that includes spaces. The advantage of using a passphrase is that it is easier to remember a meaningful phrase or sentence than to remember a comparably long string of characters.</em></p>
</blockquote>
</blockquote>



<p class="wp-block-paragraph">Many people don’t realize that you can use a space as a legitimate special character in most passwords. By doing this, you can generate a much more secure password sentence (or phrase) instead of a single word. An example of a passphrase may be something like “I forgot my password!”</p>



<p class="wp-block-paragraph">Just to be clear, a space is <strong><em>not </em></strong>required in your passphrase for ENCRYPTBYPASSPHRASE. If you wanted to use a GUID for your passphrase or a random string such as “Zgt9$Ex%*unZO8Z},” that is perfectly acceptable.</p>



<h2 class="wp-block-heading" id="h-using-nbsp-encryptbypassphrase">Using&nbsp;ENCRYPTBYPASSPHRASE</h2>



<p class="wp-block-paragraph">For the examples in this post, I am going to use the encryption passphrase “This is my Passphrase!”, and the text to be encrypted is “ABC123”.</p>



<p class="wp-block-paragraph">The basic syntax is:<br>ENCRYPTBYPASSPHRASE(‘encryption passphrase’, ‘text to encrypt’)</p>



<p class="wp-block-paragraph">There are other arguments that can be used with&nbsp;ENCRYPTBYPASSPHRASE (see&nbsp;<a href="https://docs.microsoft.com/en-us/sql/t-sql/functions/encryptbypassphrase-transact-sql" target="_blank" rel="noreferrer noopener">MSDN Doc</a>), but for this simple example we are just using the&nbsp;two mandatory arguments.</p>



<p class="wp-block-paragraph">To view the encrypted value of the text “ABC123”, you would use this script:</p>



<pre class="wp-block-code"><code>SELECT ENCRYPTBYPASSPHRASE(N'This is my Passphrase!', N'ABC123');</code></pre>



<p class="wp-block-paragraph">That SELECT statement will return a&nbsp;VARBINARY value such as:&nbsp;<em>0x0100000093EEC20B790EF208B1FB631F0AB3028E3A8C196643C4BD578528A0DFAE7AB45B</em></p>



<p class="wp-block-paragraph">It is important to note that the VARBINARY value returned from ENCRYPTBYPASSPHRASE is <a href="https://en.wikipedia.org/wiki/Nondeterministic_algorithm" target="_blank" rel="noreferrer noopener">nondeterministic</a>, meaning that even with the same input it will not generate the same output every time.  So you can run the exact same SELECT statement multiple times and get a different result each time.</p>



<p class="wp-block-paragraph">Thankfully, this output has no bearing on using the DECRYPTBYPASSPHRASE function. As long as you have the correct passphrase, DECRYPTBYPASSPHRASE will successfully decrypt any of those VARBINARY results to their original value.</p>



<h2 class="wp-block-heading" id="h-storing-an-encrypted-value-in-a-table">Storing an encrypted value in a table</h2>



<p class="wp-block-paragraph">Now that we know how to encrypt a sensitive text string, let’s take a look at how to store that encrypted value in a table. &nbsp;Since the value returned from&nbsp;ENCRYPTBYPASSPHRASE is a&nbsp;VARBINARY data type, that is how we want to store it since this is also the data type required by DECRYPTBYPASSPHRASE.</p>



<p class="wp-block-paragraph">The first thing we need to do is determine the size of our encrypted column in our table. The VARBINARY values returned by ENCRYPTBYPASSPHRASE can vary in size, with maximum size of 8,000 bytes. The size of the returned value is going to depend on the size of the actual text being encrypted. You can use the <a href="https://docs.microsoft.com/en-us/sql/t-sql/functions/datalength-transact-sql" target="_blank" rel="noreferrer noopener">DATALENGTH</a> function to help figure that out. If you have a way to control the maximum allowed length of the sensitive text value you want to encrypt, use that size for your table column, but try not to use VARBINARY(8000) if you don’t have to.</p>



<p class="wp-block-paragraph">Here is a simple example of storing our encrypted text in the [Password] column of a table:</p>



<pre class="wp-block-code"><code>CREATE TABLE dbo.Users (&#91;UserName] VARCHAR(50), &#91;Password] VARBINARY(50))
 
INSERT INTO dbo.Users (&#91;UserName], &#91;Password])
VALUES ('Charlie Brown', ENCRYPTBYPASSPHRASE(N'This is my Passphrase!', N'ABC123'))
 
SELECT &#91;UserName], &#91;Password]
FROM dbo.Users</code></pre>



<h2 class="wp-block-heading" id="h-using-decryptbypassphrase">Using DECRYPTBYPASSPHRASE</h2>



<p class="wp-block-paragraph">Now that we have our sensitive text encrypted, we need to be able to decrypt it as well. &nbsp;This is easily done by using the&nbsp;DECRYPTBYPASSPHRASE function with the same passphrase we encrypted our text string with. However, DECRYPTBYPASSPHRASE also returns a VARBINARY value, which we will have to convert to a string. &nbsp;This can be done by adding a CONVERT function to our SELECT statement.</p>



<pre class="wp-block-code"><code>SELECT &#91;UserName], CONVERT(NVARCHAR, DECRYPTBYPASSPHRASE(N'This is my Passphrase!', &#91;Password]))
FROM dbo.Users</code></pre>



<p class="wp-block-paragraph">Now you should see your decrypted value returned correctly in clear text. ENCRYPTBYPASSPHRASE offers a quick and easy way for you to encrypt text in SQL Server and can be useful for encrypting sensitive information if you need to be able to decrypt it later. </p>



<h2 class="wp-block-heading" id="h-want-to-work-with-the-sero-group">Want to work with The SERO Group?</h2>



<p class="wp-block-paragraph">Want to learn more about how The SERO Group helps organizations take the guesswork out of managing their SQL Servers? <a href="https://theserogroup.com/contact-us/" target="_blank" rel="noreferrer noopener">Schedule a no-obligation discovery call</a>&nbsp;with us to get started.</p>
<p>The post <a href="https://theserogroup.com/data-security/how-to-encrypt-sensitive-text-in-sql-server-with-encryptbypassphrase/">How to Encrypt Sensitive Text in SQL Server with ENCRYPTBYPASSPHRASE</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">6786</post-id>	</item>
		<item>
		<title>Audit-Ready SQL Servers: The Complete Game Plan</title>
		<link>https://theserogroup.com/data-security/audit-ready-sql-servers/</link>
		
		<dc:creator><![CDATA[Joe Webb]]></dc:creator>
		<pubDate>Wed, 11 Sep 2024 12:00:00 +0000</pubDate>
				<category><![CDATA[Data Security]]></category>
		<category><![CDATA[Database]]></category>
		<category><![CDATA[Database Administration]]></category>
		<category><![CDATA[IT Manager]]></category>
		<category><![CDATA[SQL]]></category>
		<category><![CDATA[SQL Audit]]></category>
		<category><![CDATA[SQL Security]]></category>
		<category><![CDATA[SQL Server]]></category>
		<category><![CDATA[SQL Server Management]]></category>
		<guid isPermaLink="false">https://theserogroup.com/?p=6504</guid>

					<description><![CDATA[<p>As an IT leader in a heavily regulated sector such as finance or healthcare, you&#8217;re no stranger to audits. They&#8217;re a critical part of ensuring compliance with regulations like the Sarbanes-Oxley Act (SOX), the Gramm-Leach-Bliley Act (GLBA), the PCS Security Standards Council (PCI DSS), and the Health Insurance Portability and Accountability Act (HIPAA). Still, audits&#8230; <br /> <a class="read-more" href="https://theserogroup.com/data-security/audit-ready-sql-servers/">Read more</a></p>
<p>The post <a href="https://theserogroup.com/data-security/audit-ready-sql-servers/">Audit-Ready SQL Servers: The Complete Game Plan</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">As an IT leader in a heavily regulated sector such as finance or healthcare, you&#8217;re no stranger to audits. They&#8217;re a critical part of ensuring compliance with regulations like the Sarbanes-Oxley Act (<a href="https://www.congress.gov/bill/107th-congress/house-bill/3763" target="_blank" rel="noreferrer noopener">SOX)</a>, the Gramm-Leach-Bliley Act (<a href="https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act" target="_blank" rel="noreferrer noopener">GLBA</a>), the PCS Security Standards Council (<a href="https://listings.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf" target="_blank" rel="noreferrer noopener">PCI DSS</a>), and the Health Insurance Portability and Accountability Act (<a href="https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html" target="_blank" rel="noreferrer noopener">HIPAA</a>). Still, audits can be stressful. With some careful preparation, you can reduce your stress levels and keep your SQL Servers prepared for an audit.</p>



<h2 class="wp-block-heading" id="h-6-steps-to-ensure-sql-server-compliance-and-pass-your-next-audit">6 steps to ensure SQL Server compliance and pass your next audit</h2>



<p class="wp-block-paragraph">Let&#8217;s look at 6 key steps to get your SQL Servers audit-ready.</p>



<h3 class="wp-block-heading" id="h-1-document-your-sql-server-environment">1. Document your SQL Server environment.</h3>



<p class="wp-block-paragraph">First things first: document your SQL Server estate. Create a comprehensive inventory of all your SQL Server instances. Include your production instances as well as your lower-level systems—dev, test, QA, demo, etc.&nbsp;</p>



<p class="wp-block-paragraph">But this isn&#8217;t just a list of SQL Servers; it&#8217;s your roadmap. Map out which databases correspond to which business applications. Even better, document your server configurations and security settings.&nbsp;</p>



<p class="wp-block-paragraph">When auditors come, you&#8217;ll have a clear, bird&#8217;s-eye view of your entire environment.</p>



<h3 class="wp-block-heading" id="h-2-review-and-tighten-access-controls">2. Review and tighten access controls.</h3>



<p class="wp-block-paragraph">Security is paramount in finance and healthcare. Therefore, auditors will want to review your SQL Server&#8217;s security measures. </p>



<p class="wp-block-paragraph">Implement the principle of least privilege across your SQL Servers. This means giving users only the access they need. Audit your user accounts and permissions regularly. Are there any lingering accounts from former employees? How many people have elevated permissions? Are passwords hardcoded into configuration files or connection strings? </p>



<h3 class="wp-block-heading" id="h-3-implement-robust-logging-and-monitoring">3. Implement robust logging and monitoring.</h3>



<p class="wp-block-paragraph">You&#8217;ll want to know when permissions have been changed. Was someone recently given elevated permissions? You&#8217;ll want to know that. Did someone leave the company? You&#8217;ll want to track when their access was removed from the SQL Server or database. </p>



<p class="wp-block-paragraph">SQL Audit can help with this. It can capture changes to your key system&#8217;s security role membership, who added or removed a user from a server or database role, when they did it, etc. But you&#8217;ll have to enable and configure SQL Audit before you need it. It&#8217;s not enabled by default.</p>



<p class="wp-block-paragraph">You&#8217;ll also want to review your SQL Server logs regularly and establish a log retention policy that complies with your industry regulations.</p>



<h3 class="wp-block-heading" id="h-4-ensure-data-encryption">4. Ensure data encryption.</h3>



<p class="wp-block-paragraph">If you have data that you want to keep private, implement Transparent Data Encryption (TDE) to protect your data at rest. Encryption is equally crucial for data in transit. </p>



<p class="wp-block-paragraph">Additionally, you&#8217;ll want to encrypt your SQL Server backups. If a breach happens and backup files are stolen, the bad actors won&#8217;t be able to access them without the key.</p>



<p class="wp-block-paragraph">Remember, your encryption is only as good as your key management—keep those keys secure and well-managed.</p>



<h3 class="wp-block-heading" id="h-5-maintain-patch-management-records">5. Maintain patch management records.</h3>



<p class="wp-block-paragraph">Establish a regular patching schedule. Many companies have a monthly maintenance window. When a new update is released, it&#8217;s first deployed to a lower-level system, such as a test. Once vetted there, it can be deployed to the production environment.</p>



<p class="wp-block-paragraph">We always read the release notes for each update to determine if it includes a critical security patch that should be deployed ahead of schedule. If so, we work with our clients to get the update before the Change Advisory Board (CAB) to review, approve, and deconflict the patch before the next maintenance window.</p>



<p class="wp-block-paragraph">Document your patching process and implementation dates. This will show auditors that you&#8217;re proactive about security and system maintenance.</p>



<h3 class="wp-block-heading" id="h-6-conduct-internal-pre-audit-assessments">6. Conduct internal pre-audit assessments.</h3>



<p class="wp-block-paragraph">Start preparing for an audit in advance by documenting the processes you&#8217;re already following, such as:</p>



<ul class="wp-block-list">
<li>Performing regular vulnerability scans on your SQL Servers. </li>



<li>Restoring backups to ensure they meet your company&#8217;s Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs). </li>



<li>Testing and refining your Disaster Recovery plan. </li>
</ul>



<p class="wp-block-paragraph">When you can show auditors that you&#8217;ve already identified and addressed potential issues, you demonstrate a proactive approach to compliance.</p>



<h2 class="wp-block-heading" id="h-stay-audit-ready-with-proactive-maintenance">Stay audit-ready with proactive maintenance.</h2>



<p class="wp-block-paragraph">Preparing for an audit isn&#8217;t fun, but it doesn&#8217;t have to be a nightmare. The key is ongoing maintenance and dedication. Don&#8217;t think of audit preparation as a one-time event; consider it an ongoing process that keeps your SQL Servers secure, compliant, and performing at their best.</p>



<p class="wp-block-paragraph">Ready to take the next step? Conduct a mock audit to gauge your readiness, and consider enlisting SQL Server experts for support. Your SQL Servers—and your peace of mind—are worth it.</p>



<h2 class="wp-block-heading" id="h-want-expert-help-preparing-for-your-next-audit">Want expert help preparing for your next audit?</h2>



<p class="wp-block-paragraph">To learn more about how The SERO Group helps organizations stay audit-ready, <a href="https://theserogroup.com/contact-us/" target="_blank" rel="noreferrer noopener">schedule a no-obligation discovery call</a>.</p>
<p>The post <a href="https://theserogroup.com/data-security/audit-ready-sql-servers/">Audit-Ready SQL Servers: The Complete Game Plan</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">6504</post-id>	</item>
		<item>
		<title>Reducing Business Risks for a SQL Server Estate</title>
		<link>https://theserogroup.com/data-security/reducing-business-risks-for-a-sql-server-estate/</link>
		
		<dc:creator><![CDATA[Joe Webb]]></dc:creator>
		<pubDate>Wed, 04 Sep 2024 12:00:00 +0000</pubDate>
				<category><![CDATA[Data Security]]></category>
		<category><![CDATA[Database]]></category>
		<category><![CDATA[Database Administration]]></category>
		<category><![CDATA[Database Development]]></category>
		<category><![CDATA[IT Manager]]></category>
		<category><![CDATA[Microsoft Azure]]></category>
		<category><![CDATA[Script Library]]></category>
		<category><![CDATA[Sero]]></category>
		<category><![CDATA[Sero Group]]></category>
		<category><![CDATA[Serogroup]]></category>
		<category><![CDATA[SQL]]></category>
		<category><![CDATA[SQL Assessment]]></category>
		<category><![CDATA[SQL Audit]]></category>
		<category><![CDATA[SQL Events]]></category>
		<category><![CDATA[SQL Security]]></category>
		<category><![CDATA[SQL Server]]></category>
		<category><![CDATA[SQL Server Consultant]]></category>
		<category><![CDATA[SQL Server Management]]></category>
		<category><![CDATA[The Sero Group]]></category>
		<guid isPermaLink="false">https://theserogroup.com/?p=6489</guid>

					<description><![CDATA[<p>Your SQL Servers are the backbone of your company&#8217;s data operations. They power critical applications and store valuable information. They enable financial decisions, undergird operational activities, and support your sales processes. But what happens if there&#8217;s a problem? What happens when data is lost or corrupted? Or if one of your key systems is down&#8230; <br /> <a class="read-more" href="https://theserogroup.com/data-security/reducing-business-risks-for-a-sql-server-estate/">Read more</a></p>
<p>The post <a href="https://theserogroup.com/data-security/reducing-business-risks-for-a-sql-server-estate/">Reducing Business Risks for a SQL Server Estate</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">Your SQL Servers are the backbone of your company&#8217;s data operations. They power critical applications and store valuable information. They enable financial decisions, undergird operational activities, and support your sales processes. But what happens if there&#8217;s a problem? What happens when data is lost or corrupted? Or if one of your key systems is down for an hour? A day? A week? These issues can create a significant business risk for a SQL Server estate, a risk that you must figure out how to mitigate.</p>



<p class="wp-block-paragraph">Let&#8217;s dive into some of the major risks you might face while managing your SQL Server estate. We&#8217;ll also explore some practical ways to mitigate those risks and keep your SQL Server estate running smoothly and securely.</p>



<h2 class="wp-block-heading" id="h-six-common-business-risks-in-a-sql-server-estate">Six Common Business Risks in a SQL Server Estate</h2>



<h3 class="wp-block-heading" id="h-risk-1-data-breaches">Risk 1: Data Breaches</h3>



<p class="wp-block-paragraph">Data breaches are an obvious and constant threat. Hardly a day goes by without a security incident or data breach making the news. A single successful attack can expose sensitive information, damage your company&#8217;s reputation, and lead to hefty fines or lawsuits.</p>



<p class="wp-block-paragraph">Securing your SQL Server estate is essential, and securing the perimeter is not enough. The best security is multi-layered. </p>



<p class="wp-block-paragraph">To fortify your SQL Server defenses:</p>



<ul class="wp-block-list">
<li>Implement strong access controls and use multi-factor authentication.</li>



<li>Regularly update and patch your SQL Server instances.</li>



<li>Encrypt sensitive data both at rest and in transit.</li>



<li>Conduct regular security audits to identify and address vulnerabilities.</li>



<li>Train your teams on security best practices and the importance of data protection.</li>
</ul>



<h3 class="wp-block-heading" id="h-risk-2-disaster-recovery">Risk 2: Disaster Recovery</h3>



<p class="wp-block-paragraph">Disasters happen. Sometimes large-scale events like a tornado, flood, or a disruption to your cloud provider&#8217;s region may affect your business. Sometimes disasters are more localized, like a hypervisor or operating system crash.</p>



<p class="wp-block-paragraph"> Regardless, without access to your data, operations can be significantly hampered or even completely offline. So, being prepared to quickly recover from such events is crucial for business continuity.</p>



<p class="wp-block-paragraph">To improve your disaster recovery readiness:</p>



<ul class="wp-block-list">
<li>Develop and regularly update a comprehensive disaster recovery plan.</li>



<li>Regularly test your disaster recovery procedures to identify and address any weaknesses.</li>



<li>Consider cloud-based disaster recovery solutions for added flexibility and reliability.</li>



<li>Ensure your team is well-trained on disaster recovery procedures and their individual roles.</li>



<li>Implement high availability solutions like clustering or Always On Availability Groups.</li>
</ul>



<h3 class="wp-block-heading" id="h-risk-3-data-loss-and-corruption">Risk 3: Data Loss and Corruption</h3>



<p class="wp-block-paragraph">A common misconception is that data loss or corruption isn&#8217;t really an issue anymore. It is. </p>



<p class="wp-block-paragraph">Database corruption can still happen. Users with higher levels of access can still accidentally delete needed data. And bad actors can still gain access to key systems and encrypt everything. And the results can be painful. </p>



<p class="wp-block-paragraph">To protect your valuable data:</p>



<ul class="wp-block-list">
<li>Implement a robust backup strategy with regular backups stored securely off-site.</li>



<li>Test your backups regularly to ensure they can be successfully restored.</li>



<li>Implement change tracking and auditing to quickly identify and rectify data issues.</li>



<li>Educate users about the importance of data integrity and proper data handling procedures.</li>



<li>Use log shipping or Always On Availability Groups for critical databases.</li>
</ul>



<h3 class="wp-block-heading" id="h-risk-4-compliance-and-regulatory-issues">Risk 4: Compliance and Regulatory Issues</h3>



<p class="wp-block-paragraph">Who has elevated permissions to your SQL Server estate? You&#8217;ll want to know and review that list regularly. When were users created and given access? When was the access removed? These are good questions to ask and answer, but that may not be enough.</p>



<p class="wp-block-paragraph">If your company operates in a regulated industry or geographical location, you may be subject to regulatory requirements such as <a href="https://gdpr.eu/" target="_blank" rel="noreferrer noopener">GDPR</a>, <a href="https://www.oag.ca.gov/privacy/ccpa" target="_blank" rel="noreferrer noopener">CCPA</a>, <a href="https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html" target="_blank" rel="noreferrer noopener">HIPAA</a>, and others. Ensuring your SQL Server estate complies with relevant laws is crucial. Non-compliance can result in significant fines and legal headaches.</p>



<p class="wp-block-paragraph">To navigate the complex world of data regulations:</p>



<ul class="wp-block-list">
<li>Stay informed about regulations that apply to your industry and data types.</li>



<li>Implement data masking and row-level security to protect sensitive information.</li>



<li>Cleanse data that is copied to lower-level systems such as dev, test, and QA.</li>



<li>Regularly audit your compliance efforts and maintain detailed documentation.</li>



<li>Use SQL Server&#8217;s built-in compliance features, such as Transparent Data Encryption and SQL Audit.</li>



<li>Consider working with compliance experts to ensure you&#8217;re meeting all requirements.</li>
</ul>



<h3 class="wp-block-heading" id="h-risk-5-performance-issues">Risk 5: Performance Issues</h3>



<p class="wp-block-paragraph">Poorly performing SQL Servers are more than just an annoying inconvenience. They can frustrate users, drive away customers, and affect your company&#8217;s bottom line. As the amount of data in your SQL Server estate grows, maintaining optimal performance becomes increasingly challenging.</p>



<p class="wp-block-paragraph">To keep your SQL Servers running at top speed:</p>



<ul class="wp-block-list">
<li>Create a performance baseline.</li>



<li>Regularly monitor performance metrics to identify bottlenecks.</li>



<li>Optimize queries and indexing strategies.</li>



<li>Implement proper capacity planning and scaling.</li>



<li>Consider upgrading hardware or moving to cloud-based solutions when necessary.</li>
</ul>



<h3 class="wp-block-heading" id="h-risk-6-talent-shortage">Risk 6: Talent Shortage</h3>



<p class="wp-block-paragraph">SQL Server is a robust and reliable database platform. However, to achieve peak performance, reliability, and security, it must be regularly maintained. However, finding, recruiting, and retaining skilled SQL Server professionals can be a significant (and expensive) challenge.</p>



<p class="wp-block-paragraph">To address this talent risk internally:</p>



<ul class="wp-block-list">
<li>Invest in ongoing training and professional development for your existing team.</li>



<li>Create a positive work environment that encourages growth and job satisfaction.</li>



<li>Offer competitive compensation and benefits packages to attract and retain top talent.</li>



<li>Utilize managed services or cloud solutions to supplement your in-house expertise.</li>



<li>If you rely on an Accidental DBA, provide them with the resources needed to succeed.</li>
</ul>



<h2 class="wp-block-heading" id="h-managing-your-sql-server-estate">Managing Your SQL Server Estate</h2>



<p class="wp-block-paragraph">Managing a SQL Server estate is no small feat, but with the right strategies and precautions, you can significantly reduce your risks and keep your data operations running smoothly. Remember, it&#8217;s not about eliminating all risks – that&#8217;s nearly impossible. Instead, focus on identifying, understanding, and mitigating these risks to the best of your ability.</p>



<p class="wp-block-paragraph">Remember, you&#8217;re not alone in this journey. Don&#8217;t hesitate to leverage external expertise when needed, whether it&#8217;s for specialized tasks, security audits, or strategic planning. With the right approach and resources, you can turn these challenges into opportunities to showcase the true value of a well-managed SQL Server environment.</p>



<h2 class="wp-block-heading" id="h-want-to-work-with-the-sero-group">Want to work with The SERO Group?</h2>



<p class="wp-block-paragraph">Want to learn more about how The SERO Group helps organizations manage their SQL Server estates? <a href="https://theserogroup.com/contact-us/" target="_blank" rel="noreferrer noopener">Schedule a no-obligation discovery call</a>. </p>
<p>The post <a href="https://theserogroup.com/data-security/reducing-business-risks-for-a-sql-server-estate/">Reducing Business Risks for a SQL Server Estate</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">6489</post-id>	</item>
		<item>
		<title>New Year Resolution: Recommitting to Data Security and Lessons from the Xfinity Breach</title>
		<link>https://theserogroup.com/data-security/new-year-resolution-recommitting-to-data-security-and-lessons-from-the-xfinity-breach/</link>
		
		<dc:creator><![CDATA[Joe Webb]]></dc:creator>
		<pubDate>Wed, 03 Jan 2024 16:06:50 +0000</pubDate>
				<category><![CDATA[Data Security]]></category>
		<category><![CDATA[Database Administration]]></category>
		<category><![CDATA[Database Development]]></category>
		<category><![CDATA[IT Manager]]></category>
		<category><![CDATA[Microsoft Azure]]></category>
		<category><![CDATA[Script Library]]></category>
		<category><![CDATA[Sero]]></category>
		<category><![CDATA[Sero Group]]></category>
		<category><![CDATA[Serogroup]]></category>
		<category><![CDATA[Shared Disks]]></category>
		<category><![CDATA[SQL]]></category>
		<category><![CDATA[SQL Assessment]]></category>
		<category><![CDATA[SQL Audit]]></category>
		<category><![CDATA[SQL Consultant]]></category>
		<category><![CDATA[SQL Security]]></category>
		<category><![CDATA[SQL Server]]></category>
		<category><![CDATA[SQL Server Consultant]]></category>
		<category><![CDATA[SQL Server Management]]></category>
		<category><![CDATA[The Sero Group]]></category>
		<guid isPermaLink="false">https://theserogroup.com/?p=5633</guid>

					<description><![CDATA[<p>As we ring in 2024, many are reflecting on the past year and making resolutions for the future. For businesses, one resolution should stand out: recommitting to data security. The late-2023 Xfinity breach, where 36 million customers had their personal information compromised, serves as a stark reminder of the ever-present threat of cyberattacks. What happened?&#8230; <br /> <a class="read-more" href="https://theserogroup.com/data-security/new-year-resolution-recommitting-to-data-security-and-lessons-from-the-xfinity-breach/">Read more</a></p>
<p>The post <a href="https://theserogroup.com/data-security/new-year-resolution-recommitting-to-data-security-and-lessons-from-the-xfinity-breach/">New Year Resolution: Recommitting to Data Security and Lessons from the Xfinity Breach</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">As we ring in 2024, many are reflecting on the past year and making resolutions for the future. For businesses, one resolution should stand out: recommitting to data security. </p>



<p class="wp-block-paragraph"><a href="http://recommitting to data securityhttps://www.cbsnews.com/news/xfinity-hack-customers-usernames-passwords/?ftag=CNM-00-10aab7e&amp;linkId=256145231" target="_blank" rel="noreferrer noopener">The late-2023 Xfinity breach</a>, where 36 million customers had their personal information compromised, serves as a stark reminder of the ever-present threat of cyberattacks. </p>



<h2 class="wp-block-heading" id="h-what-happened">What happened?</h2>



<p class="wp-block-paragraph">The Xfinity breach stemmed from a vulnerability in Citrix software, dubbed &#8220;Citrix bleed.&#8221; Hackers exploited this vulnerability to gain access to a wealth of customer data, including names, contact information, usernames, passwords, birth dates, parts of Social Security numbers, and answers to security questions. These security questions can be used to attack other accounts at other institutions.</p>



<h2 class="wp-block-heading" id="h-recommitting-to-data-security-in-2024"><strong>Recommitting to data security in 2024</strong></h2>



<p class="wp-block-paragraph">The Xfinity breach is yet another a wake-up call for businesses to reassess and reaffirm their data security measures. </p>



<h3 class="wp-block-heading" id="h-securing-sql-server">Securing SQL Server</h3>



<p class="wp-block-paragraph">For businesses, this breach underscores the importance of a robust and multi-layered approach to data security. These measures should consider and include hardening the SQL Server environment. </p>



<p class="wp-block-paragraph">Here are some key steps to take:</p>



<ul class="wp-block-list">
<li><strong>Minimize the attack surface:</strong> Uninstall unused SQL Server components such as SQL Server Reporting Services, SQL Server Integration Services, and other software and services to reduce potential vulnerabilities.</li>



<li><strong>Leverage Windows Authentication:</strong>&nbsp;This can enhance security by eliminating the need for separate passwords for database access.</li>



<li><strong>Leverage role-based security:</strong> Assign roles with specific permissions to limit access to sensitive data.</li>



<li><strong>Implement the principle of least privilege:</strong> Grant roles access only to the data the members of the role need to perform their jobs.</li>



<li><strong>Conduct regular audits:</strong> Track role membership changes. monitor user access for suspicious behavior.</li>



<li><strong>Consider SQL Server&#8217;s Transparent Data Encryption (TDE):</strong> This encrypts data at rest, adding another layer of security to sensitive data.</li>
</ul>



<h3 class="wp-block-heading" id="h-securing-user-accounts">Securing user accounts</h3>



<p class="wp-block-paragraph">The most common vector for breaches over the past several years has been phishing. Users click on realistic looking links sent by bad actors. These links compromise their systems.</p>



<p class="wp-block-paragraph">Education is the best prophylactic for phishing attempts and ransomware. Additionally, you can harden the environment by:</p>



<ul class="wp-block-list">
<li><strong>Using strong, unique passwords for all accounts.</strong> Prohibit easily guessable passwords like birthdays or pet names. </li>



<li><strong>Enabling two-factor authentication (2FA) whenever possible.</strong> This adds an extra layer of security by requiring a second verification factor, such as a code sent to your phone, to log in. These should be table stakes in security.</li>



<li><strong>Being cautious about what information you share online.</strong> Avoid posting personal details on social media or other public platforms.</li>
</ul>



<h2 class="wp-block-heading" id="h-additional-tips"><strong>Additional tips</strong> </h2>



<p class="wp-block-paragraph">The Xfinity breach was just one of many in 2023. These serve as sobering reminders that no organization or individual is immune to cyberattacks. Municipalities, hospitals, banks, and every other industry are constantly under attack.</p>



<p class="wp-block-paragraph">If you&#8217;re not sure where to start with hardening your SQL Server, here are a couple of resources to help: </p>



<ul class="wp-block-list">
<li><a href="https://theserogroup.com/sql-server-resources/sql-server-security-best-practices/">SQL Server Security Best Practices</a></li>



<li><a href="https://theserogroup.com/sql-server-resources/protecting-sql-server-from-ransomware/">Protecting SQL Server from Ransomware</a></li>
</ul>



<p class="wp-block-paragraph">If you&#8217;d like some assistance, assessing your SQL Server environment, <a href="https://theserogroup.com/#contact">reach out</a>. We&#8217;re happy to help. </p>
<p>The post <a href="https://theserogroup.com/data-security/new-year-resolution-recommitting-to-data-security-and-lessons-from-the-xfinity-breach/">New Year Resolution: Recommitting to Data Security and Lessons from the Xfinity Breach</a> appeared first on <a href="https://theserogroup.com">The SERO Group</a>.</p>
]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">5633</post-id>	</item>
	</channel>
</rss>
