Tool Targets Compliance for SQL Server Databases

By Lisa Vaas  |  Posted 2005-04-19 Print this article Print

Idera's new version of its SQL Server database auditing tool provides real-time auditing and continuous compliance.

Idera has come out with a version of its SQL Server database auditing tool that provides real-time auditing and continuous compliance for organizations dealing with Sarbanes-Oxley, GLBA, HIPAA, BASEL II and the USA Patriot Act. Idera worked in partnership with both security and auditing firms, including Ernst and Young LLP, to design SQL Compliance Manager, according to Rick Pleczko, president and CEO of the Houston company.
"They said, You must have the ability to provide a true, trusted source of data, so you can prove to auditors that this is a reflection of the real world that hasnt been tampered with," he said.
To accomplish that, Idera built in features to make the tool self-auditing. For example, if the database server goes down, auditing comes back as soon as the server recovers. If somebody were to try to shut the auditing process down, the product "immediately squawks, sends out an alert and refuses to let you kill the auditing process," Pleczko said. "Even if subverted, weve used whats called immutable schema. Its not susceptible to change. We have features that will tell you if anybody changes any content in any row in a table, or if anybody inserted or deleted anything in the table." The product is built to support two audiences: the DBA (database administrator), who serves as custodian and manager of the product, and the external and internal auditors, who are the real consumers of the data the tool produces, Pleczko said. "On the DBA side of the house, they want a set-it-and-forget-it system," he said. Specifically, SQL Compliance Manager has a low overhead, being designed to use less than 5 percent of the load on a machine to collect data. It achieves that by eschewing high-overhead tactics such as triggers, profiling, heavy tracing or log scraping. Patrick Rios, senior master planner for Continental Airlines, in Houston, said he appreciates that. He started using SQL Compliance Manager about a month ago to audit aircraft maintenance databases and ensure compliance with FAA regulations. Read more here about how VARs can take advantage of compliance requirements. "This product doesnt put load on the server," he said. "Im not using 5 percent, and Im hitting it pretty heavy: whole table deletes and inserts on some applications parts." Rios said he particularly likes having the task of compliance lifted from his back. "When they showed me this, I could automatically see a lot of prospects for the product to help me with everyday needs as far as tracking data, being able to set filters on the fly," he said. "Usually a bigwig says Hey, I want to know the last time an aircraft was changed, or Who changed these conditions on the aircraft? Without having to write stored procedures or triggers or put load on the database, I was able to go in, target whether it was by user, location, position on the field or whatever, or even track the interface, and capture data without having to write code, and produce a report," he said. "So it was definitely impressive to me, because there arent too many tools out there, especially with Select statements, where you can filter down to where youre not blowing the transaction log out of the water." SQL Compliance Manager provides out-of-the-box, customizable auditing and compliance reports. The reports are all .Net-based, Pleczko said, which also makes Rios happy. "In the aviation industry, reports and knowledge is your goal," he said. "Its built on C++ and C Sharp, and theyre taking advantage of Reporting Services available to it, which is really a good thing, since most of us are looking toward that product. The buzzword has been BI [Business Intelligence], BI." SQL Compliance Manager will be available for download from Ideras site within the next two months. It costs $995 per SQL Server instance, inclusive of all components. Check out eWEEK.coms for the latest database news, reviews and analysis.
Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel