Today I would like to discuss security, the necessary evil. Security is a great thing, when it is keeping other people out of my stuff or when it keeps people from bringing down my SQL Servers. I love that security, and most of you do too. No DBA enjoys SQL injections or developers with accidental db_owner access! We can all agree on those principles. Can I get an Amen, sorry I felt a little like a small town Southern Baptist preacher extolling the evils of sin.
The sin I am referring to is that of your local Security Administrator. You know the guy, he is the one with the long list of security acronyms at the end of his name on his e-mail signature that you have never heard of. In my world he is the satan caricature with the little red pitch fork and bifurcated tongue. He is the sadist who makes you use 25 characters with a mixture of numbers, a mixture of cases, and at least one symbol without any repeating characters or dictionary words rapidly accelerating your carpal tunnel syndrome fifty times a day. He is also the sadist who makes you change your password on regular intervals ensuring that you never remember it without writing it down and then he turns you in for keeping a handwritten list of passwords at your desk. He is also the guy that will not let you use single sign-on or assume that you are who you login as in a TRUSTED authentication. At this point in my career, I am confident that he is purely sadistic!
One of the first lessons I ever learned in the server world when learning Windows NT 3.51 was that security was essential. However, there is a simple axiom that defines everything we do in this arena: the more secure a system is the less productive it will be. In other words, the more you lock down the system, the less you will get out of it. We can thank the script kiddies as well as the black hat hackers for breeding this devil into our workplaces. However, there comes a time when every DBA must stand up and say no more! Your silly compliance regulations are costing me in productivity. It is your job to secure the systems and not strap everyone down to where they cannot move! In my office, I cannot install software onto my own PC, however I am responsible for almost 200 servers. There is something wrong with that picture. I am starting to think that the axiom is now: Security or Productivity…you cannot have them both. What about your environment?