Database audit

The analysis is carried out by specialists with field experience and with the use of proprietary audit scripts prepared as part of numerous audits carried out for clients. In order to carry out the work, it is necessary to gain access to individual systems, as well as the consultation possibility, in order to define the business need in detail and discuss the IT environment configuration. At the same time, as part of the audit, we use our own Superb DBA system, thanks to which we can analyse the configuration of the systems and indicate the best practices for their configuration and security.

The range of the database audit service

Step 1. Work plan preparation and identification of bottlenecks

• Collecting customer requirements and expectations
• Interview with users and system administrators.
• Obtaining and configuring access to all required system components.
• Familiarization with the system specification, processes operating on the basis and review of the available documentation. 2
• Identification of system bottlenecks on the basis of architecture analysis.

Step 2. Audited platform analysis

• Verification of resource configuration on the audited platform, including areas dedicated to database systems (landing zone).
• Virtual machine configuration verification
• Operating systems configuration verification
• Infrastructure configuration analysis

Step 3. Database environment analysis

• Gathering configuration information for individual database instances.
• Database object analysis.
• Recurring tasks verification.
• Analysis of traffic and operations performed on databases in order to identify system bottlenecks.
• Resource load control (CPU, RAM and I / O).
• Verification of system response times, and analysis of locks and deadlocks.
• Data collection (instance query trace, log analysis).
• Analysis of application behaviour and its communication with the database system.
• Collection of data regarding DR and HA.
• Permissions verification, including added access security.
• Gathering information regarding accounts and their permissions in instances.
• System configuration analysis in the data security context.

Step 4. Recommendations and optimization plan development

• Drawing up a list of observations on the analysed systems and indicating a list of recommended changes to improve system performance and data security.
• Estimating the potential effects of implementing changes from the performance point of view in the defined measure of success context.
• Development of recommendations in the context of DR and HA.
• Recommendations preparation regarding the systems scaling and a scenario for their further development.
• Risk analysis and implementation costs estimation.

Step 5. Final report preparation

• Creation of a report containing a list of identified problem sources and recommendations for changes.

The end product for the service offered is a report summarizing the database system current configuration and a list of performance-enhancing recommendations.

Report key elements:

1. Contextual part
2. Description of the methodology and applied metrics.
3. List of work carried out and activities.
4. Currently conducted internships characteristics.
5. List of identified problem sources.

Changes recommendation

1. Recommended actions ranking listed according to the expected effects, cost and risk.
2. Good practices recommendation.

Modification implementation plan

1. Proposition of the optimal way to carry out the improvements.
2. Plan and schedule of tasks.
3. Risk analysis and estimation of the necessary resources (if the result of the analysis shows the need for such an investment).

After conducting an audit and discussing the observations and recommended changes, we offer the possibility of introducing modifications aimed at improving the security and efficiency of data access. The work range and the implementation time depends on the audit results.