Database performance and security audit
The greatest challenge in maintaining systems containing customers data, processes and company resources is ensuring security, while maintaining the databases efficiency. Knowing the configuration, along with the strengths and weaknesses identification, provides your company with security and confidence that the data is always delivered on time.
At summi-it, we make sure that your data is in good hands every day, ensuring comprehensive system audits with a guarantee of the highest quality of service.
Data security and performance
Identification of system bottlenecks
Possible database modifications list
When should a database security audit be performed?
We offer the audit service each time before starting cooperation in the area of system support. We recommend performing the database security and performance audit especially if in your company:
- you process large amounts of data, especially when they are sensitive,
- you are preparing for certification or audits,
- you plan to scale the system and implement new functions or expand it with additional resources or data,
- you want to analyse the risk related to data maintenance in the organization and estimate the costs of improvements,
- you care about increasing the security of the system used,
- you suspect a possible data leak and want to find its source,
- it is necessary to verify the correctness of the database instance configuration,
- Before taking further actions, it is recommended to eliminate bottlenecks in the system to restore its proper performance.
What does the summ-it database security and performance audit include?
We start each audit by establishing key success criteria and analysing the database environment (network, hardware, visualization, operating systems), as well as by verifying the installation configuration and database settings. Only after familiarizing with these key issues, we can fully present the audit plan and the requirements it will entail. In order to properly carry out an audit of the security and performance of the system, our specialists should be given access to the software. In the auditing process, we also deal with, among others, authorization management processes verification, as well as log analysis in the context of detecting potential data leaks. Depending on the system size and the scale of the problems, we can also offer optional penetration tests.
Why should you choose security audit made by summ-it?
database systems implementations
certified IT specialists
What is the database security audit process?
Based on experience with systems of various sizes, we have developed a unique and original method of conducting audits, guaranteeing the highest quality and usability for customers. Each project is carried out taking into account the individual needs and goals of the company, following a similar procedure, the steps of which are presented below.
Step 1. Work plan preparation and identification of bottlenecks
- action plan development taking into account the client’s requirements and expectations,
- interviewing system users and administrators,
- obtaining and configuring access to all required system components,
- familiarizing with the specification of the system, processes operating on the basis, and review of the available documentation,
- system bottlenecks identification.
Step 2. Hardware resources or a cloud dedicated to the environment analysis
- server and disk array configuration control, as well as virtual components in the cloud,
- distribution of files on LUN matrix or the performance of storage components verification,
- conducting a virtualization analysis or IaaS or PaaS systems in the cloud configuration,
- verifying the configuration of operating systems (in the case of IaaS).
Step 3. Database environment analysis
- collecting database configuration information,
- carrying out database objects analysis,
- recurring tasks verification,
- CPU, RAM and I / O load control,
- collecting data on DR and HA,
- authorizations, including added access security, verification,
- collecting information on accounts and their permissions in the instance,
- analysing the behaviour of the application and its communication with the database system,
- collecting data (instance query trace, log analysis),
- conducting traffic analysis and operations performed on the basis to identify system bottlenecks,
- analysing SQL queries (including long running queries, storage procedures).
Step 4. Recommendations and optimization plan development
- making possible database modifications list in order to improve system performance.
- estimating the potential effects of implementing changes, from the point of view of efficiency,
- recommendations development in the context of DR and HA,
- detailed risk analysis
- estimating the costs of implementing the necessary changes.
Your company will receive a full report containing a list of identified problem sources and recommendations for changes prepared by our specialists.
Superb DBA – own audit tool
Due to the fact that summ-it supports over 8,500 database systems and based on over 20 years of experience of our experts, we have implemented the Superb DBA solution that automates database management processes, including auditing them in the area of configuration compliance with best practices and in security area.
Superb DBA is a system that allows you to automate the maintaining database systems processes, especially in the compliance and security areas.
Superb DBA performs database audit on many layers in accordance with the CIS and STIG practices. Simultaneously it allows you to review database systems key parameters in real time, which will facilitate making business decisions.
Meet clients with whom we reach the peak together
As part of our cooperation, we have conducted the analysis and implementation of a Business Intelligence system for the client for departments such as: logistics, sales, production, and now we are implementing reporting in the controlling department.