Webinar Postponement and #SQLPASS group leaders heads up

Yesterday I wrote about three upcoming webinars I’m giving, which you don’t need to be in attendance for. Unfortunately, the one scheduled for next week with Idera and BankDirector has been postponed. I apologize for the scheduling delay. It looks like it should be rescheduled for some time in July.

Also, if you are a PASS user group leader and you haven’t already seen the email, PASS HQ is offering temporary GoToMeeting accounts for groups to be able to hold meetings virtually. There’s an email address you need to send your request into, so please check your email (and spam folder) to see what you need to do to have that account created. This is the direction Midlands PASS is going to go for the month of April.

SQL Server Security and Performance Webinars – March 17 – April 8, 2020 #FlattenTheCurve

In response to the Coronavirus (COVID-19) epidemic, we’re seeing folks react smartly by cancelling or rescheduling events where a large number of folks gather together. We have even seen this with at least one in-person SQL Server-based user group. Midlands PASS is considering canceling for April as well. Instead of canceling or postponing, some conferences have chosen to go all on-line. That’s a great track: you can still get professional development by attending on-line offerings. Along those lines, here are three webinars I’ll be giving over the next few weeks. There will likely be more to come, so check back!

 

March 17, 2020 2 PM EDT
BankDirector and Idera
Registration Link: https://register.gotowebinar.com/register/8686876738111806477

Protect Your Sensitive Data from the Inside First

Financial organizations handle an immense amount of sensitive data within their databases, and they face significant fines if that data is exposed or breached. The biggest challenge when it comes to cybersecurity risk is that it constantly evolves, as the threats, actors and attacks increase in sophistication. Organizations that prepare for one method of intrusion may find themselves the victim of a different strategy. So how do you ensure that your data assets are protected, not just from external threats, but also from malicious insiders or accidental accesses?

In this webinar led by IDERA, viewers will learn about best practices for putting the proper database controls in place, along with auditing procedures to track user activity within your environment.

 

March 26, 2020 1 PM EDT
MSSQLTips.com and Quest
Registration Link: https://www.mssqltips.com/sql-server-webcast-signup/?id=814

Why Are My SQL Server Queries So Slow?

Performance is horrible. Users are complaining. Your boss wants to know what’s going on with the SQL Server and what can be done about it. Where do you start? What do you look at? What can you tune? More specifically, what can you tune without touching code?

In this webinar, we’ll look at the entire SQL Server holistically, from the “hardware” allocated to the machine down to individual query plans. We’ll cover what tools are provided out of the box, from Performance Monitor to Query Store, that you can use to spot the bottlenecks on your system. Then we’ll talk about what you can do to alleviate the pain you’re feeling. Will throwing hardware at the problem hide it until you can put a real fix in? Or do you need to roll up your sleeves and rewrite some common, poorly performing queries? What/where is the trade-off? Armed with this knowledge, not only will you be able to identify what’s broke, but you’ll be able to give your organization options on how to fix it.

 

April 8, 2020 2 PM EDT
PASS DBA Virtual Group
Registration Link: https://dba.pass.org/MeetingDetails.aspx?EventID=15086

What do you need to know to work with SQL Server security properly?

In this talk, we’ll look at the must knows. We will start with how a person or application connects to SQL Server and the types of authentication SQL Server provides. We will then look at the hierarchical security model SQL Server implements and how this flows down from server all the way down to tables, views, and stored procedures. Afterwards, we will discuss particular security roles which allows access without explicit permissions. Finally, we will look at ownership chaining and how that can also allow a user access to an object because of a reference from a different object.

Cross-Post: Learning From Technology’s Past

Cross-posted from the ISACA Now Blog:

“This is the song that doesn’t end.
Yes it goes on and on, my friends.”

– Lewis, S., “The Song That Never Ends,” Lamb-chop’s Sing Along, Play Along, Norman Martin Music, 1992.

When I think of technological progress, in a lot of cases we are seeing new views and takes on existing ideas. Ideas keep coming back around, just like “The Song That Doesn’t End.”

Take virtualization and cloud computing. Cloud computing often touts a “pay as you go” model where you run cycles on someone else’s hardware. This is the model many an organization ran with for their mainframes and similarly sized computing devices. A classic example applicable to auditors and IT security folks is found in the Cuckoo’s Egg by Clifford Stoll. Stoll happened onto an international intruder due to a small (less than US$1 dollar) accounting error on just such a platform. That was in 1986.

As auditors, we can use this to our advantage when coming up to speed on new technology, new techniques or new anything in information technology. The first thing to do is see if we have a re-implementation of an older idea. If we do, then chances are we have a good idea of how to begin auditing that new technology.

Approaching new technology with the mindset of looking to see what it is already similar to what we already know accelerates our ability to learn the new technology and provides our organizations with services on said technology. It also reduces a lot of the fear factor for us. After all, the technology implements concepts and ideas we already understand.

Editor’s note: For further insights on this topic, read K. Brian Kelley’s recent Journal article, “Innovation Governance: In Everything New, There Is Plenty of Old,” ISACA^® Journal, volume 1, 2020. (ISACA membership required to view the article)

Let’s Call It What It Is: Complexity Debt

Technical debt get deprioritized too often because business sees the word, “technical.” It doesn’t matter what the true meaning is. And it’s a big problem. It really needs proper governance to make it a priority.

“Lack of governance over technical debt is also a problem.”

Michelle Leroux Bustamante, .NET Rocks!

Reading through The Unicorn Project, which is a newly released companion to The Phoenix Project, I came across this great nugget that might help others view technical debt properly.

“I’ve started calling all of these things ‘complexity debt,’ because they’re not just technical issues—they’re business issues. And it’s always a choice,” he says. “You can choose to build new features or you can choose to pay down complexity debt.”

Gene Kim, The Unicorn Project

Yes! When we replace the word “technical” with “complexity” we reframe the discussion. That may help discussions about what to prioritize and getting what we call technical debt paid off in a more timely fashion.