Skip navigation.

Chris Foot

Syndicate content
Remote DBA Experts Blog
Updated: 14 hours 37 min ago

A look at how RDX’s Additional Services can meet your needs: Series Kick-off [VIDEO]

Mon, 2014-07-28 08:54

Transcript

Today we’re kicking off a series about our additional offerings, because we think it’s important for your organization to leverage RDX’s full suite of data infrastructure services to improve your organization’s ability to turn raw information into actionable business knowledge.

From our Business Intelligence services – designed to get you the right information about your company to make savvy strategic decisions – to our application hosting, database security and non-database server monitoring, GoldenGate replication services, and support for Windows, MySQL and Oracle EBS, we’ve got every administration need you can think of covered.

We’ll take an in-depth look at each of these services in videos to come, so you can learn how they can benefit your business and choose the services that may be the most important to you.

For more information on our additional services, follow the link below for our Additional Services Whitepaper.

Tune in next time as we discuss the importance of Business Intelligence for your business!
 

The post A look at how RDX’s Additional Services can meet your needs: Series Kick-off [VIDEO] appeared first on Remote DBA Experts.

The Importance of Documentation

Mon, 2014-07-28 07:05

As a remote data infrastructure services provider, documenting the activities we perform, as well as our customers’ environments, is critical to our success. RDX currently supports thousands (and thousands) of database ecosystems ranging in complexity from simple to “making your hair stand on end.”

My customers hold my organization to extremely high standards. Rightfully so, they have turned over the keys to their most sensitive and mission-critical data stores to RDX. At the end of every email blast I send to our customer base, I end it with, “I personally appreciate you placing your trust in us to administer and safeguard your most valuable data assets. We take that responsibility very seriously here at RDX.” Stating that we take that responsibility seriously is kind of like saying the Titanic sprung a small leak.

Although the importance of a well thought out and detailed documentation library is blatantly obvious, creating documentation is the task most often postponed by an overworked DBA unit.

Documenting processes, procedures and best practices is a task that is often considered to be boring and mundane. Most DBAs would rather perform virtually any other activity than sit in front of a screen using a word processor. As a result, creating documentation is often postponed until the DBA has a little free time to kill. Today’s database administration units are operating with smaller staffs, tighter budgets and ever-increasing workloads. The end result is that the documentation is either never created or created and not kept current.

However, a robust detailed documentation library creates an environment that is less complex, less error-prone, reduces the amount of time DBAs spend learning new database environments and reduces the overall time spent on day-to-day support activities. DBAs are able to spend more time administering the environment rather than finding the objects they are trying to support and the processes and programs used to administer them.

The nature of my business as a remote services provider demands excellent documentation. The majority of environments we administer weren’t designed by my organization. The only way that we can ensure high quality and high-speed administration of these environments is to document them thoroughly. We document everything from initial connectivity and customer contact sheets to detailed information on database and server information, batch job streams and individual program execution (what it does, run-time windows). If we need to be aware of it, we have it documented.

Documentation is also the foundation of many of the other disciplines I will be discussing in future blogs. Let’s continue our discussion with a few helpful hints to get you started.

Understanding the Important Role Good Documentation Plays

We all generally understand the benefits that documentation provides. I think that all readers will see the importance I personally place on documentation in upcoming blogs.

Let me reaffirm my opinion in this one sentence: Good documentation is the foundation that high-quality data infrastructure services are built upon.

Creating an Organizational Environment That Fosters Good Documentation

I’ve been the Vice President of Service Delivery at RDX for 6 years now. It is my responsibility as manager to create an environment that fosters the production of robust and high-quality documentation. Let me describe some of the challenges that I have faced in the past at other organizations and how I have overcome them.

Since I view high quality documentation to be my responsibility as a manager, I ensure that it becomes part of every DBA’s performance appraisal criteria, including my own. If it isn’t on my, and my unit’s, performance appraisal forms, I will ask to have it added or make my own personal addendum and notify both the DBA team and management that I have done so.

I will add time for documentation when I estimate the amount of time it will take me to perform an administrative task during project planning meetings. I don’t settle for “we can do that after the project is complete” as an answer.

If you continuously sell the importance of documentation, sooner or later, you will begin to wear your opponents down. Although I prefer to call it “being relentless,” I’m sure that many of the application development managers (and my own managers) viewed it as “being a ….” (insert your favorite description here).

Every document I have created that provides a list of activities I , or my unit, need to perform during a project has documentation included. It helps to integrate it into the fabric and culture of my organization’s environment.

Making Documentation Second Nature

You also need to ensure that generating documentation becomes a natural part of your daily activities. You must continuously remind yourself that documentation is a primary and integral part of providing high-quality support services to your customers.

You must also remind yourself that it makes your job easier and benefits your fellow DBAs. It is a recipe for disaster when a fellow DBA needs to be out of the office for a time and asks another DBA to “help them out” by performing a complex, application-specific administrative activity and then tries to verbally tell them how to perform the 326 steps it takes to execute it.

Did you ever try to refresh an ERP application test environment from production when that test environment doesn’t have enough space to hold all of production’s data? 4,000 steps later, you begin to second-guess your choice of professions. That was the exact request from one of my fellow DBAs when I first started in this profession, and it quickly taught me the importance of good documentation. Not only did he get me to do the refresh, but I also had to document the process for him along the way. Some call that being a good coworker; I would view that as having a big sucker taped to my forehead.

The moral of this story is this: If you don’t want to be the only one that can perform that 900 step ERP application production to test refresh, document it! If you don’t want to be called by the on-call DBA because he doesn’t know exactly where to add a file in an emergency situation (like someone forgetting to tell you that they were loading 10 million additional rows into that 100 row table), document it! The more you document, the easier your life as a DBA becomes.

I’ve never had a photographic memory. It makes generating documentation easy for me. I also like to write, and that helps, but I will admit that there are times that I would rather perform virtually any other activity than document.

However, it has become easier because I continuously reaffirm to myself the importance of documentation. The more you reinforce that to yourself, the more second nature (and easier) it becomes.

Making Documentation Easy

I’m a huge fan of documentation templates. Here at RDX, we have templates and Standard Operating Procedures for everything we document. If it is repeatable or a complex process, we have an SOP for it. We have templates for documenting connections to our customers’ environments, their backup and recovery environments and their application specific processes, to name a few. If it needs to be documented on a regular basis, we have a template for it. We also have generic templates for documenting environments and activities that don’t fit into other templates.

Word Documents and Templates

Word document templates provide many features that streamline the documentation process and help to improve the quality of the content they store. I try to take advantage of as many features as I can. I use drop-down selection menus, check boxes and radio push buttons to improve the speed and quality of the documentation process. I also take advantage of the help pop-up feature that Microsoft Word provides to create a detailed description of what information is to be entered into that field, check box or radio button.

Wikis

We heavily utilize Wikis to intelligently and securely display information about the environments we are tasked with supporting. A common, menu-driven interface has been designed, tuned and tweaked over our 20 year history. The Wiki’s contents include customer contact and escalation information, detailed database/server information, customer change management procedures, RDX DBAs assigned to the account, on-call team assigned, non-sensitive connection information (VPN type, VPn vendor, etc) and job information. The Wiki page also links to current tickets, current time cards and a history of past problems contained in our problem resolution library.

The Wiki content is controlled by a well-defined change management procedure and relies upon Wiki templates to ensure information is stored and displayed in a common format that adheres to RDX specifications. Once again, templates help improve the quality of content, speed data entry and ensure a uniformity of display pages and menus. We constantly review the Wiki for content and usability as well as leverage new Wiki features as they are released.

Database-Driven Content Managers

There are dozens of software companies that offer content management solutions. Database vendors have also recognized this as a lucrative market. All of the major database vendors now offer advanced content management software, each one trying to outdo the other in the number of bells and whistles that their products offer. Do a quick search on Google for documentation content management software, and you will find out just how many competing products there are.

Content management products offer check-in/check-out features, document versioning, web portal access and advanced workflow capabilities to name just a few of the features designed to improve content management. The competition in the content management market space is fierce to say the least. Content management vendors know that continuously adding new bells and whistles to their products is not just important for increasing market share, but it also is critical for their survival. Product costs can range from thousands to tens of thousands of dollars (or more).

If you have the funds and your management understands the benefits that a full-blown content management package provides, by all means begin a content management product analysis. But if you don’t have the funds, create a shared drive on your network and declare it to be the “DBA Documentation Portal.”

What to Document

By all means, this is not an all-inclusive list of what can be documented. Consider it as a starter kit to help you begin your quest for “documentis nirvanas.” Is some of this overkill for your particular environment? Maybe, but just consider this a general, high-level list. Since most readers will work for a single organization, I’m focusing my recommendations on DBA units that support one corporate environment.

Database Environment Documentation

  • Naming conventions
  • Servers (server names, operating system release, hardware vendor)
  • Databases (vendor, database version, features enabled)

Application-Specific Documentation

  • Application type (i.e. data warehouse, online transaction processing, decision support, third-party application name and functionality it provides).
  • Business unit requirements and related information for supported databases
  • Uptime requirements (i.e. 24 X 7, 8 X 5)
  • Database downtime windows
  • Critical job processes
  • Business unit and application developer contact lists
  • Turnover windows for database changes
  • Problem notification and escalation procedures
  • Security sensitivity- How sensitive is the data?

Process Documentation

  • Repeatable administrative processes (covered in an upcoming blog)
  • Backups – Probably the most critical set of documentation you will ever create- Document how it is backed up, what scripts back it up, where the backup is going to, retention periods and backup message directories. If it is involved with a backup, DOCUMENT IT. Review the document with other units that are involved in the backup and recovery process. It is your responsibility to ensure that you don’t hear an operator say, “What retention period? Nobody told me we were to have a retention on these files” when you are in a recovery situation. Remember that Oracle states that human error, including miscommunications, is responsible for over 90% of failed recoveries. If you want to reduce recovery failures, DOCUMENT THE PROCESS AND REVIEW IT.
  • Anything else you run on a regular basis to support a specific application
  • Change management- I’ll be spending an entire blog, or two, on this
  • A daily monitoring activity checklist to ensure that no activity is missed- We have daily, weekly and monthly activities that are to be performed for each of our customers
  • Complex administrative activities performed regularly
  • Test and reporting database refreshes
  • Data reorganizations
  • Disaster recovery tests- The processes required to perform the recovery AND the criteria that will be used to evaluate whether it was successful or not

Object Documentation

  • DBA-specific stored PL/SQL and TSQL programs
  • Day-to-day support scripts (where they are and what they do)
  • Monitoring scripts (where they are and what they do)
  • Scripts used to perform database administrative changes- I personally utilized specific directories that provide output from critical database changes that I have performed and other directories containing the SQL used to make that change
  • Operating system scripts- Document what the script does in the beginning of each of your scripts. Did you ever try to determine what a 400 line script does that was created by someone who knows much more about UNIX scripting than you do? We have all been in that position at one time or another during our career. Make it easy on your coworkers to understand what the script does by putting comments at the top of the script as well as in the body. Also keep a running history of script changes, what they were and the time they were made

Database Administration Unit Organizational Documentation

  • Contact Information
  • DBA roles and responsibilities- Which applications, databases and tasks they are responsible for supporting
  • DBA unavailability- Allows application developers to plan for a DBA not being available

It is a good practice to distribute this information to all business units supported by the database administration unit.

I hope you enjoyed this blog on documentation and the important role it plays.

The post The Importance of Documentation appeared first on Remote DBA Experts.

How DBA services can help you manage big data

Mon, 2014-07-28 02:11

Effectively being able to store and manage big data is more than simply having a lot of hard disk space. 

The variety and complexity of the information produced by Internet-connected assets has forced database administration services to adapt to new processes and environments. Their focus on accessibility and security hasn't wavered, but the manner in which they approach these priorities has transformed.

Solving the puzzle: structured and unstructured data 
BrightPlanet, a company that specializes in harvesting data from the Internet, outlined the differences between unstructured and structured data. While volume has always challenged databases to hold massive troves of organized intelligence, one of the chief difficulties resides in the act of actually arranging it. 

  • Structured: Pertains to data that is highly constructed and easy to query and is typically held in relational database systems. A spreadsheet is an example of structured information.
  • Unstructured: Applicable to data that doesn't subscribe to a particular architecture and is usually stored in NoSQL databases, which run complex algorithms to create environments capable of managing it. Social media posts are examples of unstructured information. 

What does this mean for remote database services?
According to MongoDB, conventional DBA practices needed to become more agile in order to be able to query large collections of unstructured data, giving birth to NoSQL databases. This access language sanctioned the development of "document" storage, which has spawned the following benefits:

  • Documents are regarded as independent entities, which makes it simpler to transport data across multiple virtual locations.
  • SQL queries don't need to be translated from object to application. 
  • Because a document contains whatever values the software language requires, unstructured data is easy to store. 

In response to this development, DBAs learned the administrative languages and tools needed to launch and manage document-based data environments. 

Different program, same responsibilities 
As one can imagine, DBAs are still expected to perform the same database active monitoring tasks they have been around since the inception of digital information storage. There are also a number of additional responsibilities these professionals are undertaking:

  • Understanding how clients plan on using the data. Are they simply looking to scrutinize it or allow applications to make intelligent decisions with it?
  • Securing firewall access. What tactics are cybercriminals employing in an attempt to penetrate these environments?
  • Managing and monitoring performance. How well are software deployments adapting to unstructured data? 

Outsourcing to DBAs knowledgeable in contemporary enterprise needs and NoSQL databases may be a good tactic for organizations to use. 

The post How DBA services can help you manage big data appeared first on Remote DBA Experts.

Is your mobile network HIPAA compliant?

Wed, 2014-07-23 11:21

As hospital personnel continue to access patient records through mobile devices, health care organizations are taking new approaches to database security.

Assessing initial requirements
The best way for CIOs in the medical industry to measure the performance of their server protection strategies is to ensure all software deployments are compliant with the Health Insurance Portability and Accountability Act. Information Week contributor Jason Wang acknowledged the basic requirements HIPAA obligates mobile applications and networks to possess:

  • Authorized, defended user access to protected health information
  • Encryption features that hide sensitive data from unsanctioned personnel
  • Routine security updates to eliminate bugs or loopholes in the network
  • A remote access data elimination feature that can be activated by administrators in the event a mobile device is lost, stolen or compromised
  • A solid business continuity/disaster recovery framework that can be tested on a regular basis

With these points in mind, health care organizations would greatly benefit from having a third party develop an enterprise-wide mobile application for their facilities. Salesforce CRM in particular is a solid option for those looking to install such an implementation, primarily due to its reputation for having HIPAA-compliant security features.

The risks involved
Many medical professionals believe employing a mobile network will help their subordinates allot more attention to patients. While this concept may be true, there are a number of threats that left unacknowledged could infect such a system. Having a third-party company constantly conduct database active monitoring tasks is imperative to deterring the following dangers:

  • Mobile devices, as well as wearables, are easily misplaced, meaning that those who come across these mechanisms could access private patient information
  • As a number of health care providers are communicating with patients through social media – malware and other Web-based attacks could be funneled through such mediums to infect devices.
  • Because mobile keyboards are rudimentary, users are more likely to use uncomplicated passwords that can easily be unmasked.

Be a smart user
Database administration needs aside, health care companies must also provide personnel with a secure line of communication. HIT Consultant noted that text messaging is a solid way for hospital staff to transfer information quickly and on the go, but the avenue lacks the encryption technology necessary to keep these communications secure.

Installing an encoding program geared specifically toward mobile text messaging is a good move to make. However, employees should also be cognizant of the fact that they should not explicitly share vital information, if they can help it.

The post Is your mobile network HIPAA compliant? appeared first on Remote DBA Experts.

Cybercriminals using more tools, are better connected

Fri, 2014-07-18 12:05

Aside from the techniques they use, the most dangerous tool hackers have at their disposal is the ability to network with organized criminal syndicates.

Constant vigilance
Many experienced deviants who have made an unorthodox, yet profitable career out of unlawful behavior have realized that the Internet provides them with relatively safe avenues to steal money. These figures hold no biases regarding who they target, attacking enterprise servers and consumer computers.

The best way to deter these persistent criminals from succeeding is by employing database activity monitoring, malware detection software and staff members skilled in the craft of information protection. The latter factor is particularly important, as those who have encountered aggressive cyberattacks likely know how to defend networks against them.

The strength of a network
According to PC World, French and Romanian officials razed a cybercriminal organization comprised of Romanian citizens, who used malware to infect the databases of money transfer enterprises in Germany, Norway, the United Kingdom, Austria and Belgium. European law enforcement agency Europol noted the figures used remote access Trojans to infiltrate the systems, allowing them to conduct unsanctioned transactions.

The Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT), reported that the illicit organizations would deliver fictitious money transfers from sham people to real recipients. In one instance, a franchisor lost $800,000 as a result of the scheme.

Government-grade tactics
Cybercriminals are recognizing that enterprises have been tightening database security in response to such attacks, leading them to utilize more sophisticated techniques. ZDNet contributor Charlie Osborne referenced Gyges, a form of espionage malware engineered by government developers, as being one of the most difficult deployments to detect.

She cited a recent report conducted by Sentinel Labs, which surmised that the malicious software likely originated from Russia and is "virtually invisible." The program can remain active for long periods of time, unbeknown to victims. Hackers are now reengineering Gyges to create more advanced ransomware and rootkits, the latter of which are codes that shield covert processes from detection.

One of the characteristics that makes Gyges so tricky is its ability to infiltrate systems when users remain inactive, a significant digression from processes employed by conventional malware. In addition, Gyges is capable of transporting other forms of malicious code that can be initiated once the desired target has been reached.

Between organized criminal networks and government-grade malware at the disposal of cybercriminals, it's safe to say organizations need to find ways to optimize their database protection.

The post Cybercriminals using more tools, are better connected appeared first on Remote DBA Experts.

What to look for in a cloud database security company

Thu, 2014-07-17 12:58

Companies new to the world of cloud computing often express apprehension in regard to security.

Unsure as to how internal teams are supposed to deploy effective protection, a number choose to outsource to database administration services capable of monitoring all network and server activity around the clock. As there are so many such companies to choose from, some enterprises are unclear as to what they should be looking for.

Seek clarification
Gilad Paran-Nassani, a contributor to SYS-CON, acknowledged the puzzle organizations encounter when weighing cloud deployment capabilities with IT defenses. He outlined a number of points leaders should be sure to cover before signing a contract with a database security provider:

  1. Define who can access information: In addition to assigning company personnel the authorization codes, organizations should get a clear idea of who on the DBA end of the operation can obtain and view data. Any opacity in this regard should be thoroughly assessed.
  2. Know how data is encrypted in the cloud: The CIO and managers of the DBA service should sit down and outline how information will be hidden during transfers. Make sure there are no loopholes in the procedure and that it can be adjusted to new security needs.
  3. Conduct a background check: Get into contact with the prospective DBA's customers and ask them questions regarding their own experiences. In addition, ask the business to provide a list of any credentials pertaining to cloud platform protection.

What to look for
When seeking out a company that can provide remote database management for cloud environments, or on-premise solutions for that matter, there are a number of enterprise characteristics businesses should favor. MSPmentor contributor Michael Brown outlined four elements executives should look for when speaking with DBA services face-to-face:

  1. A fundamental concept: If the professionals on the other end of the table have a unique approach to how they tackle security, then they're most likely a sure bet.
  2. Honesty: A cloud security provider that acknowledges past mistakes and explains how it has evolved from those mishaps is filled with motivated, adaptable individuals.
  3. Transparency: When answering tough questions, a DBA should divulge its capabilities and shortcomings so trust can be quickly established.
  4. Commitment: Dedication should go beyond day-to-day security amenities. A DBA must seek ways to improve protection while ensuring system workability on a consistent basis.

As one can observe, selecting the right DBA to protect enterprise cloud environments requires human characteristics as well as technical ability. These considerations will help organizations find the right fit.

The post What to look for in a cloud database security company appeared first on Remote DBA Experts.

Oracle users may require remote database management

Fri, 2014-07-11 10:01

A reputed professional recently discovered a bug in one of Oracle's key security implementations, which may prompt some of its customers to seek active database monitoring solutions. 

A good start, but needs work 
According to Dark Reading, David Litchfield, one of the world's most well-recognized database protection experts, recently discovered a couple of faults in Oracle's redaction feature for its 12c servers. The defensive measure allows database administrators to mask sensitive information from malicious figures.

Although Litchfield regarded the feature as a good deployment, he asserted that a highly skilled hacker would be capable of bypassing the function. He noted that employing a type of Web-based SQL injection is a feasible way for an unauthorized party to gain access to information. Litchfield is expected to demonstrate this technique among others at Black Hat USA in Las Vegas next month. 

"To be fair, it's a good step in the right direction," said Litchfield, as quoted by the source. "Even if a patch isn't available from Oracle, it's going to protect you in 80 percent of the cases. No one really know how to bypass it at this point."

Constant surveillance
Although Oracle is working to mitigate this problem, enterprises need to wonder what's going to protect them from the other 20 percent of instances. Having a staff of remote database support professionals actively monitor all server activity is arguably the most secure option available. 

Specifically, Oracle customers require assistance from those possessing the wherewithal to defend databases from SQL injection attacks. Network World outlined a few situations in which this invasive technique has caused harrowing experiences for retailers:

  • In the winter of 2007, malware was inserted into Heartland Payment Systems' transaction processing system, resulting in 130 million stolen card numbers. 
  • In early November 2007, Hannaford Brothers sustained a malicious software attack that led to the theft of 4.2 million card access codes.
  • Between January 2011 and March 2012, a series of SQL injection endeavors against Global Payment Systems incited $92.7 million in losses. 

Take the simple steps 
Network World acknowledged the importance of treating routine processes as critical features. For example, forgetting to close a database after testing the system for vulnerabilities is negligence that can't be afforded to transpire. 

In addition, it's imperative that enterprises understand the mapping of their database architectures. This protocol can be realized when organizations employ consistent surveillance of all activity, allowing professionals to see which channels are the most active and what kind of data is flowing through them. 

The post Oracle users may require remote database management appeared first on Remote DBA Experts.

Hurricane season: The need for disaster recovery

Wed, 2014-07-09 07:42

As hurricane season gets longer and businesses grow more reliant on technology, having a smart disaster recovery plan in place is essential. A major part of maintaining database security involves ensuring that the system can be rebooted or accessed in the event of a major power outage. 

Not prepared 
Eric Webster, a contributor to Channel Partners Online, referenced a survey of 600 small and medium-sized businesses conducted by Alibaba.com, Vendio, and Auctiva in 2013, noting that 74 percent of respondents have no DR/business continuity plan in place. Another 71 percent of SMBs lack a backup generator to keep the data center running. 

Essentially, this means that a large number of enterprises won't be able to conduct any activities in the event their operations shut down. Because technology is so heavily integrated into day-to-day workflows, professionals don't realize how mission critical databases are until they can't be accessed anymore. 

Battening down the hatches 
So, what can be done to prepare for a data center outage? TechRadar noted that implementing a DR/BC strategy involves a step-by-step process:

  1. If working with a cloud services provider, partner with a company known for building accessible, recoverable infrastructures.
  2. Set up data centers in easily reachable, strategically placed locations to exercise a low risk of failure.
  3. Figure out whether a dedicated communications link or a virtual private network is the best way to connect with databases.
  4. Regularly conduct tests on the system, which should be measured by performance and task completion. 

Outsourcing responsibility 
Webster acknowledged the benefits of hiring a remote database support service to initiate DR/BC tests, manage and organize recovery strategies and monitor databases 24/7/365. 

The key advantage of outsourcing to a managed services provider is that in the event a major storm is forecasted, database administrators can quickly implement backup strategies so that applications, stored information and platforms aren't lost. 

Another "aaS" 
With DBAs in mind, it's important to acknowledge that many such professionals now offer Recovery-as-a-Service, working with cloud environments to launch and maintain DR/BC. Webster outlined how this process works:

  • An enterprise's tangible and/or virtual databases deliver images of their environments to the cloud on a regular basis
  • If a super storm shuts down a data center, its virtual version can be maintained by and accessed through the cloud environment. 

Webster acknowledged that this service model is more affordable than conventional DR/BC strategies. Recovery can occur more quickly and separate hard disks containing data identical to the information in on-premise servers don't need to be used. 

The post Hurricane season: The need for disaster recovery appeared first on Remote DBA Experts.

Malware stirs database security concerns for banks

Thu, 2014-07-03 13:40

In an effort to keep up with the times, many financial institutions have implemented e-banking applications that allow customers to access and manage their finances on the Web or through their smartphones.

Although electronic solutions may boost satisfaction rates and make it easier for account holders to transfer funds, they can cause major database security woes if proper protective measures aren't taken. As of late, there have been two kinds of malware banks have had to contend with.

Attacking the mobile arena
Because it's easy for consumers to get caught up in the luxury of viewing checking information on their smartphones, many forget to follow necessary, defensive protocols. According to ITPro, a new remote access Trojan, named com.II, is targeting Android devices and zeroing in on users with mobile banking applications. 

The source noted that the malware abides by the following process:

  1. Undermines any security software that's installed
  2. Scans the device for eBanking programs
  3. Replaces any such tools with fraudulent ones
  4. Implements fabricated application updates
  5. Steals and delivers short message service notifications to access contact lists.

Combating surveillance
Paco Hope, principal consultant with Cigital, a firm based in the United Kingdom, surmised that the malicious software could infect global banking populations, as it's capable of being manipulated to abide by different languages.

To prevent the program from entering bank accounts and stealing funds, active database monitoring should be employed by enterprises offering e-banking apps. Com.II has the ability to conduct thorough surveillance of individual checking and savings records, allowing the malware's administrators to potentially carry out transactions. 

Under the radar
Many programmers harboring ill intentions have found a way to make malicious software basically unrecognizable. MarketWatch acknowledged a new breed of malware, dubbed Emotet, that tricks people into giving it access to bank accounts. The news source outlined the deployment's protocol.

  1. Spam messages are sent to victims' emails
  2. The contents of those notices detail financial transactions and include links
  3. Upon clicking the link, the malware activates code that sits in browsers
  4. Once a person visits a bank website, the program can monitor all activity

Trend Micro Vice President of Technology and Solutions JD Sherry asserted that the language used within the encoded messages appears authentic. This makes it easy for individuals to fall victim to the scam.

The administrator's side of the equation
Although it's important for e-banking customers to install adequate malware protection programs, the enterprises administering electronic solutions must find a way to defend their accounts. Constant database surveillance needs to be employed so that security breaches don't get out of hand in the event they occur.

The post Malware stirs database security concerns for banks appeared first on Remote DBA Experts.

Leveraging Collective Knowledge and Subject Matter Experts to Improve the Quality of Database Support

Wed, 2014-07-02 06:10

The database engine plays a strategic role in the majority of organizations. It provides the mechanism to store physical data along with business rules and executable business logic. The database’s area of influence has expanded to a point where it has become the heart of the modern IT infrastructure. Because of its importance, enterprises expect their databases to be reliable, secure and available.

Rapid advances in database technology combined with relatively high database licensing and support costs compel IT executives to ensure that their organization fully utilizes the database product’s entire feature set. The more solutions the database inherently provides, the more cost effective it becomes. These integrated features allow technicians to solve business problems without the additional costs of writing custom code and/or integrating multiple vendor solutions.

The issue then becomes one of database complexity. As database vendors incorporate new features into the database, it becomes more complex to administer. Modern database administrators require a high level of training to be able to effectively administer the environments they support. Without adequate training, problems are commonplace, availability suffers and the database’s inherent features are not fully utilized.

The Benefits of Collective Knowledge

Successful database administration units understand that providing better support to their customers not only comes from advances in technology but also from organizational innovation. The selection of support-related technologies is important, but it is the effective implementation and administration of those technologies that is critical to organizational success.

Database team managers should constantly leverage the collective knowledge of their entire support staff to improve the quality of support the team provides and reduce the amount of time required to solve problems.

One strategy to build the team’s expertise is to motivate individual team members to become Subject Matter Experts in key database disciplines. This strategy is performed informally hundreds of times in IT daily. A support professional is required to perform a given task and “gets stuck”. They spin their wheels and then decide to run down the hall and find someone they feel can provide them with advice. They consult with one or more fellow team members to solve the problem at hand.

The recommendation is to have a more formal strategy in place so that each team member, in addition to their daily support responsibilities, becomes a deep-dive specialist in a given database discipline. Their fellow team members are then able to draw from that expertise.

Increasing the Efficiency of Support- Subject Matter Experts

The database environment has become so complex that it precludes database administrators from becoming true experts in all facets of database technology. RDX’s large administrative staff allows it to increase efficiency by creating specialists in key database disciplines. In addition to expertise in providing day-to-day support, each of RDX’s support staff members is required to become an expert in one or more database disciplines including backup and recovery, highly available architectures, SQL tuning, database performance, database monitoring, UNIX/Windows scripting and database security.

RDX allocates the support person with the highest-level skill sets in that particular task to provide the service requested by the customer. This methodology ensures that the customer gets the most experienced person available to perform complex tasks. Who do you want to install that 5 node Oracle RAC cluster? A team member that has limited knowledge or one that has extensively studied Oracle’s high availability architecture and performs RAC installations on a daily basis?

Although your team may only consist of a ½ dozen administrators, that doesn’t mean that you aren’t able to leverage the benefits that the Subject Matter Experts strategy provides. Identify personnel on the team that are interested in a particular database support discipline (i.e. security, database performance, SQL Performance, scripting, etc.) and encourage them to build their expertise in those areas. If they are interested in high availability, send them to classes, offer to reimburse them for books on that topic and/or allocate time for them to review HA specific websites. Focus on the areas that are most critical to the needs of your shop. For instance, is your company having lots of SQL statement performance problems? A sound strategy is to have one of your team members focus on SQL tuning and support them throughout the entire educational process.

Also consider special skills during the DBA interview and selection process. At RDX, we always look for candidates that are able to provide deep-dive expertise in key database support disciplines. We have several DBAs on staff that have strong application development backgrounds including SQL performance tuning. This was in addition to possessing a strong background in database administration. We use the same strategy for HA architectures, and we look for candidates that have strong skills in any database advanced feature. We’re able to leverage that expertise for the customer’s benefit. The same strategy can be applied to any size team. Look for candidates that excel in database administration but are also strong in key areas that will improve your ability to support your internal customers.

In addition, you can also draw expertise from other teams. For example, you may have access to an application developer who is strong in SQL coding and tuning or an operating system administrator that excels in scripting. Build relationships with those personnel and leverage their experience and skill sets when needed. Ask them to provide recommendations on training to your team or assist when critical problems occur. Technicians are usually more than happy to be asked to help. Just make sure to be courteous when asking and thank them (and their manager) when they do help out.

Reducing Downtime Duration by Faster Problem Resolution

RDX’s large staff also reduces the amount of time spent on troubleshooting and problem solving. RDX is able to leverage the expertise of a very large staff of database, operating system and middle-tier administrators. Additionally, RDX is able to leverage the team’s expertise to provide faster resolution to database performance issues and outages. Since the support staff works with many different companies, they have seen a number of different approaches to most situations.

Ninety-nine percent of our support technicians work at the same physical site. This allows RDX to create a “war room” strategy for brainstorming activities and problem solving. All technicians needed to create a solution or solve a problem are quickly brought to bear when the need arises. Support technicians come from varied backgrounds and have many different skill sets. RDX is able to leverage these skills without having to search for the right person or wait for a return call. Work can take place immediately.

This “war room” strategy works for any size team. When a significant issue occurs, leverage the entire team’s skill sets. Appoint yourself to be the gate keeper to ensure that the team remains focused on the goal of quick problem resolution and that the conversation continues to be productive. Brainpower counts, and the more collective knowledge you have at your disposal, the more effective your problem resolution activities become.

Conclusion

Corporate information technology executives understand that their success relies upon their ability to cut costs and improve efficiency. Decreasing profit margins and increased competition in their market segment force them to continuously search for creative new solutions to reduce the cost of the services they provide. They also realize that this reduction in cost must not come at the expense of the quality of services their organization delivers.

RDX invites you to compare the benefits of our organizational architecture and quality improvement initiatives to our competitors, your in-house personnel or your on-site consultants. We firmly believe that our Collective Knowledge Support Model allows us to provide world class support.

The post Leveraging Collective Knowledge and Subject Matter Experts to Improve the Quality of Database Support appeared first on Remote DBA Experts.

Microsoft’s database administration strengthens BYOD security

Tue, 2014-07-01 11:02

The prevalence of the bring-your-own-device trend has incited new database security concerns while simultaneously improving employee performance. 

Enterprises don't want to sacrifice worker productivity and happiness simply because server activity can't be properly managed. There's no reason to abandon BYOD. All it requires is assiduous surveillance, new usage protocols and network optimization. 

The biggest concern comes within 
Every organization has at least one staff member who couldn't be more dissatisfied with his or her current work situation. The idea of the disgruntled employee may seem somewhat cartoonish, but it's important that businesses consider the situation as a serious threat to data confidentiality. 

Chris DiMarco, a contributor to InsideCounsel, acknowledged that mobile devices can be useful assets to personnel harboring ill intentions. David Long-Daniels, co-chairman of Greenberg Traurig's Global Labor & Employment Practice, noted that malicious activity can be carried out through smartphones in a number of ways, and it all starts with willingly sharing information. 

"What happens if an individual leaves and you don't have a policy that allows you to wipe their device?" Long-Daniels posited, as quoted by the source. 

Set up a protocol 
Thankfully, there's a way you can deter malevolent employees from stealing critical information. Bret Arsenault, CIO of Microsoft and contributor to Dark Reading, noted that the software developer has successfully deterred deviancy by implementing database active monitoring and segregating personal and corporate data. He acknowledged that any device accessing company email must:

  • Encrypt the information on the mechanism
  • Be activated by a PIN
  • Enable remote management and application updates to protect Microsoft's programs

Handling transactions off-premise has been a significant boon for Microsoft. The organization consistently deploys products that act as administrators between its own databases and the personal devices of employees. In addition, the solution allows Microsoft to remove any corporate intelligence from devices in the event the user leaves the enterprise. 

Implement an access strategy 
Depending on what hardware an employee is using and how trustworthy a worker is deemed to be, Microsoft defines how much database access a person will receive. Arsenault maintained that the business asks the following questions:

  • What kind of email solution is an individual using? Is it personal or corporate?
  • Is his or her device managed and authenticated by Microsoft or handled solely by the employee?
  • Is the mechanism being used from a known or unidentified location?

With the aforementioned approaches in mind and sound remote database support at their backs, enterprises will be able to benefit from the flexible workflow BYOD offers without suffering from security woes. 

The post Microsoft’s database administration strengthens BYOD security appeared first on Remote DBA Experts.

Recent attacks show public authorities need tighter database security

Fri, 2014-06-27 11:52

Although cyberwarfare seems like something out of a science fiction movie, the threat is a legitimate concern for public authorities. 

Database active monitoring appears to the be only way in which governments can adequately defend themselves against well-coordinated cyberattacks. Having a team of administrators oversee server activity 24/7/365 is a good form of protection against assiduous criminals and persistent, covert operatives. 

An unsettling visualization 
According to ExtremeTech, a simulation detailing millions of global cyberattacks supported many people's assumptions that the United States sustains the bulk of database infiltration attempts.

The real-time demonstration was developed by Norse, a network security company that took information from its "honeypot" database – a tempting target that traps incoming infiltration data. The simulation discovered that:

  • The bulk of attacks originate from China, directed at the U.S.
  • The U.S.'s own hack attempts are more dispersed, targeting different countries

Supporting Norse's map 
Because the representation was developed from Norse's own sources, what constitutes an attack and how often government agencies attack the U.S. is slightly ambiguous. Also, the nature of the endeavors varies considerably – from malware to phishing scams. 

However, the source noted that in 2012, the Department of Defense maintained that it sustained 10 million cyberattacks a day. The National Nuclear Security Administration experienced database security worries of its own, reporting nearly the same amount of infiltration attempts. 

A clear example 
Those who believe the NNSA, DOD and other federal agencies are the only organizations targeted by governments are sadly mistaken. Oregon Live reported that the Oregon Secretary of State's website was attacked a week prior to authorities realizing that anything was wrong. The ordeal occurred in February. 

As a result, the entity suspended public access to two databases for several weeks, asserting that a foreign actor had penetrated the system. The news source acknowledged that authorities believe the attack originated from North Korea or China. 

"We do suspect that's where it's from, but we don't know, and the FBI is the one who is looking at the IP addresses, not us," said Oregon Secretary of State spokesman Tony Green, as quoted by the source. "We have not heard back from law enforcement about whether or not they have definitive information on where the attacks came from."

Being proactive 
State authorities lacking the resources necessary to actively monitor all server activity should consider investing in remote database management services. Knowing what hackers are looking for, the techniques they're utilizing and where they're operating is imperative to maintaining the sanctity of critical information. 

The post Recent attacks show public authorities need tighter database security appeared first on Remote DBA Experts.

Simplifying the Auditing Compliance Process – Database Activity Monitoring Series pt. 4 [VIDEO]

Fri, 2014-06-27 07:46

Hi and welcome to the last video in our Database Activity Monitoring series where we discuss how Database Activity Monitoring streamlines our customers’ auditing compliance process. We previously touched on how our ongoing vulnerability assessments help organizations gain greater visibility into their database activity.

Our vulnerability assessments provide detailed security analyses of all databases instances and can identify current threats in our clients’ environments. This makes it easier to demonstrate compliance to auditors and helps simplify the auditing process.

RDX creates custom checks and reports to reflect specific needs for internal and regulatory audits. We also can log any access to sensitive data, including complete transaction details, for audit purposes. These features help our customers better prepare and respond to compliance audits and save them valuable time and money, as a result.

So there you have it – our Database Activity Monitoring service and all its different components. Still have questions? Don't hesitate to contact us by using the 'QuickConnect' button at the top right-hand corner of the page. We're happy to talk to you about how our database security services can help you keep your organization's databases the safest they've ever been.

Thanks for watching, and see you next time!
 

The post Simplifying the Auditing Compliance Process – Database Activity Monitoring Series pt. 4 [VIDEO] appeared first on Remote DBA Experts.

Meeting government mandates with remote database management

Fri, 2014-06-27 07:21

In response to recent data breaches, state lawmakers have proposed new legislature that would require businesses to provide disclosures to their customers in the event of an attack.

Overseeing operations
As can be expected, enterprises would prefer that their information not be hacked at all, causing many to search for database active monitoring solutions. Scrutinizing server activity around the clock is becoming a necessity as opposed to an asset that was once "nice to have."

If a company can't adequately provide authorities with details concerning a successful data infiltration attempt, it may have to face serious repercussions. Worst of all, it will have no way of knowing where the information was taken from, which customers were affected by the breach and what caused the vulnerability in the first place.

A popular measure
According to Inside Counsel, Kentucky recently became the 47th state to enact a law that requires organizations to inform their customers in the event of a data breach. The enactment of the measure leaves Alabama, South Dakota and New Mexico as the only three states that have yet to put such legislature into effect.

The news source noted that Kentucky Governor Steve Beshear signed the bill designed to protect personally identifiable information of the Bluegrass State's residents. In addition, the law mandates that cloud service providers supporting environments for public educational institutes (grades K-12) make a concentrated effort to protect student information.

Tactics to implement
Natasha Clark, a contributor to Business Technology, outlined a few ways in which enterprises can exercise thorough database security. Most of these tasks must be carried out by professionals, such as remote DBA experts who can launch solutions without having to go on-premise.

  1. Executing multiple backups on a regular basis will ensure that all data can be recovered in the event that it's lost or stolen.
  2. Having dedicated database administrators analyze logged information will ensure that no malware slips under the radar.
  3. Figuring out what is being protected is essential to weighing risk, enabling professionals to determine whether or not databases will be targeted by specific contingencies.
  4. Deploying active monitoring software to automatically search for threats can assist teams working remotely.
  5. Reviewing the authorities and restrictions given to database management personnel helps mitigate the severity of accidents caused in-house.

With constant monitoring, companies will be able to prevent data breaches from occurring, proactively satisfying the demands of government entities. Dedicating personnel to the security and confidentiality of customer data is the wisest choice for business leaders who don't want to have to contend with a public relations nightmare.

The post Meeting government mandates with remote database management appeared first on Remote DBA Experts.

Study reveals that comprehensive database administration is needed

Thu, 2014-06-26 02:13

A huge part of securing data is knowing where the information is being stored and how it's shared among professionals. Ideally, database experts should be working 24/7, 365 days a year to monitor all server activity and contents. 

Grievous consequences
According to PC Magazine, the Montana Department of Public Health and Human Services recently sustained a data breach in which the personal information of 1.3 million people was exposed. Much of the data consisted of:

  • Names
  • Social Security numbers
  • Treatment history
  • Health statuses
  • Insurance

"Out of an abundance of caution, we are notifying those whose personal information could have been on the server," said DPHHS Director Richard Opper, as quoted by the source. 

A lack of understanding 
The problem lies in the jargon used by Opper. "Could have been" implies that the DPHHS has no way of knowing who exactly was affected by the attack. Although questionable activity was identified on May 15 – with a subsequent investigation being conducted seven days later – the breach could have been prevented if enough clarity regarding the system existed. 

Ponemon Institute recently conducted a survey of 1,587 global IT and IT security practitioners, which discovered that a mere 16 percent of respondents know where sensitive structured data is held. Even fewer study participants (7 percent) definitively know where unstructured information is located. 

Not taking appropriate measures 
After asking respondents which protective protocols were poorly executed, the Ponemon Institute discovered that: 

  • Almost three-fourths (72 percent) failed to adequately oversee intelligence sharing 
  • Approximately 63 percent were unsuccessful when assigning and refusing access permissions to staff. 
  • Just under 64 percent inadequately implemented database policy algorithms and application enhancements 

Constant surveillance
Many enterprises recognize the danger of neglecting to monitor server contents and access. Having IT personnel drop in every so often to scrutinize the system isn't enough to deter assiduous cybercriminals. A company should dedicate an entire team of database administration professionals to giving servers the attention they require.

As far as what IT professionals needed more of, 76 percent of Ponemon respondents identified real-time monitoring as a critical asset for them to possess. A focus on automation was realized across the board, with survey participants requiring data discovery and protocol workflow to be proactively conducted. 

Intelligence diagnostics, thorough vision of all database assets and integrated protective analysis were also cited as key enterprise needs. 

Knowing where data is stored, how it's transferred between professionals, who has access to an environment and the contents of encrypted information requires the expertise of database administration services. A team of professionals focused solely on monitoring all server activity is imperative in a world rife with cybercriminals. 

The post Study reveals that comprehensive database administration is needed appeared first on Remote DBA Experts.

Ongoing Database Security Services Provide Greater Visibility: Database Activity Monitoring Series pt. 3 [VIDEO]

Tue, 2014-06-24 08:38

Hi and welcome back to the RDX blog, where we’re deep in a series about our Database Activity Monitoring services and how these services allow our customers to gain full visibility into their database activity.

We’ve previously touched on how we integrated the advanced features of McAfee’s security products to provide our customers with a 24×7 customizable Database Activity Monitoring solution that alerts customers to threats in real time.

In addition to all of that, we also provide ongoing services, such as new threat analyses, vulnerability scans, database and OS patching services and database activity monitoring reports.

Vulnerability assessments help us give you detailed information you can put into action immediately, helping you prioritize and remediate security gaps., and we schedule them on an ongoing basis to prevent future vulnerabilities. You will be notified about any unprivileged users or programs, and they will be quarantined in real time, preventing any further access into the database.

These assessments make demonstrating compliance to auditors much easier, and we’ll touch on this in our next video, the last part of our Database Activity Monitoring series. Thanks for watching, and stay tuned!

The post Ongoing Database Security Services Provide Greater Visibility: Database Activity Monitoring Series pt. 3 [VIDEO] appeared first on Remote DBA Experts.

SQL vs. NoSQL: Which is best?

Tue, 2014-06-24 01:33

The manner in which information is accessed – as well as how fast it's procured – depends on the day-to-day needs of organizations. Database administration services often help businesses decide whether Not Only Structured Query Language (NoSQL) or conventional Structured Query Language is needed to optimize data-related operations. 

SQL 
SQL servers, also known as relational databases (RDBMS) have been around for the longest time, with companies such as Oracle and Microsoft developing the structures. The Geek Stuff acknowledged a few key components of the technology: 

  • RDBMS are table-based structures, representing data in columns and rows
  • They possess an underlying pattern or protocol to access and read the information
  • Scaled vertically, SQL databases are accessed by increasing hardware power
  • Good for intricate, extensive queries
  • Vendors typically offer more support for RDBMS, as it is a popular, familiar solution. 

NoSQL 
Relatively new to the sector, NoSQL runs off of unstructured query language. MongoDB, the most popular provider of NoSQL databases, explained that they were developed to better handle large sets of different data types. Primary functions of the technology are dictated below:

  • Can consist of four primary types: document, graph stores, key-value (in which every item in the database is stored with a name and its worth), or wide column
  • Do not subscribe to schemas or preset rules
  • Scaled by combining the computational power of other machines to reduce load stress – also known as "scaling out" 
  • Outside experts are hard to come by, but database support services can provide users with efficient knowledge. 

As they stand in the market 
Visual Studio Magazine referenced a survey of 500 North American software developers by Database-as-a-Service (DBaaS) company Tesora, which discovered that 79 percent of respondents were using SQL database language. The study itself focused on how the two programming interchanges were utilized by those working with private or public cloud environments. 

"Going forward, this gap can be expected to close since NoSQL databases have only been on the market for a few years or less, as opposed decades for some of the incumbents," acknowledged the report, as quoted by VSM. 

One better than the other? 
For those handling a mix of unstructured, structured and semi-structure data, NoSQL is most likely the way to go. Those managing number-based information should see major benefits from using SQL. 

However, it's important to remember that the processing power of tangible servers is increasing at a slower rate than it was ten years ago. Because NoSQL optimizes the use of these machines by pooling computing power, it may be the better choice for those worried about the future. 

The post SQL vs. NoSQL: Which is best? appeared first on Remote DBA Experts.

Customizing a Database Activity Monitoring Solution: Database Activity Monitoring Series pt. 2 [VIDEO]

Sat, 2014-06-21 13:32

Real-time monitoring means constant protection from potential threats, and at RDX we customize database activity monitoring to fit our customers’ unique security requirements.

First, we hold fact finding meetings during the customer integration process to learn our customers’ database security requirements and internal practices. Then we educate our customers on the installation and configuration of the security monitoring architecture which utilizes an RDX supplied security appliance.

Next, we work with our customers to determine which event notifications and escalation procedures are best for their database environments. They can set notification rules about the time of day a database is accessed, certain users who access it, and the computers and programs used to access it, among hundreds of other customizable parameters.

After implementation, our team of dedicated professionals provide 24×7, 100% onshore monitoring of your database environments and will alert you to any activities that violate your predetermined security parameters.

We also provide our customers with ongoing database security services. Find out more about these in our next video!

The post Customizing a Database Activity Monitoring Solution: Database Activity Monitoring Series pt. 2 [VIDEO] appeared first on Remote DBA Experts.

What is Database Activity Monitoring?: Database Activity Monitoring Series Kick-off [VIDEO]

Fri, 2014-06-20 13:56

Today we're kicking off a series on Database Activity Monitoring. As your database administrators, safeguarding customer data is our highest priority. That’s why we offer 24×7 Database Activity Monitoring services, which allow organizations to gain full visibility into all database activity.

At RDX, we’ve partnered with McAfee, the world’s largest dedicated security company, to bring our customers the highest level of database activity monitoring. RDX has integrated the features and functionality provided by McAfee’s database security products into its support environment to give our clients visibility into all database activity, including local privileged access and sophisticated attacks from within the database itself.

Not only that, we help you save money on a security monitoring support architecture, because our Proactive Monitoring and Response Center provides 24X7, real-time security alert monitoring and support by around-the-clock staff members who are onsite, onshore, and 100 percent dedicated to protecting your organization's core assets..

This constant monitoring also helps us receive alerts of attacks in real time and terminate sessions that violate predetermined security policies.

We customer tailor a database activity monitoring solution to fit each customer’s unique needs – which we'll touch on in our next video!
 

The post What is Database Activity Monitoring?: Database Activity Monitoring Series Kick-off [VIDEO] appeared first on Remote DBA Experts.

What is Database Activity Monitoring?: Database Activity Monitoring Series Kick-off [VIDEO]

Fri, 2014-06-20 13:56

Today we're kicking off a series on Database Activity Monitoring. As your database administrators, safeguarding customer data is our highest priority. That’s why we offer 24×7 Database Activity Monitoring services, which allow organizations to gain full visibility into all database activity.

At RDX, we’ve partnered with McAfee, the world’s largest dedicated security company, to bring our customers the highest level of database activity monitoring. RDX has integrated the features and functionality provided by McAfee’s database security products into its support environment to give our clients visibility into all database activity, including local privileged access and sophisticated attacks from within the database itself.

Not only that, we help you save money on a security monitoring support architecture, because our Proactive Monitoring and Response Center provides 24X7, real-time security alert monitoring and support by around-the-clock staff members who are onsite, onshore, and 100 percent dedicated to protecting your organization's core assets.

This constant monitoring also helps us receive alerts of attacks in real time and terminate sessions that violate predetermined security policies.

We customer tailor a database activity monitoring solution to fit each customer’s unique needs – which we'll touch on in our next video!
 

The post What is Database Activity Monitoring?: Database Activity Monitoring Series Kick-off [VIDEO] appeared first on Remote DBA Experts.