0

This question rises from a dispute between "Financial Department" and "IT Department" in a Production Company.

This company has it's own IT Department witch provides Financial Software tools and all other ERP-Like tools for this company. Because the IT Department itself is part of this company actually the salary of software developers and database admin is calculated and paid through the software and databases designed and maintained by themselves. so the financial department is feared of database manipulation by the system admins. also they don't want to use other software tools and want to remain in the current software and database solutions.

Now the Question is:

How is it possible to monitor an Sql-server database to prevent any intended manipulation by database admin? the solution must be in a way that insures the system works fine but any manipulation by system admin will be traceable for financial department and system admin will not be able to erase his/her manipulation traces.

of course any simplified and tutorial based approach suggestion will be appreciated.

asked Feb 17, 2018 at 18:40
2
  • It really comes down to trust. You have to trust the IT employees just as much as you trust the Finance employees. I would wager that they should be much more concerned about the Finance employees, who would be more likely to know enough about finance to embezzle without being caught. Commented Feb 17, 2018 at 21:35
  • @TonyHinkle is right...if you cannot trust your admins, replace them with ones you can. Also, things like CDC and triggers that email on changes can help track. Commented Feb 17, 2018 at 22:45

1 Answer 1

3

Sure, this is what compliance auditing solutions like IBM Guardium and Imperva do. They're appliances that sit in between your SQL Server and the rest of the network, and they capture everything that happens without affecting end user activities.

They're expensive - think six figures and up for the full implementation, and it's not going to be discreet.

If you were looking for something free or cheap, you can try using the built-in auditing features in SQL Server, or software products like Idera Compliance Manager, but be aware that sysadmins can disable those tools (because they're likely gonna be the ones installing them anyway.)

answered Feb 17, 2018 at 19:08
2
  • What about a good old fashioned process where relevant data is output to hardcopy on a periodic basis and audited? Commented Sep 1, 2020 at 16:29
  • @bf2020 I wouldn't exactly call that difficult to circumvent. Commented Sep 1, 2020 at 17:01

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.