Chapter 14. Designing and Implementing Security
How much security is enough?
Security is another one of those black holes of the DW/BI system. It seems straightforward at first glance, but it often ends up being more complicated and uses more resources than originally planned.
If you're serious about security, and take the necessary steps to educate yourself, keep up-to-date on security bulletins and software updates, and design your system to minimize your attack surface, you'll be in a good position to run a safe system. Microsoft throws so much information and so many security options at you that the greatest risk may be that you'll give up out of frustration and confusion. We hope this chapter helps by highlighting the most important issues for a DW/BI system.
You can minimize the cost and risk of implementing security by — yes! — writing a security plan. That plan should have a section for securing the environment, including the hardware and operating system; a section for securing the operations and administration of the system; and a section for securing data. No security plan is complete without a discussion of how to test the security. Designing and implementing tests for whether the right people have access to the right data can be as hard as any other task in developing and operating the DW/BI system.
In this chapter, we talk about the major components of DW/BI system security. These are the components that should be included in your security plan. The easy part is securing ...