Governance (DW)---a Technical Reference Guide for Designing Mission-Critical DW Solutions

  • Article

Want more guides like this one? Go to Technical Reference Guides for Designing Mission-Critical Solutions.

While governance is not an easily pointed to set of IT features, understanding and deconstructing governance is important because the policies set by standards boards impact which features are required (for example, cell-based encryption, and data auditing). As an example, in the U.S.A, regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Health Level Seven International (HL7), Sarbanes-Oxley (SOX), and the payment card industry (PCI) impact a wide variety of organizations. The regulatory requirements and organizational policies can drive the decision to include or remove Microsoft SQL Server from tier-one enterprise consideration because enterprises must follow these standards as part of the cost of doing business.

Best Practices

The following resources provide some general information about governance and compliance. Since regulatory organizations provide very few best practices for governance, Microsoft and enterprise customers rely on partner vendors to define how to implement systems that are in compliance. (Note that the full URLs for the hyperlinked text are provided in the Appendix at the end of this document.)

  • The website SQL Server 2008: Compliance1 is the main site for information about SQL Server compliance, including an overview of governance. Within this site, the following sections are of particular interest:

    • The Securing the platform section of the site provides guidance and references to secure the entire server environment end-to-end, rather than just securing the database.

    • The Controlling identity and separation of duties section provides guidance and references about the basics of identity and access control in addition to the policies surrounding the separation of duties.

  • The white paper Reaching Compliance: SQL Server 2008 ComplianceGuide2 includes a deep dive into understanding compliance and its impact through regulatory requirements and organization policies.

  • The Security Standards Compliance3 section of the SQL Server 2008 R2 Books Online provides description and configuration procedures for common security criteria certifications.

Questions and Considerations

This section provides questions and issues to consider when working with your customers.

  • Microsoft does not have the deep domain and regulatory expertise in the various industries where its products are used. When working with customers understand their regulatory requirements and work with them and the partners to tailor solutions leveraging the security oriented features to meet the necessary regulatory governance.

  • As you work with the customers and partners, consider how Microsoft as an organization work more closely with them in meeting their governance needs. Specifically how to better:

    • Receive input on necessary features and technologies, particularly in relation to local regulations.

    • Provide guidance to the community on how to use Microsoft technologies for governance and compliance.

    • Provide end-to-end governance solutions for customers.

Appendix

Following are the full URLs for the hyperlinked text:

1 SQL Server 2008: Compliance https://www.microsoft.com/sqlserver/2008/en/us/compliance.aspx

2 Reaching Compliance: SQL Server 2008 Compliance Guide http://sqlcat.com/whitepapers/archive/2008/11/15/reaching-compliance-sql-server-2008-compliance-guide.aspx

3 SQL Server 2008 R2 Books Online: Security Standards Compliance https://msdn.microsoft.com/library/bb326717.aspx