Database performance and security audit

We offer the audit service each time before starting cooperation in the area of system support. We recommend performing the database security and performance audit especially if in your company:

• you process large amounts of data, especially when they are sensitive,
• you are preparing for certification or audits,
• you plan to scale the system and implement new functions or expand it with additional resources or data,
• you want to analyse the risk related to data maintenance in the organization and estimate the costs of improvements,
• you care about increasing the security of the system used,
• you suspect a possible data leak and want to find its source,
• it is necessary to verify the correctness of the database instance configuration,
• Before taking further actions, it is recommended to eliminate bottlenecks in the system to restore its proper performance.

We start each audit by establishing key success criteria and analysing the database environment (network, hardware, visualization, operating systems), as well as by verifying the installation configuration and database settings. Only after familiarizing with these key issues, we can fully present the audit plan and the requirements it will entail. In order to properly carry out an audit of the security and performance of the system, our specialists should be given access to the software. In the auditing process, we also deal with, among others, authorization management processes verification, as well as log analysis in the context of detecting potential data leaks. Depending on the system size and the scale of the problems, we can also offer optional penetration tests.

Why should you choose security audit made by summ-it?

Based on experience with systems of various sizes, we have developed a unique and original method of conducting audits, guaranteeing the highest quality and usability for customers. Each project is carried out taking into account the individual needs and goals of the company, following a similar procedure, the steps of which are presented below.

Step 1. Work plan preparation and identification of bottlenecks

• action plan development taking into account the client’s requirements and expectations,
• interviewing system users and administrators,
• obtaining and configuring access to all required system components,
• familiarizing with the specification of the system, processes operating on the basis, and review of the available documentation,
• system bottlenecks identification.

Step 2. Hardware resources or a cloud dedicated to the environment analysis

• server and disk array configuration control, as well as virtual components in the cloud,
• distribution of files on LUN matrix or the performance of storage components verification,
• conducting a virtualization analysis or IaaS or PaaS systems in the cloud configuration,
• verifying the configuration of operating systems (in the case of IaaS).

Step 3. Database environment analysis

• collecting database configuration information,
• carrying out database objects analysis,
• recurring tasks verification,
• CPU, RAM and I / O load control,
• collecting data on DR and HA,
• authorizations, including added access security, verification,
• collecting information on accounts and their permissions in the instance,
• analysing the behaviour of the application and its communication with the database system,
• collecting data (instance query trace, log analysis),
• conducting traffic analysis and operations performed on the basis to identify system bottlenecks,
• analysing SQL queries (including long running queries, storage procedures).

Step 4. Recommendations and optimization plan development

• making possible database modifications list in order to improve system performance.
• estimating the potential effects of implementing changes, from the point of view of efficiency,
• recommendations development in the context of DR and HA,
• detailed risk analysis
• estimating the costs of implementing the necessary changes.

Your company will receive a full report containing a list of identified problem sources and recommendations for changes prepared by our specialists.