Streamlining IT Support in NJ: Tips for Efficient and Effective Database Services

Streamlining IT Support in NJ: Tips for Efficient and Effective Database Services

If you’re a small to midsized business (SMB) looking for comprehensive third-party IT support in NJ, you might have noticed a problem: many managed service providers (MSPs) do not specifically offer database administration (DBA) services. The care and feeding of databases is business-critical and takes special skills. Yet MSPs tend to lump DBA services in with other IT administrative functions.

For example, here is a “menu” of services available from an MSP offering IT support in NJ:

Popular IT Support Services in New Jersey

  1. Help desk
  2. 24×7 remote monitoring and management of your IT environment
  3. On-site IT support as needed
  4. Offsite backup/storage
  5. Email security
  6. Managing your public cloud footprint
  7. Training on cybersecurity awareness and other topics

Those services cover a lot of ground, including everything from computers and mobile devices to your business networks to your company internet to cybersecurity. But what about DBA activities, including specialized tasks like performance tuning, database development, database security, managed database hosting, etc.? Possibly those are covered under service #2… But how thoroughhgoing is the actual service? Are the people watching your database certified DBA experts? Or general-purpose “IT guys” who may or may not know your database environment, yet have your most valuable and sensitive data in their hands?

IT Support NJ: Ensuring first-rate DBA services

Whether you have mission-critical data housed in Oracle, Microsoft SQL, MySQL, PostgreSQL, or another database environment, your MSP could very well be using jack-of-all-trades IT systems administrators to manage your database environment—not specialist DBAs. That might be fine if your database estate is simple, or you’re lucky enough to have in-house know-how to backstop your MSP. Or you might find out the hard way that your MSP’s current level of DBA expertise is not enough, by experiencing inefficient database operations, application downtime, compliance issues, data loss, and/or security vulnerabilities.

What’s the alternative for SMBs seeking comprehensive IT support in NJ or the New York City metro area, including expert DBA services? You can augment your MSP’s IT support with an outsourced NJ-based DBA who functions as an extension of your MSP’s team. Or you can find an MSP that has certified DBAs onboard. Either way, you keep all the managed service benefits, like cost savings and on-demand flexibility, while improving IT efficiency and reducing database-related business risk.  

Should you consider an outsourced DBA partner?

Regarding your current level of DBA support, does your database infrastructure run smoothly with little to no downtime, slowdowns, or other issues that frustrate users? Do your users, customers, etc. enjoy application performance and reliability that meets agreed service levels? Is your database environment proactively managed to address potential problems before they impact users? Is your data helping you meet business goals?

If the answer to any of these questions is no, you’re answering any of these in the negative, consider adding a specialist DBA partner to your managed IT support in NJ. You need to feel confident that whoever is managing your database knows exactly what they’re doing. Your database is too important to trust to chance. 

A DBA partner can work with your business directly, alongside your MSP, to provide the great database support your business needs and deserves. 

Streamlining IT Support in NJ: What’s next?

If you’re looking for IT support in NJ that includes reliable, cost-effective, expert DBA services, contact Buda Consulting to schedule a free 15-minute call. We can help you get more value from your data and your database investments.

Professional SQL Consulting Services: Unlock Your Data’s Full Potential

Professional SQL Consulting Services: Unlock Your Data’s Full Potential

If you are looking for Microsoft SQL consulting services, it’s key to identify the right partner for your specific needs. 

Many organizations need help with SQL database operational tasks like performance tuning, troubleshooting database issues, or handling a migration or upgrade. Most SQL consultants offer these services.

But businesses increasingly want to master and move beyond database operational efficiency—to unlock their data’s full potential and deliver the insights that support better, quicker decisions. This takes a specialist SQL consulting services partner that can architect, model, build, manage, and secure big data and data warehouse systems and deliver business intelligence (BI) via user-friendly dashboards. 

What is Business Intelligence?

Data is the starting point for business-critical decisions. Yet study after study finds that very little of the data most companies collect is ever used for analytics. 

Business intelligence (BI) is the process of using technology to analyze data and extract actionable insights that help executives and others make better informed decisions, while also reducing reporting lead time. To make BI possible, data from internal and/or external sources must be prepared for analysis, then queried to yield data visualizations, reports, and dashboards. These tools represent the results to suit different strategic planning and operational decision-making audiences. 

BI Benefits & SQL Consulting Services

Companies exploit BI for a variety of reasons, from streamlining business processes to improving customer knowledge to developing “big picture” perspectives on new market opportunities. Some of the industries where BI is most critical for competitive success include retail, food & beverage, transportation & travel, and energy/oil & gas. 

Benefits that many organizations experience through developing BI capabilities can include:

  • Improved customer satisfaction
  • Greater employee productivity
  • More accurate reporting
  • More accurate competitive analysis
  • Stronger ability to see and forecast market trends
  • Enhanced ability to identify new business opportunities, revenue sources, etc.
  • More comprehensive knowledge of business performance
  • Better data quality

What is Data Modeling?

Data modeling analyzes data objects and plots how they relate to one another. This process structures the data for BI activities and is a prerequisite step before loading data into a data warehouse or data lake.

Data modeling helps you understand your data and make the best technology decisions to store and manage it. A comprehensive data model is also the basis for developing SQL database applications.

Some of the benefits of data modeling include:

  • More efficient database development with fewer errors
  • More consistent and complete data documentation, including a data dictionary
  • A common language to help data scientists and business teams communicate about BI requirements

A rigorously optimized data model helps eliminate redundancy in your SQL database, which reduces storage needs and supports efficient retrieval. The goal of data modeling is to give the business clean, consistent, structured data that can support BI and achieve consistent, effective results.

SQL consulting services focused on the data modeling process can help accelerate the transformation of a company’s “dark” data into business intelligence. From there, you can readily answer future questions regarding that data—to deliver business value for years to come without the need for extensive SQL coding. 

SQL Consulting Services for Successful BI

SQL Server is a leading platform for data warehousing, analysis, reporting, and BI to make your business more competitive and efficient. But successful BI outcomes depend on clean data, best-practice database maintenance, proactive performance tuning, and expert planning/strategy.

If you don’t have BI expertise in-house, the right SQL consulting services partner can provide specialized solutions like: 

  • SQL Server and/or Microsoft Azure SQL architecture 
  • SQL Server and/or Microsoft Azure SQL application development
  • Big data and data warehouse architecture and interface development
  • Extract-transform-load (ETL) process development
  • Data analytics queries
  • Data reporting tools

What’s Next?

There’s no question that effective BI can improve competitiveness, profitability, and resilience. Yet a very high percentage of BI projects fail or show excessively long time to value. Data quality issues are a common problem, as are inadequate project planning and poor requirements definition.

Engaging a SQL consulting services partner with proven BI expertise and project success can help improve the odds of success for your company’s BI initiative. 

If you are looking for a SQL consultant that can customize their offerings for your needs, objectives, budget, and in-house capabilities, contact Buda Consulting to schedule a free 15-minute call. We can accelerate time to value and reduce business risk on BI projects leveraging Microsoft SQL Server, Oracle, PostgreSQL, MySQL, and other database environments.

 

The Real Risks of AI

The Real Risks of AI

The recent release of ChatGPT, Bard, DALL-E 2, and Stable Diffusion has caused a lot of excitement and a lot of fear. In this article, we are going to dive deep into the real risks of AI.

The fear takes a few forms. Some are afraid that this will lead to computers becoming sentient and taking over the world. Others are afraid that it will lead to the elimination of jobs. Still others are afraid that it will lead us all to stop thinking and to depend too much on these new tools, resulting in less creativity and less progress. 

I think all of the above fears are exaggerated and that the benefits of AI will likely outweigh the risks in the long run. 

But there is another kind of risk that I am very concerned about and that is the topic of this article.

The Risks of AI: Garbage In – Garbage Out

When computers first took hold in corporations around the world, when applications started performing calculations on data held in databases, and reports were generated from that data, a common refrain was heard in IT departments. And as I think of it, I have not heard this sentiment spoken very often recently.  “Garbage in – Garbage Out”.   This saying was shorthand for saying that the quality of the output of any computer program was only as good as the data entered into the database used by the program.

Initially, all data for a given program was entered by and specifically for the company that was using the application, and often by the specific department using the data.  This meant that the company had significant control over the quality of the data and an understanding of the origins of the data.  Many companies did a poor job of controlling the quality of the data and of the entry of the data, but they did have visibility into the source of the information and could determine the quality of it when needed.

AI Data Sources Have Changed

In the many years since then, much has changed. Now in addition to data generated by and entered by a company, its applications use a great deal of data that is gathered from outside sources. There are thousands of available data sources, both public and private, that can be purchased and used by internal applications, with very little control or visibility into the quality of that data. While the quality of internally generated data has tended to improve over time with better controls at the database and application level, there is far less visibility or control of the quality of the external data sources. 

The inclusion of these outside data sources makes validating the results of the calculations, reports, and other outputs very critical. Today, there is still generally a human interpreting these reports and calculations, and making decisions based on them. This interpretation is the last line of defense against ‘Garbage Out’.  In almost any business application, an experienced user can spot an incorrect result. They might not know what is wrong, but they can tell something is wrong, sending developers and database administrators back into the data to figure out where the problem is.  This plays out every day in every organization.

AI Magnifies Garbage In – Garbage Out

Traditional applications present the data they ingest in different forms (reports, graphs) so that humans can make decisions based on those presentations. 

AI applications take it a very significant step further. They don’t present data that helps the user make a decision, instead, they make decisions for the user.  This is a very significant difference because the user no longer has visibility into the semi-processed data that could have clued them into a problem with the data. Some AI models will list the sources and logic they used to make the decision, but even that does not give visibility into the actual data used. 

If a well-developed and tested AI model had perfect data, the results would be, well, perfect. AI models learn from the data that they ingest.  But AI models, especially general use models like the ones mentioned above, use free, publicly available datasets. The quality of this data is suspect at best.  And the organization of the data (in effect the underlying data models) can influence the inferences drawn by the models. 

Other Risks of AI: A Real-World Example

I listen to a podcast called the All-in Podcast.  This podcast features four well-known investors who talk about politics, investing, and other interesting topics. During an episode shortly after the release of ChatGPT, they asked the AI chat tool to give a profile of one of the hosts (David Sachs).  The model created a very accurate-looking profile of Sachs, but in the footnotes, attributed a number of articles to him that he did not write.  I suspect he had commented about those articles, and the model made inaccurate inferences about his involvement in the articles. 

This is a perfect example of the risk of not having control or visibility into the data sets used by the AI models. 

The Real Risks of AI

So in my opinion, the real risk of AI is humans taking action based on the decisions and answers generated by models that use uncontrolled data.  The example I gave is a trivial one, but I am sure you can imagine many examples where an action made as a result of a faulty AI decision can be disastrous (choosing proper building materials, as one example).

So after all these years, awareness of Garbage In – Garbage out is more important than ever.

Securing Your Database: The Importance of SQL Server Audit to Safeguard CUI

Securing Your Database: The Importance of SQL Server Audit to Safeguard CUI

Businesses that handle Controlled Unclassified Information (CUI) or other sensitive data need to comply with applicable information security and privacy regulations to minimize the risk of a data breach, data loss, and other threats to data confidentiality, integrity, and availability. This generally includes regularly or continuously monitoring and auditing all the activities taking place in your Microsoft SQL Server environment. 

To help automate this critical monitoring process, Microsoft provides SQL Server Audit, a tool built into SQL Server that can read database transaction logs to provide information about data and object changes affecting the database. By keeping tabs on how a database is being used, DBAs or security teams can spot suspicious actions that could indicate a potential incident, such as a data breach or cyber attack. 

How SQL Server Audit Works

SQL Server Audit lets you track and analyze events taking place on Microsoft SQL servers to reveal potential vulnerabilities and threats to CUI. It enables you to log all changes to the server settings, as well as record all server activities, in a special database table.

For example, you can check SQL Server Audit data for suspicious log events that point to unauthorized network access. Other activities you can log with SQL Server Audit include:

  • Insert, update, and delete attempts to the server table
  • Connection and login attempts, including both, failed and successful logins
  • Database object access attempts
  • Database management activities
  • Admins and other users who connected to the database engine
  • Creating new logins and databases

You can choose from among several levels of auditing with the SQL Server Audit tool, depending on your specific compliance requirements (e.g., compliance with CMMC Level 2 versus CMMC Level 3). You can create server audits to log server-level events, and/or database audits for database-level events. 

SQL Server Audit Benefits

The overall goal of SQL Server audits is to track how database records are used, who accessed them, and when. This data can help you comply with data protection and privacy regulations, including those governing CUI on non-government systems. It can also improve your information security and incident response—the ability to prevent, detect and contain an attack or data breach impacting your database.

Database auditing also improves your confidence in the accuracy, consistency, and completeness of your data for analytics purposes. Finally, it helps you chart a path of continuous improvement by uncovering problems with your database security, administration, and/or monitoring.

Most common SQL Server Audit levels to protect CUI

Guidance on safeguarding CUI generally recommends implementing either of two SQL Server Audit levels as part of your SQL database audit program: C2 Audit or Common Criteria Compliance. These are the most widely used international standards for SQL auditing.

C2 Audit records data beyond the SQL Server, such as who triggered what events in which database, the event type, the server name, and the event outcome. To get started, you assign an audit ID to each group of related processes starting at login. System calls that these processes perform are thereafter logged with that audit ID. Examples include calls to open or close files, calls to change directories, and failed or successful login attempts.

Common Criteria Compliance replaces C2 Audit processes in many compliance frameworks. This approach uses Extended Events (superseding SQL Trace) to gather audit event details. To residually protect CUI, you can filter specific events out of the trace and subsequently use them in applications that manage SQL Server. Note that Common Criteria Compliance can impact SQL Server performance and should ordinarily be enabled only if your guidance on safeguarding CUI mandates it.

Key SQL Server Audit actions to protect CUI

These are some of the most critical SQL Server events to log for most organizations:

  1. Failed login attempts. This data is vital to identify attempted or successful attacks on your database.
  2. Role member changes. This tells you when a login is added or removed from a server or database role, so you can track your privileged users. and know if an unauthorized user was added.
  3. Database user changes. Like with role member changes, this event tells you when users are created, changed, or deleted from a database so you know who has access within a SQL Server instance.
  4. Database object adds/deletions/changes. While this can create bulky audit logs, guidance on safeguarding CUI frequently mandates it.
  5. AUDIT_CHANGE_GROUP. Logging this event lets you identify when a user is altering or disabling your audit logs to “cover their tracks,” and is often required in audit guidance on safeguarding CUI. Or, this event may just alert you if a DBA disables auditing to temporarily improve SQL Server performance and forgets to re-enable it. 

It’s important to carefully choose the SQL Server events you want to audit based on compliance requirements, so you don’t need to filter unnecessary data. However, it’s important to log unsuccessful as well as successful events, as failures are a top way to spot attacks in progress and identify abuse of privileges.

Guidance on Safeguarding CUI Data: Next steps

Most orgs that handle CUI or other sensitive data are subject to one or more regulations like NIST 800-171, the Cybersecurity Maturity Model Certification (CMMC), HIPAA, Sarbanes-Oxley (SOX), PCI-DSS, etc. The inability to pass a compliance audit puts you at significant risk of fines, legal sanctions, or potentially even criminal prosecution under the US Department of Justice’s False Claims Act.

A database vulnerability assessment performed by Buda Consulting experts will identify any compliance issues with your database environment. This will provide the guidance on safeguarding CUI and other sensitive data that you need to achieve—and demonstrate—compliance to regulators and other stakeholders. 

Contact us to schedule a free 15-minute call to discuss how a database vulnerability assessment can help your business meet its compliance goals.

Oracle Database Assessment: Here’s What to Focus On

Oracle Database Assessment: Here’s What to Focus On

Organizations need to keep a close watch on Oracle operations to ensure agreed service levels are always being met. Database downtime can quickly lead to financial and reputational impacts, making periodic Oracle database assessments integral to the smooth operation of your most critical business systems—and thus your company itself.   Also called Oracle database health checks, Oracle database assessments are part of creating what we like to call a boring database environment: No surprises and no downtime. This peaceful state doesn’t happen by accident, but requires planning and commitment to best practices.  This post explains what an Oracle database assessment should mainly focus on.

What to Check

Oracle database assessments can potentially include a wide range of tasks and probes, some of which might come under the heading of performance tuning, security vulnerability testing, or everyday DBA tasks (e.g., patching).    But to be effective, an Oracle database assessment needs to cover all the key installation, configuration, and policy factors that help improve uptime and/or prevent downtime. Even currently minor issues can cascade towards failure if left unchecked.   Some of the most important parameters and elements in your database environment to review and optimize include: 

  • Alert logs and trace files, to see if any events show up that point to potential database problems 
  • Database maintenance procedures, to validate best practices are being consistently followed
  • Parameter settings, to look for values that can negatively impact performance, security, stability, etc.
  • Data block validation, to identify corrupt blocks and missing files, which are prime causes of database outages
  • Finding invalid objects, which can proliferate and hurt performance and stability
  • Identifying index and tablespace fragmentation, both top causes of degrading database performance 
  • Validating important file configurations like datafiles, Redo log files and Archive log files to ensure database file and backup file integrity and prevent data loss and crashes
  •  Memory, CPU, and disk usage review to proactively address low resource conditions that can impact performance and stability

In-house or Outsource?

Oracle database assessments require significant expertise and attention to detail, especially if your environment is complex with many interrelationships. While in-house DBAs can perform Oracle database assessments, a fresh set of unbiased eyes from outside your organization can add a valuable perspective, while also offering expert guidance and sharing best practices.

Expect a Detailed Report

Whether you perform your Oracle database assessment in-house or outsource it, stakeholders should expect a comprehensive report that documents and prioritizes areas of concern and recommends best-practice next steps in line with business goals. 

What About Database Security?

In our experience, database security is often overshadowed by other security priorities.  Yet database security protects the lifeblood of your business—its sensitive data—and must be a core part of your overall cybersecurity program and strategy.  Because of database security’s importance and complexity, it makes sense to conduct Oracle database security assessments as an adjunct to your Oracle database assessments. A holistic approach that secures the data, the database configuration, identities and access, the network, the database server, and the physical environment is key to eliminating vulnerabilities and mitigating business risk.   Some database security “quick wins” we often recommend to clients include making the best use of Oracle’s built-in security features, which you’re already paying for as part of your database package. This includes downloading the Oracle Database Security Assessment Tool (DBSAT). This free tool scans your database and gives you a security profile including your overall database security configuration, users & entitlements, and sensitive data identification.

What’s Next?

Based on decades of experience helping our clients keep their databases stable and running optimally, Buda Consulting offers a 35-point Oracle database assessment that is reliable, thorough, unbiased, and keeps your in-house DBAs focused on other essential tasks.  Contact us to schedule time with an Oracle expert to talk over your situation, goals, and concerns.  

5 Ways Remote DBA Services Can Help Your Business

5 Ways Remote DBA Services Can Help Your Business

Many SMBs today look to establish and maintain a core IT team that has the expertise and agility to respond to business demands, such as developing and updating custom applications. For non-core/maintenance processes like database administration, there are many benefits to partnering with third-party experts who can handle these time-consuming, specialized tasks reliably and efficiently. This is why remote DBA services have become one of the most prevalent forms of IT outsourcing.

What are remote DBA services?

Remote DBA services can cover a wide range of everyday database tasks, including:

  • Database administration (e.g., user administration and space management)
  • Performance monitoring and tuning
  • 24×7 database support 
  • Report development
  • Database health checks and troubleshooting
  • Database security monitoring
  • Database upgrades

Here are 5 ways that remote DBA services can benefit your business.

One: Save money and reduce business risk associated with hiring skilled technical resources

Demand for skilled DBAs exceeds supply and salaries are averaging well above $100,000 plus benefits. Hiring qualified technical staff is time-consuming, challenging for HR staff, and risky due to high turnover and potential competence issues.  The cost to engage remote DBA services is generally 40% to 60% lower than hiring a full-time employee. Further, a remote DBA services team can offer specialized skills and up-to-date product knowledge on demand that the individual you hire may not have.

Two: Better staff continuity

Ironically, high turnover and poor retention of skilled technical resources mean that many businesses get better staff continuity and knowledge transfer by leveraging remote DBA services than by hiring in-house DBAs.  At a minimum, leveraging remote DBA services means you can rest assured of continuity of services, without the risk of losing a key DBA and being left without that critical resource. You’re also less likely to be impacted by inevitable issues like vacations, maternity leave, illness, etc. Many remote DBA services offer 24×7 coverage for your environment, with rapid response in emergencies.

Three: Improved database operations

Especially for SMBs struggling to cover critical database tasks, relying on remote DBA services can improve your database availability and performance. Remote DBAs have your database environment as their top priority and can be more proactive about improving service levels versus reacting to problems in a break-fix manner when they manifest. For example, database health checks are key to ensuring maximum uptime for your critical databases. But these can be complex to organize and perform to avoid impacting users and workloads. Remote DBA services can ensure that health checks and other maintenance and administrative tasks are performed routinely and efficiently. 

Four: Increased scalability

As your business grows or your specific database needs change, you might find you need to augment current database staffing. A remote DBA services arrangement makes it easy to get more bandwidth and/or additional expertise without the extensive cost and time required for a full-time hire. A remote DBA can also support your business to scale up by ensuring that your database can handle increasing amounts of data and transactions.

Five: Improved database security

Information security is a specialty discipline, and database security is a specialty within that specialty. Many DBAs don’t have these hard-to-find skills, which results in critical data being vulnerable to cyber-attack. Your business may also be out of compliance with security requirements in applicable regulations like HIPAA, PCI-DSS, Sarbanes-Oxley (SOX), the Gramm-Leach-Bliley Act (GLBA), etc. A remote DBA service can help improve your database security by applying best practices, including helping you develop strong security policies, patching your database environment, auditing your databases for vulnerabilities with automated tools, and reviewing user and administrative rights and privileges.

Next Steps For Remote DBA Services

Buda Consulting has been a preferred remote DBA services partner to global brands and SMBs for Oracle, SQL Server, MySQL, and other database technologies for over 25 years. Our staff consists of certified database professionals capable of managing the most sophisticated database architectures.  Contact us to talk about your database requirements and how Buda Consulting can help.