If you look around in IT market, you will find so many software product available for different type of laboratory like environment, pharmaceutical and many more. You will also find so many software product available for health care, hospitals, insurance and doctors. I have observed many times that while developing all these application, many of the US government agency rules are ignored. If you are selling your product in USA, you shouldn’t ignore the rules & regulation provided by agencies. EPA (Environmental Protection Agency) and HIPAA (Health Insurance Portability and Accountability Act) are two of the example of those agency who controls environmental laboratories and health care company respectively.
I have personally observed , in my few of the past consultation project , that Software company, many times, ignore rules given by these kind of agencies while developing product. This ignorance or lack of knowledge will fit you in critical situation along with the user of this software product. Not only HIPAA or EPA but almost each government agencies always enforce security for database. They will not allow any security breach in database. There may be different level of security and rules given by different agencies but my intention is to define some generic advice to make the database & SQL Server security little more tighten. According to me the security advice are given in this article should be regardless of which software product you are using/developing or which government agency is going to audit your environment. You can apply even more security then given in this article but these advice should be implemented first to make sure that your server is not exposed to security breaches.
Click here to read completed