DB2 Audit Security Policies

Security Audits Coming Your Way

Is performance the number one issue for the DBA and the application teams or is security and governance? I guess it depends on your industry and point of view. With the latest WikiLeaks scandal, the new BASEL III requirements, HIPAA privacy requirements and many data breaches gaining press coverage, security audits of the DB2 environments are just around the corner.

With all the new DB2 10 SECADM capabilities, now is the time to embrace compliance activities and get ahead of issues within your DB2 environment. So the first items your DBA team needs to formalize are high level diagrams and documentation of the processes followed for defining system, database, application and data access security. These first items provide the framework of the compliance controls: risk identification, security evaluation and monitoring already established in your overall environment. These items set the compliance, security and performance baselines of your environment which has probably been secure for many years.

Baselines of application performance should also be established and included to show that security is streamlined effectively enough to support and not impact application performance. These baselines should help establish compliance controls the business can endorse and still provide excellent service to the business.

Establish DB2 Audit Compliance Priorities

Within the security audit and compliance issues, the business and compliance team needs to understand the priority of the different types of risks. Within each business, system or application area these risks will be different with different priorities. The DBA team working through the DB2 audit processes needs to understand the data access requirements, performance efficiency, confidentiality, availability and data integrity issues that are required for compliance. The DBA team along with the auditors needs to socialize these business concerns into formal documentation related to the HIPAA or other compliance guidelines established.

This formalization can help the DBA establish further documentation and leverage any existing disaster recovery, system availability, performance metrics and data integrity rules within the application. This can also help document any referential integrity (RI) required within the database or business structures. This RI documentation can be especially important when applications programmers are maintaining the database table RI within their application source code and the application gets older.

Many DB2 Audit Policies Possibilities

One of the first ways all of these compliance efforts are going to manifest themselves in the DB2 environment is through the new SECADM Security Policies. These Security Policies have a number of categories, potential user or access contexts and package and object level settings. The following category settings are going to need to be set up, so work with your compliance and security partners and come up with the best standards and schemes for your environment considerations.

  • DB2 Audit Policy Name(s) – must be unique
  • Policy setup timestamp/changed time/date
  • Package Collection id for the policy
  • Context or scope of the policy
  • Auto start policy with DB2
  • DBA Level to monitor
  • Schema(s) to monitor
  • Database(s) to monitor
  • Table(s) to monitor
  • Other Object(s) to monitor
  • Object maintenance type to monitor
  • Monitor security maintenance
  • SYSADMIN tasks to monitor

Given all the talk about monitoring SYSADMs, one of your first security policies should be to set this SYSADM monitoring up. This way your security and compliance personnel can understand how much work you are doing and not spending your time looking at the sensitive data.

Here’s a list with links to other posts that may help you improve your DB2 performance, security, and ease-of-use:

5 More DB2 SQL Performance Tips
Another 5 More DB2 SQL Performance Tips
5 Big Data SQL Performance Tips – Fixing Generated SQL
DB2 11 SQL Performance Improvements
5 More SQL Performance Tips for your Big Data
Hadoop SQL: 4 Reasons Why BigInsights Is the Best
Vital Java DB2 SQL Performance Considerations
More DB2 Family Security Best Practices Part 7: Preventing SQL Injection
DB2 SQL Security Audits


Dave Beulke is a system strategist, application architect, and performance expert specializing in Big Data, data warehouses, and high performance internet business solutions. He is an IBM Gold Consultant, Information Champion, President of DAMA-NCR, former President of International DB2 User Group, and frequent speaker at national and international conferences. His architectures, designs, and performance tuning techniques help organization better leverage their information assets, saving millions in processing costs. Follow him on Twitter here (@DBeulke) or connect through LinkedIn here (https://www.linkedin.com/in/davebeulke).

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>