What is most valuable?
Idera SQL Secure provides printable reports along with advice on how security settings should be configured. That in itself allows for more clear and detailed discussions with the organization’s auditing/compliance, as you move towards setting and being compliant with the security policy of your organization.
How has it helped my organization?
We were about to receive a group level audit when we deployed Idera SQL Secure. In a previous audit, we had received some bad ratings and advice on security for our SQL Server instances. Idera SQL Secure comes bundled with the best practices rules, advice and polices from Microsoft and other standards organizations. It is able to take snapshots of the current state of the servers for which it was configured to monitor, match that state against these best practice rules, and present you with a report. With that report, you can take action on what is right or wrong.
With this tool at hand, we were able to fix all of our issues, but there were a few which didn't apply to our specific case.
Furthermore, our Information Security Officer and internal auditing department are now able to monitor better and have a clear picture on the security state of our SQL Server instances at any point in time.
What needs improvement?
Usability and installation procedure could be made easier.
For how long have I used the solution?
I used it for three years.
What do I think about the stability of the solution?
Idera SQL Secure is very stable. Once it is deployed and configured, we never had to worry about.
What do I think about the scalability of the solution?
Idera SQL Secure scales well. We were monitoring at least 5 huge servers being used for OLTP by around 300 users concurrently on a daily basis.
Scalability should not even be considered an issue as Idera SQL Secure takes snapshots in defined intervals. This means that it is not constantly consuming resources on your servers. Most of the time when using it, users will just be seeing reports on those snapshots.
How are customer service and technical support?
We had a few issues with the deployment, but it was mostly due to our lack of experience. We were able to get online chat support in a timely fashion.
In addition to dealing with tech support, the account manager is also able to provide us with very good insights into how to use and deploy the product.
Which solution did I use previously and why did I switch?
We were using SQL Audit but ditched it in favor of a combination of Idera SQL Secure, Idera SQL Compliance, and Redgate SQLMonitor, mostly because SQL Audit was very aggressive and created locks on the databases. In addition, it kept increasing the log file for the databases, which always meant midnight surprises and maintenance nightmares.
How was the initial setup?
We had just a few hiccups, but it was mostly due lack of experience and a few misunderstandings about it. In general, it was an easy process.
What's my experience with pricing, setup cost, and licensing?
It's more than worth the cost.
Which other solutions did I evaluate?
Before choosing this product, we evaluated SQL Audit.
What other advice do I have?
Shut up and pay. It's more than worth the cost.
This is an easy go. This product will help you in keeping compliant to whichever security standards you are trying out, or must adhere to.
I suggest checking out its companion product Idera SQL Compliance, as they complement each other.
In addition, the site for this product contains a small set of videos explaining how it works and how to go about the setup. Try watching those first and keep them handy if you have to setup and explain how it works to your internal auditing or ISO team who may not be familiar with it.