SQL Server Security Assessment
Designed to complement frameworks like CIS and NIST - by uncovering real security gaps beyond checklist-based reviews.
SQL Server Security: Architected for the Modern Threat Landscape
Proprietary assessments led by a former Microsoft Data Platform Security Program Manager. We identify the lateral movement risks and permission creep that generic scripts ignore
The Iceberg of Risk
Revealing the Surface: SQL Security Deep-Dive
Generic scripts only see the tip of the iceberg—often just listing every member of the sysadmin role and a few well-known risky settings.
Our assessment dives into the deep water where actual breaches occur:
- Identity & Context: We differentiate between various identity types and analyze the circumstances that make a setting exploitable versus safe to use.
- Hidden Escalation Paths: We don’t just show you who has access; we expose the hidden architectural paths attackers use to escalate privileges, such as Unsafe Linked Servers and schema ownership-chaining.
- Cryptographic Resilience: Acceptable encryption standards degrade over time. We move beyond a simple “yes or no” audit, analyzing your entire encryption chain for vulnerabilities against modern computing power and future quantum threats.
- Legacy Authentication Threats: With the impending phase-out of NTLM, mapping your legacy authentication usage is now critical for both security and future compatibility.
Choose Your Security Assessment Tier
Simplified
Executive & Technical
Executive & Technical
Executive & Technical
(Core check only)
Operational Baseline
Compliance-Aligned
Not sure which assessment tier is right for your environment?
Contact us for a brief scoping call to discuss your architecture, compliance requirements, and specific security goals.
Technical Readiness for HIPAA Safe Harbor (HR 7898)
Strengthen your defensive posture and document your commitment to recognized security practices.
The HIPAA Safe Harbor Act (H.R. 7898) requires HHS to consider whether an organization has “Recognized Security Practices” in place when determining fines or audit outcomes. Our assessments are built on over 25 years of SQL Server engineering expertise to identify architectural vulnerabilities and permission creep. We provide the technical documentation and remediation roadmaps necessary to help your organization demonstrate a consistent history of following industry-standard security hardening.
Hardening is a Process, Not an Event
Our Delta-Check validates your remediation efforts. After applying our roadmap, we re-run the assessment to confirm that risks have been reduced and compliance posture has improved.
Before
After
What You Get
This is not a scan or checklist. It produces structured, decision-ready output. It produces structured, decision-ready output for both technical and non-technical stakeholders.
- Executive Summary Report
Clear overview of key risks, with focus on what matters for management and risk decisions. - Detailed Technical Report
Per-check breakdown with evidence, affected objects, and actual findings from your environment. - Prioritized Findings
Each issue is classified (PASS / OBSERVE / WARNING / FAIL) to clearly separate noise from real risk. - Actionable Recommendations
Concrete remediation steps with estimated level of effort – not generic best practices. - Attack-Path-Oriented Analysis
Focus on how misconfigurations and permissions can actually be chained together and exploited. - Consistent, Structured Output
Standardized results across all checks, enabling filtering, comparison, and Delta-checks to measure configuration drift.
Unlike traditional assessments, the focus is not on theoretical best practices, but on what can actually be exploited in your environment.
Compliance & Framework Alignment
This assessment is designed to support common security and compliance frameworks such as CIS Benchmarks, NIST, ISO 27001, and PCI / HIPAA. However, instead of relying on checklist-based validation alone, the focus is on identifying real-world security risks, misconfigurations, and privilege escalation paths that are often missed in standard compliance reviews.
Important:
This is not a compliance certification. It provides technical evidence and actionable findings that can support audits, internal reviews, and risk management discussions.
Built by
- Former Microsoft Program Manager (SQL Server Security / Permissions)
- Led design of parts of the SQL Server permission model
- 25+ years SQL Server experience
- One of 7 Microsoft Certified Solutions Masters worldwide
Additional expertise:
Ready to understand your real SQL Server security risk?
Get a technical assessment tailored to your SQL Server environment and start building your compliance-ready security posture today.
If your environment is “compliant” but you’re not confident it would withstand a real attack – this is where to start.
Intellectual Property & Trade Secret Notice
The Sarpedon Assessment logic, scoring models, and automation scripts constitute Confidential Trade Secrets protected by Copyright.
This framework represents over 25 years of SQL Server expertise, including high-level roles within Microsoft Data Platform Security.
Our clients receive an exclusive analysis derived from internal Microsoft engineering experience that cannot be replicated by public-domain tools.
Nature of Service: This assessment is a point-in-time technical review of SQL Server configurations. While aligned with recognized security frameworks, Sarpedon Quality Lab is not a certifying body. Implementation of remediation roadmaps is the responsibility of the client.