Take it off-line to any networked connection, internet or intranet. The only server that is secure is the local machine that never connects to anything except the power outlet to boot up & run & used by a single individual as the administrator. So employers require Powershell level of sophistication, which, again is yet another security risk. It's comical, the SSMS itself, the GUI is a security risk. IT Security people remind me of security at a gated community, they aren't real police officers, they might as well be your neighborhood watch program of volunteers. A server needs to be updated for the OS or even Database patches, whether it's a virtual machine or not, still vulnerable. Any server that has to be open to connection is a security risk. Tell me that as widespread as that was, that the top execs didn't know it was going on, the security people looked the other way and it went on for as long as it did. We all know who the embezzlers are, it's most often the executives. I mis-trust them more than I mis-trust any co-worker that uses the database to support operations in the business model of the corporation. All they do is shadow & spy on everyone and security breaches happen in spite of their gestapo-like presence. These people are like the most negative people you could ever be around, they're suspicious of everyone except themselves. Most data breaches I've ever seen are the internal hacks and information thefts from the control freaks that have to be the security experts. Those that really add no value other than to break things to justify their security careers. Just me, but the security issues are mostly disgruntled IT people, it's what I refer to as the enemy from within. Typical, security people have to bless the tools for DBAs to actually do their jobs.