Hard2bit

Industry · Critical infrastructure

Infrastructure and database performance at an industrial multinational

A large European industrial multinational — the kind of environment where every access is logged and every change needs a signature — needed an external provider able to work on its critical SQL databases — in an environment where access to information demands vetted personnel, reinforced non-disclosure agreements and full traceability of every action. Several years on, the engagement keeps being renewed: processes that took hours now run in minutes, and not a single security incident is attributable to the service.

Sector

Industry · European multinational

Size

European multinational

Service

Infrastructure · SQL performance · development

Environment

high confidentiality · named accounts

Duration

several years (ongoing)

Outcome

processes from hours to minutes · 0 incidents

The starting point

The SQL databases underpinning the company's critical processes had grown faster, year after year, than anyone's ability to tune them. Overnight batch runs were creeping dangerously close to the start of the working day: whenever one failed to finish on time, it compromised the following day's operation. The company needed specialised capability in performance, infrastructure and development that its internal team could not absorb — but not just any provider would do.

In this environment, access to information demands the highest level of trust: vetted personnel, reinforced non-disclosure agreements, named accounts and complete traceability of every action. When a third party touches sensitive systems and data, security is not an added service — it is the condition of entry. The client's question was never merely "can you optimise SQL?" but "can we let you in?".

How we approached it

  1. Team enablement before touching anything — vetting of the assigned personnel, reinforced non-disclosure agreements at company and individual level, and training in the client's internal rules. Every team member on a named, non-transferable account: no action without a full name behind it.
  2. Performance diagnosis of the critical databases — analysis of queries, indexes, locking and execution plans against real data, but with the minimum access necessary: each profile sees only what its task requires. The diagnosis ranked processes by operational impact, starting with the overnight runs that threatened the following day.
  3. Optimisation under high-security discipline — every change audited and approved before execution, within a controlled maintenance window and with a tested rollback plan. A new index or a rewritten query goes through the same change control as any access: nothing gets touched "on the fly".
  4. Development integrated into the client's SDLC — development work done inside the client's tools, repositories and lifecycle, with information never leaving its perimeter. No data copies, no provider-owned devices, no external repositories: everything lives where the client lives.
  5. A long-term relationship renewed on results — in an environment where suppliers are audited continuously, renewal is not negotiated: it is earned. Years of sustained collaboration built on two pieces of evidence — critical processes cut from hours to minutes, and zero security or confidentiality incidents attributable to the service.

Results

hours → minutes

for critical processes: overnight runs stopped threatening the next day's operation

0

security or confidentiality incidents attributable to the service across the entire engagement

years

of renewed collaboration in an environment where suppliers are audited continuously

The most visible impact was operational: processes that took hours now run in minutes, and the overnight jobs that used to threaten the next working day are no longer a risk. But the result that sustains the relationship is a different one — in several years of work on sensitive systems and data, not one security or confidentiality incident attributable to the service.

In an environment where every supplier is reviewed continuously, that combination — measurable results and a clean record backed by full traceability — is what turns a one-off contract into a collaboration spanning years. Trust was never declared in the first proposal: it was demonstrated, renewal after renewal.

What made it work

  • In high-security environments, performance and security are worked together: every optimisation goes through the same change control as any access.
  • Trust is not declared — it is demonstrated, with named accounts, logs and full traceability of every action over years.
  • An external provider can operate inside a demanding client's perimeter, provided it accepts that the client's rules come first, always.

Frequently asked questions

How does an external provider work in highly confidential environments?

By accepting that security is the condition of entry, not an annex to the contract. Before touching a single system, the team goes through an enablement process: vetting of the assigned personnel, reinforced non-disclosure agreements at both company and individual level, training in the client's internal rules, and named accounts — every credential belongs to an identified person, with no shared logins. From there, every action is logged and traceable: who accessed what, when, and under which approved change. Trust is not declared in a proposal; it is demonstrated in the records.

Why is database performance also a security matter?

Because availability is one of the three pillars of information security. An overnight process that fails to finish on time compromises the next day's operation just as an incident would; and a badly executed optimisation on a critical database can do more damage than many attacks. That is why every performance change — a new index, a rewritten query, a forced execution plan — goes through the same control as any access: review, approval, a controlled maintenance window and a tested rollback plan.

What does the client gain over solving it with internal staff?

Sustained specialisation without growing headcount. Optimising critical databases is a niche discipline: it demands up-to-date expertise in execution plans, locking and concurrency that an internal systems team can rarely maintain. A vetted external team brings that knowledge when it is needed, works inside the client's tools and development lifecycle, and leaves everything documented within the perimeter — so the operational knowledge stays in-house rather than walking out with the provider.

How do you guarantee information never leaves the client's perimeter?

By always working inside it. All the work — diagnosis, development, documentation — is carried out on the client's systems and tools, under named accounts and the client's own monitoring. No data copies are extracted, no provider-owned devices or repositories hold client material, and nothing is moved to third-party systems. The principle of least privilege completes the picture: each profile sees only what its task requires, and nothing more.

Related services

Do your critical systems demand more than an ordinary provider can give?

We work inside your perimeter and by your rules: vetted personnel, named accounts, audited changes and full traceability. Performance and security, under the same change control.