A database designer's favourte features in SQL Server...with a bit of Azure SQL DB, too.
Always Encrypted
Row Level Security
Microsoft Purview
Azure Enabled SQL Server
Azure Defender for SQL
Azure Defender for Cloud
Dynamic Data Masking
Ledger Database and Tables
Data Privacy
Data Governance
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...Karen Lopez
SQL Server includes multiple features that focus on data security, privacy, and developer productivity. In this session, we will review the best features from a database designer’s and developer’s point of view.
– Always Encrypted
– Dynamic Data Masking
– Row Level Security
– Data Classification
– Assessments
– Defender for SQL Server
– Ledger Tables
…and more
We’ll look at new and older features, why you should consider them, where they work, where they don’t, who needs to be involved in using them, and what changes, if any, need to be made to applications or tools that you use with SQL Server.
You will learn:
– The pros and cons of implementing each feature
– How implementing these new features may impact existing applications
– 10 tips for enhancing SQL Server security and privacy protections
Karen's Favourite Features of SQL Server 2016Karen Lopez
Slides from a one hour webinar on Karen Lopez's favorite features from database designer's point of view. Topics include Always Encrypted, Data Masking, Row Level Security, Foreign Keys, JSON and more.
Notice an error? Let me know. I welcome this sort of feedback.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services (and not only). In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services. In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Does SAS® implicit SQL pass-through sometimes fail to meet your needs? Do you sometimes need to communicate directly with your Oracle® or DB2® database in that database\'s native language? Explicit SQL pass-through might be your solution.
The author briefly introduces syntax for explicit SQL pass-through queries before showing examples of specific situations when explicit pass-through queries solve problems when extracting data. The author discusses the relationship between processing location and processing speed. She also gives specific examples of how differences between Oracle, DB2, and SAS sometimes make it necessary to do the initial extraction or transformation of data via pass-through. The examples used to illustrate the differences between the RDBMS and SAS include numeric precision and naming conventions. A brief discussion of differences in SQL dialects and functions between systems is also included.
Microsoft Azure zmienia się. Jego częśc poświęcona bazie danych (Windows Azure SQL Database) zmienia się jeszcze szybciej. Podczas tej sesji chciałbym pokazac tym, którzy nie widzieli, oraz przypomniec tym, którzy już coś wiedzą - o co chodzi z WASD, jakie zmiany nastapiły i czego możemy po tej bazie oczekiwać. Dla odważnych będzie okazja podłączenia się do konta w chmurze i przetestowania ych rozwiązań samemu.
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...Karen Lopez
SQL Server includes multiple features that focus on data security, privacy, and developer productivity. In this session, we will review the best features from a database designer’s and developer’s point of view.
– Always Encrypted
– Dynamic Data Masking
– Row Level Security
– Data Classification
– Assessments
– Defender for SQL Server
– Ledger Tables
…and more
We’ll look at new and older features, why you should consider them, where they work, where they don’t, who needs to be involved in using them, and what changes, if any, need to be made to applications or tools that you use with SQL Server.
You will learn:
– The pros and cons of implementing each feature
– How implementing these new features may impact existing applications
– 10 tips for enhancing SQL Server security and privacy protections
Karen's Favourite Features of SQL Server 2016Karen Lopez
Slides from a one hour webinar on Karen Lopez's favorite features from database designer's point of view. Topics include Always Encrypted, Data Masking, Row Level Security, Foreign Keys, JSON and more.
Notice an error? Let me know. I welcome this sort of feedback.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services (and not only). In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services. In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Does SAS® implicit SQL pass-through sometimes fail to meet your needs? Do you sometimes need to communicate directly with your Oracle® or DB2® database in that database\'s native language? Explicit SQL pass-through might be your solution.
The author briefly introduces syntax for explicit SQL pass-through queries before showing examples of specific situations when explicit pass-through queries solve problems when extracting data. The author discusses the relationship between processing location and processing speed. She also gives specific examples of how differences between Oracle, DB2, and SAS sometimes make it necessary to do the initial extraction or transformation of data via pass-through. The examples used to illustrate the differences between the RDBMS and SAS include numeric precision and naming conventions. A brief discussion of differences in SQL dialects and functions between systems is also included.
Microsoft Azure zmienia się. Jego częśc poświęcona bazie danych (Windows Azure SQL Database) zmienia się jeszcze szybciej. Podczas tej sesji chciałbym pokazac tym, którzy nie widzieli, oraz przypomniec tym, którzy już coś wiedzą - o co chodzi z WASD, jakie zmiany nastapiły i czego możemy po tej bazie oczekiwać. Dla odważnych będzie okazja podłączenia się do konta w chmurze i przetestowania ych rozwiązań samemu.
Migrating on premises workload to azure sql databasePARIKSHIT SAVJANI
Azure SQL Database is a fully managed cloud database service with built-in intelligence, elastic scale, performance, reliability, and data protection that enables enterprises and ISVs to reduce their total cost of ownership and operational cost and overheads. In this session, I will share real-world experience of successfully migrated existing SaaS application and on-premises workload for some our tier 1 customers and ISV partners to Azure SQL Database service. The session walks through planning, assessment, migration tools and best practices from the proven experiences and practices of migrating real world applications to Azure SQL Database service.
En esta presentación examinamos los roles y responsabilidades en la administración de SQL Azure.
Saludos,
Eduardo Castro Martinez – Microsoft SQL Server MVP
http://mswindowscr.org
http://comunidadwindows.org
Costa Rica
Technorati Tags: SQL Server
LiveJournal Tags: SQL Server
del.icio.us Tags: SQL Server
http://ecastrom.blogspot.com
http://ecastrom.wordpress.com
http://ecastrom.spaces.live.com
http://universosql.blogspot.com
http://todosobresql.blogspot.com
http://todosobresqlserver.wordpress.com
http://mswindowscr.org/blogs/sql/default.aspx
http://citicr.org/blogs/noticias/default.aspx
First introduced with the Analytics Platform System (APS), PolyBase simplifies management and querying of both relational and non-relational data using T-SQL. It is now available in both Azure SQL Data Warehouse and SQL Server 2016. The major features of PolyBase include the ability to do ad-hoc queries on Hadoop data and the ability to import data from Hadoop and Azure blob storage to SQL Server for persistent storage. A major part of the presentation will be a demo on querying and creating data on HDFS (using Azure Blobs). Come see why PolyBase is the “glue” to creating federated data warehouse solutions where you can query data as it sits instead of having to move it all to one data platform.
Gateways to Power BI, Connect PowerBI.com to your On-Prem DataJean-Pierre Riehl
--session donnée lors du SQLSaturday Madrid 2016--
PowerBI.com is a cloud-based BI platform, enabling from personal to corporate BI. But often, your data lives on-premises, on your desktop, on a shared folder or in your enterprise datawarehouse. Microsoft team built gateways to deal with that.
In this session, we will see how to connect, lively or scheduled, your dahsboards to your on-prem data. You'll learn about Personal Gateway and Enterprise Gateway. How does it work. How to configure it. How to maintain it.
In this presentation we introduce the basic concepts around SQL Server Azure: the database in the cloud.
Regards,
Ing. Eduardo Castro, PhD
http://ecastrom.blogspot.com
http://comunidadwindows.org
Slide deck for the DGIQ SIG on AI Ethics.
Are you concerned about data and AI ethics? Do you worry about how to make sure the algorithms and systems that affect our lives are fair, honest, responsible, and respectful of our rights and values? Do you have opinions about how to build an organizational culture that cares about these topics
Join us for what will surely be a lively and interesting session where you are the speakers.
Special interest group (SIG) discussions are group conversations on topics that are new, or specific to an audience segment. The format is casual and without any formal presentation. The objective is to engage all participants in an exchange of ideas, questions, and advice, so please come with a willingness to participate in the conversation.
Migrating on premises workload to azure sql databasePARIKSHIT SAVJANI
Azure SQL Database is a fully managed cloud database service with built-in intelligence, elastic scale, performance, reliability, and data protection that enables enterprises and ISVs to reduce their total cost of ownership and operational cost and overheads. In this session, I will share real-world experience of successfully migrated existing SaaS application and on-premises workload for some our tier 1 customers and ISV partners to Azure SQL Database service. The session walks through planning, assessment, migration tools and best practices from the proven experiences and practices of migrating real world applications to Azure SQL Database service.
En esta presentación examinamos los roles y responsabilidades en la administración de SQL Azure.
Saludos,
Eduardo Castro Martinez – Microsoft SQL Server MVP
http://mswindowscr.org
http://comunidadwindows.org
Costa Rica
Technorati Tags: SQL Server
LiveJournal Tags: SQL Server
del.icio.us Tags: SQL Server
http://ecastrom.blogspot.com
http://ecastrom.wordpress.com
http://ecastrom.spaces.live.com
http://universosql.blogspot.com
http://todosobresql.blogspot.com
http://todosobresqlserver.wordpress.com
http://mswindowscr.org/blogs/sql/default.aspx
http://citicr.org/blogs/noticias/default.aspx
First introduced with the Analytics Platform System (APS), PolyBase simplifies management and querying of both relational and non-relational data using T-SQL. It is now available in both Azure SQL Data Warehouse and SQL Server 2016. The major features of PolyBase include the ability to do ad-hoc queries on Hadoop data and the ability to import data from Hadoop and Azure blob storage to SQL Server for persistent storage. A major part of the presentation will be a demo on querying and creating data on HDFS (using Azure Blobs). Come see why PolyBase is the “glue” to creating federated data warehouse solutions where you can query data as it sits instead of having to move it all to one data platform.
Gateways to Power BI, Connect PowerBI.com to your On-Prem DataJean-Pierre Riehl
--session donnée lors du SQLSaturday Madrid 2016--
PowerBI.com is a cloud-based BI platform, enabling from personal to corporate BI. But often, your data lives on-premises, on your desktop, on a shared folder or in your enterprise datawarehouse. Microsoft team built gateways to deal with that.
In this session, we will see how to connect, lively or scheduled, your dahsboards to your on-prem data. You'll learn about Personal Gateway and Enterprise Gateway. How does it work. How to configure it. How to maintain it.
In this presentation we introduce the basic concepts around SQL Server Azure: the database in the cloud.
Regards,
Ing. Eduardo Castro, PhD
http://ecastrom.blogspot.com
http://comunidadwindows.org
Similar to Designer's Favorite New Features in SQLServer (20)
Slide deck for the DGIQ SIG on AI Ethics.
Are you concerned about data and AI ethics? Do you worry about how to make sure the algorithms and systems that affect our lives are fair, honest, responsible, and respectful of our rights and values? Do you have opinions about how to build an organizational culture that cares about these topics
Join us for what will surely be a lively and interesting session where you are the speakers.
Special interest group (SIG) discussions are group conversations on topics that are new, or specific to an audience segment. The format is casual and without any formal presentation. The objective is to engage all participants in an exchange of ideas, questions, and advice, so please come with a willingness to participate in the conversation.
Karen's Presentation to DAMA Chicago and other DAMA Chapters on 15 February 2023.
This presentation is less about data lakes that it is about Data Quality and how data professionals should think about designing and architecting systems that best meet the needs of how data works in the real world.
Expert Cloud Data Backup and Recovery Best Practice.pptxKaren Lopez
We’ve been deploying backup solutions since the beginning of computing and the foundations of backup and recovery have stayed the same: make sure backups run consistently and set recovery objectives. Yet systems in 2022 don’t work or act the same way they did decades ago. Cloud data backups have helped us meet the need for offsite backups, as well as impacted how we budget for them. Ransomware has impacted how we store them. The laws of physics might be more of an issue than when we had tapes stored in a safe down the hall. Cost models have changed, too.
In this session, Karen Lopez covers best practices for modern data recovery…and she will share stories of worst practices just to keep it real.
Manage Your Time So It Doesn't Manage YouKaren Lopez
NASA Space Apps NYC Pre-Hackathon Symposium presentation by Karen Lopez, InfoAdvisors and NASA Datanaut. Karen presents on how to successfully manage your time and deliverables in the NASA Space Apps Challenge no matter where you are participating.
This one-hour presentation covers the tools and techniques for migrating SQL Server databases and data to Azure SQL DB or SQL Server on VM. Includes SSMA, DMA, DMS, and more.
Blockchain for the DBA and Data ProfessionalKaren Lopez
An overview of blockchain fundamentals, including examples of Oracle 20c Blockchain Tables. Includes concepts of trust, immutability, hashes, distributed nodes, and cryptography.
Blockchain for the DBA and Data ProfessionalKaren Lopez
With all the hype around blockchain, why should a DBA or other data professional care? In this session, we will cover the basics of blockchain as it applies to data and database processes:
Immutability
Verification
Distribution
Cryptography
Transactions
Trust
We will look at current offerings for blockchain features in Azure and in database and data stores. Finally, we'll help you identify the types of business requirements that need blockchain technologies.
You will learn:
Understand the valid uses of blockchain approaches in databases
How current technologies support blockchain approaches
Understand the costs, benefits, and risks of blockchain
Data Security and Protection in DevOps Karen Lopez
Presentation to London #WinOps event Sept 2019. Focusing on data security, privacy, and protection on DevOps efforts. Includes data masking, dev and test, data, Alwasy Encrypted, and more.
Data Modeling for Security, Privacy and Data ProtectionKaren Lopez
Karen Lopez (@datchick/InfoAdvisors) 90-minute presentation on Data Security, Data Privacy, Compliance and how data modelers should discover, assess, and monitor these important data management responsibilities.
Designing for Data Security by Karen LopezKaren Lopez
As security and complaince becomes more important for organizations, especially in the age of GDPR, data breach and other legislation, Karen covers the types of features data architects and designers should be considering when building modern, protected and defensive systems.
There are many data modeling and database design terms and jargon that uses the word "key." Do you know the difference between a surrogate key and a primary key? A super key and a candidate key? Could you explain them to a technical audience? A business user or an auditor?
In this presentation, Karen Lopez covers the concepts of primary keys, foreign keys, candidate key, surrogate keys, and more.
How to Survive as a Data Architect in a Polyglot Database WorldKaren Lopez
Karen Lopez talks to data architects and data moders how they can best deliver value on modern data drive projects beyond relational database technologies. She covers NoSQL Databases and Datastores, which data stories they best fit and which ones they don't. She ends with 10 tips for adding more value to ployschematic database solutions.
In the spirit of the book 7 Databases in 7 Weeks, Lara Rubbelke and Karen Lopez cover ~seven databases and datastores in the SQL and NoSQL world, when to use them, and how they are SQL-like.
From SQLBitsXV
Notice an error? Let me know. I welcome this sort of feedback.
Karen Lopez 10 Physical Data Modeling BlundersKaren Lopez
Karen Lopez's presentation about 10 Physical Data Modeling/Database Design blunders, based on her work in helping organizations get the most value out of their models and data.
Notice an error? Let me know. I welcome this sort of feedback.
NoSQL and Data Modeling for Data ModelersKaren Lopez
Karen Lopez's presentation for data modelers and data architects. Why data modeling is still relevant for big data and NoSQL projects.
Plus 10 tips for data modelers for working on NoSQL projects.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
2. KAREN LOPEZ
Karen has 20+ years of
data and information
architecture
experience on large,
multi-project
programs.
She is a frequent
speaker on data
modeling, data-driven
methodologies and
pattern data models.
She wants you to love
your data.
6. 10 TOP WEB SECURITY RISKS
https://owasp.org/www-project-top-ten/
7. Azure Data Catalog - https://azure.microsoft.com/en-
ca/products/data-catalog
Azure Purview - https://azure.microsoft.com/en-
in/products/purview/
WHAT’S HAPPENING WITH DATA GOVERNANCE
CATALOGS AND COCKTAILS?
8. Require Data Governance Programs
Require
Require Chief Data Officer like roles
Require
Require Data Inventories
Require
Require Data Lineage from data source to data use
Require
PRIVACY AND DATA PROTECTION LEGISLATION
NOT JUST ABOUT BACKUPS OR ENCRYPTIN
9. GOVERNANCE
Security at the data level
Models capture security & privacy requirements
Management reports of reviews
Measurement
In other words, Governance
10. DATA MODELS
• Karen’s Preference
• Track all kinds of metadata
• Live
• Advanced Compare features
• Support DevOps and Iterative
development
• Support Conceptual, Logical and
Physical design
22. WHY WOULD A DB
DESIGNER LOVE IT?
Always Encrypted,
yeah.
Allows designers to not
only specify which
columns need to be
protected, but how.
Parameters are
encrypted as well
Built in to the engine,
easier for Devs
26. SECURITY – DYNAMIC DATA MASKING
CREATE TABLE Membership(
MemberID int IDENTITY PRIMARY KEY,
FirstName varchar(100) MASKED WITH (FUNCTION =
'partial(1,"XXXXXXX",0)') NULL,
LastName varchar(100) NOT NULL,
Phone# varchar(12) MASKED WITH (FUNCTION = 'default()') NULL,
Email varchar(100) MASKED WITH (FUNCTION = 'email()') NULL);
27. DYNAMIC
DATA
MASKING
Done at column level
(NOT ENCRYPTION!)
Data in the database, at
rest, has no protection.
Meant to complement
other methods
Performed at the end of
a database query right
before data returned
Performance impact
small
29. DDM FUNCTIONS
Function Mask Example
Default Based on Datatype
String – XXX
Numbers – 000000
Date & Times - 01.01.2000 00:00:00.0000000
Binary – Single Byte 0
XXXX
0
01.01.2000 00:00:00.0000000
0
Email First character of email, then Xs, then .com
Always .com
Kxxx@xxxx.com
Custom First and last values, with Xs in the middle kxxxn
Random For numeric types, with a range 12
29
30. DYNAMIC DATA MASKING
Data in database is not
changed
01
Ad-hoc queries *can*
expose data
02
Does not aim to
prevent users from
exposing pieces of
sensitive data
03
30
31. DYNAMIC DATA
MASKING
Cannot mask an encrypted column (AE)
Cannot be configured on computed column
But if computed column depends on a mask,
then mask is returned
Using SELECT INTO or INSERT INTO results in
masked data being inserted into target (also
for import/export) 31
33. WHY
WOULD A
DB
DESIGNER
LOVE IT?
Allows central, reusable
design for standard masking
Offers more reliable masking
and more usable masking
Removes whining about “we
can do that later”
35. ROW LEVEL SECURITY
Filtering result sets (predicate based access)
Predicates applied when reading data
Can be used to block write access
User defined policies tied to inline table functions
36. ROW LEVEL SECURITY
36
No indication that results have been filtered
If all rows are filtered than NULL set returned
For block predicates, an error returned
Works even if you are dbo or db_owner role
37. WHY WOULD A DB
DESIGNER LOVE IT?
Allows a designer to do
this sort of data
protection IN THE
DATABASE, not just rely
on code.
Many, many pieces of
code.
43. AZURE SQL DB LEDGER TABLE – APPEND ONLY
CREATE SCHEMA [AccessControl]
CREATE TABLE [AccessControl].[KeyCardEvents]
(
[EmployeeID] INT NOT NULL,
[AccessOperationDescription] NVARCHAR (MAX) NOT NULL,
[Timestamp] Datetime2 NOT NULL
)
WITH (LEDGER = ON (APPEND_ONLY = ON) );
44. LEDGER TABLES IN
AZURE SQL DB AND
SQL SERVER
https://learn.microsoft.com/sql/relational-databases/security/ledger/ledger-overview
45. AZURE SQL DB LEDGER TABLE – UPDATABLE
CREATE TABLE [Account].[Balance]
(
[CustomerID] INT NOT NULL PRIMARY KEY CLUSTERED,
[LastName] VARCHAR (50) NOT NULL,
[FirstName] VARCHAR (50) NOT NULL,
[Balance] DECIMAL (10,2) NOT NULL
)
WITH
(SYSTEM_VERSIONING = ON, LEDGER = ON);
46. KEY FEATURES
AZURE LEDGER
TABLES
Ledger Databases
Database Digests
Ledger Tables
Updatable
Append only
Immutable storage for transaction recording
Ledger Verification
53. WHY WOULD ONE USE A LEDGER TABLE?
More trustworthy
More protection from DBA/SysAdmin tampering
Don’t need or want full blockchain functionality
54. ARC ENABLED SQL SERVER
Single point of control for
SQL Servers (On-prem, in
Azure, or in other clouds)
• Dashboards
• Best Practices
Assessments
• AAD authentication
• Microsoft Defender
• Microsoft Purview
• PAYG for SQL Server
https://learn.microsoft.com/en-us/sql/sql-server/azure-arc/overview
57. SUPPORTED VERSIONS
Windows Server 2012 and later versions
Ubuntu 20.04 (x64)
Red Hat Enterprise Linux (RHEL) 8 (x64)
SUSE Linux Enterprise Server (SLES) 15
(x64)
SQL Server running in containers.
SQL Server Failover Cluster Instances (FCI).
SQL Server roles other than the Database
Engine, such as SSAS, SSRS, or SSIS)
SQL Server editions: Business Intelligence.
SQL Server 2008 (10.0.x), SQL Server 2008 R2
(10.50.x), and older versions.
SQL Server in Azure Virtual Machines.
SQL Server Azure VMware Solution
VMs in other Clouds
71. AZURE MONITOR
• Most resources include
Monitor-collected data in
the Overview page of
Azure Portal
• Portal option to see
Monitor for all services
• Can monitor Azure and
on-premises resources
73. Microsoft Defender for Cloud—Databases Protection
Protect SQL workloads through security posture management and allow timely responses to threats
• SQL security misconfigurations
• SQL injection attacks
• Brute-force attacks
• Unusual data exfiltration
• Suspicious access or queries
Cloud native
security
1-click enablement of protect
different type of SQL workloads
(IaaS or PaaS)
Security
posture management
Discover, track, and remediate SQL
workloads security misconfigurations
Advanced
threat protection
Detect and response unusual
and harmful attempts to breach
SQL workloads
Centralized
and integrated
Centralize security across all data assets
managed by Azure and built-in integration
with Sentinel and Purview
1 2 3
https://github.com/microsoft/sqlworkshops-sql2022workshop/blob/main/sql2022workshop/slides/The%20SQL%20Server%202022%20Workshop.pptx