IDERA Live | Mitigating Data Risks from Cloud to Ground

© 2019 IDERA, Inc. All rights reserved.
Rob Reinauer
Director, SQL Product Management
IDERA
Mitigating Data Risks from Cloud to Ground
May 8, 2019

© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential.© 2019 IDERA, Inc. All rights reserved. 22
Migrating SQL Server to the cloud introduces
new complexities, and increased performance and data risks
• Performance and behavioral impacts and differences
• Data Security
• Certification of Regulatory Compliance
• Loss of the ultimate control of your data
• Potential for tool profusion and siloed monitoring environments
Cloud Deployment Risk Elements
IDERA Live Virtual Conference 2019

© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential.© 2019 IDERA, Inc. All rights reserved.
Most storage volumes in Azure and AWS will be networked and virtualized
This results in sometimes different behaviors than on prem SANs
• Generally higher latency, but, often more deterministic than typical SAN
• Both bandwidth and IOPs are constrained on a per VM basis
• With block sizes relevant to SQL Server, IOPs typically hit before bandwidth
I/O virtualization provides some benefit on a per volume basis
• Larger volumes will provide benefits over smaller volumes
Attach multiple I/O channels to multiple volumes
• OS Level storage spaces and striped volumes scale almost linearly
Cloud Storage Technology Overview

Comparison of data read scaling by larger volumes vs striped volumes
• Incremental IOPs benefit from larger Azure volume sizes
• Near linear IOPs benefit from striping multiple volumes or filegroups

Comparison of data read scaling by striping volumes Azure vs on prem Direct Attached Storage
• Near linear IOPs growth for both Azure and DAS striped volumes
• Throughput grows at much slower rate for Azure vs DAS striped volumes

• Monitor hundreds of SQL Instances
• Receive instant notification of problems and alerts defined by templates or the administrator
• Drill down to instance level details and statistics
• Monitor & analyze queries and query plans to determine causes of blocks and deadlocks
• Deploy in cloud or in datacenter – Monitor deployments in cloud, datacenter or both
IDERA SQL Diagnostic Manager for SQL Server
Managing SQL Server Performance, Health and Availability with IDERA DM for SQL Server

Monitor and analyze continuously
• Detailed drill down for each instance
• SQL Server resource usage
• Statement, batch and transaction throughput by database
• Session details
• Lock waits
• Operating system performance details
Automated Alerting Infrastructure
• Predefined alert settings based on industry best
practices
• Automatically calibrated and configured baseline
alerts to minimize noise and false alerts
• Automated alert responses: email, SQL scripts,
PowerShell, and more.

Query plan viewer
• The interactive visual representation of queries enables
better drill down and understanding of query behavior.
• Quickly identify the costliest operators
Discover and display query bottlenecks
• View queries stripped of parameters or in full
statement mode
• Quickly compare CPU, Disk I/O and elapsed time
consumed by top queries
• Compare performance of queries over time
• Query store utilization provides more efficient and
detailed query history

Receive Expert Query Tuning Advice
• Award winning SQL Doctor capabilities built-in
and automated
• Quickly improve query performance through
deep tuning insights
• Updated for each new version of SQL Server
• Intuitive interface makes sophisticated tuning
decisions accessible to a broad range of users

• Deploy SQL Diagnostic Manager in the cloud or datacenter
• Audit deployments in cloud, datacenter or both
IDERA SQL Diagnostic Manager Deployment Patterns

Inadvertent Cloud Data Breach Incidents
4/29/19
Mystery database with 80M US household data records found on Microsoft cloud server
Security researchers have uncovered an exposed database with details of 80 million, or 65% of all U.S. households. The researchers noted that they were
attempting to track down the owner while noting that this is potentially one of the largest data breaches of its type in history
4/4/19
Damaging Data Breaches Don’t Just Involve SSNs Or Medical Information
A few weeks back a company’s watch list containing nearly 2.5 million individuals and entities considered “high-risk” for its clients was mistakenly leaked to the
public. A “high-risk” entity in this circumstance was one potentially linked to organized crime or terrorism. The leak resulted from an unsecured and incorrectly
configured company database.
4/1/19
Chinese companies have leaked over 590 million resumes via open databases
Chinese companies have leaked a whopping 590 million resumes in the first three months of the year, ZDNet has learned from multiple security researchers. Most of
the resume leaks have occurred because of poorly secured databases that have been left exposed online without a password.
4/3/19
Facebookuser datafoundpubliclyexposedonline
Facebook user data has been found publicly accessible on the internet, a new report from security researchers says. Cybersecurity firm UpGuard said it found more
than 540 million records – including account names, comments and likes – had been stored publicly on Amazon cloud servers by two different third-party apps.
3/19/19
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
A major security breach has been discovered in the Shenzhen-based e-commerce site Gearbest. The online shopping website ships goods to overs 250 countries
and ranks in the top 100 websites in almost 30% of these regions, according to VPNMentor. Reportedly being able to access over 1.5million records in different
areas of Gearbest’s unencrypted database.

Inadvertent Cloud Data Breach Incidents (continued)
2/11/19
Millions of bank loan and mortgage documents have leaked online
Exclusive: The database included highly sensitive financial data on customers who have taken out loans with U.S. banks
A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the
U.S., has been found online after a database server security lapse. The AWS database server had more than a decade’s worth of data, containing loan and
mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life. But it
wasn’t protected with a password, allowing anyone to access and read the massive cache of documents.
1/23/19
100 million online bets exposed by leaky database
Yet another organization has been spotted copying important data to cloud DB storage without remembering to secure it. Last week, it was US company
VOIPo that accidentally exposed call logs, SMS data, and company credentials where it was spotted by researcher Justin Paine. Sensitive data such as: Real
names, home addresses, phone numbers, email addresses, birth dates, site usernames, account balances, IP addresses, browser and OS details, and partial
credit card payment details.
1/20/19
Massive SingHealth Data Breach Caused by Lack of Basic Security
The lessons learned from Singapore’s breach serve as a reality check to U.S. health organizations still failing to educate users, apply patches, and other common
security methods. Singapore’s July 2018 personal data breach of 1.5 million SingHealth patients, including Prime Minister Lee Hsien Loong, was caused by bad
system management, a lack of employee training, and other major flaws, according to the 454-page report released today by the investigation committee.
1/4/19
CommonwealthBank customers'medicaldata exposedinpotentialprivacybreach
The Commonwealth Bank is urgently investigating a potential data breach that may have given its staff access to customers' sensitive medical information. The
issue was discovered around late July as the bank made preparations for the $3.8 billion sale of its insurance arm, CommInsure, to the AIA group

• Audit sensitive data to see who did what, when, where and how
• Monitor and alert on suspicious activity to detect and diagnose
• Easily satisfy audits across multiple industry regulatory requirements
• Select from 25 pre-defined compliance reports as well as unlimited custom views
Audit sensitive data
• Discover and define the most sensitive data in your DB
• Audit this data and database operations down to the column and
field level
• Define sensitive data sets spanning multiple tables
Stop potential threats
• Track all access and changes to database data
• Evaluate query row counts
• Compare before and after data for all modifications
• Customize alerts and notifications on suspicious activities
Pass regulatory audits with ease
• Preconfigured templates for GDPR*, PCI DSS, DISA STIG,
NERC, CIS, SOX, HIPAA, FERPA help you meet compliance
requirements
Rich Reporting Capabilities
• 25 pre-defined compliance reports
• Developed with industry compliance experts to address critical
security auditing & compliance report requirements.
• Flexible customization capabilities
• MS Reporting Services compatible
*Available May 2019
IDERA SQL Compliance Manager for SQL Server

Configuring SQL Server for compliance with
regulatory guidelines can be incredibly complex.
 SQL Compliance Manager Makes Regulatory Compliance
Single Button Simple
The following compliance regulations are preconfigured:
 CIS Center for Internet Security
 SOX Sarbanes-Oxley
 HIPAA Health Insurance Portability and
Accountability
 PCI DSS Payment Card Data Security Standard
 DISA STIG Defense Information Security Agency
 NERC North American Electric Reliability
 FERPA Family Educational Rights & Privacy
 GDPR* General Data Protection Regulation
*Available May 2019
Overview of SQL Compliance Manager Compliance Standards Support

• Deploy SQL Compliance Manager in the cloud or datacenter
• Audit deployments in cloud, datacenter or both
IDERA SQL Compliance Manager Deployment Patterns

• Identify vulnerabilities in SQL Server deployments
• Harden security policies across all of your SQL Server Instances & databases
• Analyze and report on user permissions across database objects
• Deploy in cloud or in datacenter – monitor cloud or datacenter deployments or both
Identify Vulnerabilities
• Discover who has access to what
• Identify user’s effective rights across all SQL databases
• Browse and analyze all files, directories and registry
settings associated with SQL Server
• Determine ownership, explicit and inherited security rights
Set Strong Security Policies
• View a complete history of SQL Server security settings
• Designate baselines for future comparison and forensic
analysis
Automated Security Snapshot capture
• Security snapshots captured on regular schedule
• Automated alerts and email notifications configurable
by severity of security findings
Prevent Security Violations
• Pre-defined templates leveraging CIS & MS Best
Practices Analyzer guidelines
• Identifies top security vulnerabilities on your databases
and servers
IDERA SQL Secure

• Deploy SQL Secure in the cloud or datacenter
• Monitor deployments in cloud, datacenter or both
IDERA SQL Secure Deployment Patterns

• Target backups to cloud VHDs, cloud buckets & BLOBs and Datacenter volumes
• Save time and space with dynamic compression and optional encryption
• Instant restore allows databases to go online in minutes while restore operations are still underway
• Deploy in cloud or in datacenter – backup cloud or datacenter deployments or both
Highest speed backups
• Advanced compression
• Multi-threaded, parallel volume write scheduling
Policy based automated backup, restore and log
shipping
• Fully automated backup life cycle with defined targets
Flexible cloud and data center backup & restore support
• Amazon EC2 and S3 buckets
• Azure VHDs and Blobs
• Tivoli Storage manager
• EMC
Tolerate and recover from cloud network latencies
• Backup and restore throttle and pause during latencies
• Avoid excessive retries and time outs
Easy to use point-in-time
• Graphical time scale makes precise recoveries quick and easy
• Identifies top security vulnerabilities on your databases and
servers
IDERA SQL Safe Backup Deployment Patterns

• Deploy SQL Safe Backup in the cloud or datacenter
• Target backups to cloud VHDs, cloud buckets & BLOBs as well as Datacenter storage systems
IDERA SQL Safe Backup Deployment Patterns

 Migrating SQL Server to the cloud brings new complexities and greatly
increased performance and data risks
 IDERA database management tools help manage the complexities and
mitigate the risks
• SQL Diagnostic Manager monitors 100s of SQL Server Instances to provide instant
notification of problems and detailed drilldown and query analysis tools.
• SQL Compliance Manager provides the ability to easily certify regulatory compliance
and pass data audits in both cloud and data center deployments.
• SQL Secure scans and monitors SQL Server deployments for vulnerabilities with
instant notification of problematic settings.
• SQL Safe Backup provides industry leading performance in backups and gets SQL
Server back online long before the data restores have finished.
In Summary:

https://www.idera.com/productssolutions/it-database-management-tools
IDERA Database Management Tools For SQL Server

 All IDERA SQL products are available for free 14 day trial usage
 Live demos driven by IDERA Engineers on request
 Fully functional, no credit card or approvals required.
IDERA SQL Diagnostic Manager
https://www.idera.com/productssolutions/sqlserver/sqldiagnosticmanager#getStartedForm
IDERA SQL Compliance Manager
https://www.idera.com/productssolutions/sqlserver/sqlcompliancemanager/freetrialsubscriptionform
IDERA SQL Secure
https://www.idera.com/productssolutions/sqlserver/sqlsecure/freetrialsubscriptionform
IDERA SQL Safe Backup
https://www.idera.com/productssolutions/sqlserver/sqlsafebackup/freetrialsubscriptionform
The Products We Discussed:
Free fully functional trial downloads

Thank You!
Rob Reinauer
SQL Product Management
rob.reinauer@idera.com

IDERA Live | Mitigating Data Risks from Cloud to Ground

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to IDERA Live | Mitigating Data Risks from Cloud to Ground

Similar to IDERA Live | Mitigating Data Risks from Cloud to Ground (20)

More from IDERA Software

More from IDERA Software (20)

Recently uploaded

Recently uploaded (20)

IDERA Live | Mitigating Data Risks from Cloud to Ground