This document discusses SQL Server security enhancements in SQL Server 2014. It covers three main topics:
1) Transparent Data Encryption allows encrypting database and log files for protection both during operations and when backing up to disk or Azure. Encryption can use passwords, asymmetric keys, or certificates.
2) Encryption Key Management allows managing encryption keys through PowerShell, SMO, SSMS and T-SQL. Asymmetric keys or certificates used for encryption must be properly backed up.
3) A new "CONNECT ANY DATABASE" permission allows logins to connect to all current and future databases without other permissions in those databases. This facilitates auditing processes.
• We sleeping well. And our mobile ringing and ringing. Message: DISASTER! In this session (on slides) we are NOT talk about potential disaster (such BCM); we talk about: And what NOW? New version old my old well-known session updated for whole changes which happened in DBA World in last two-three years.
• So, from the ground to the Sky and further - everything for surviving disaster. Which tasks should have been finished BEFORE. Is virtual or physical SQL matter? We talk about systems, databases, peoples, encryption, passwords, certificates and users.
• In this session (on few demos) I'll show which part of our SQL Server Environment are critical and how to be prepared to disaster. In some documents I'll show You how to be BEST prepared.
Our data should be secure. And our environment too. What we can do for maximizing security in a hybrid environment, where SQL Server exist in two forms: premise and cloud. How to organize our job, how to control our data if we use Windows Azure SQL Database - The Cloud Database. physical security, policy-based management, auditing, encryption, federation, access and authorization. All of those subjects will be covered during my session.
Backup? Who cares! Now and Then? We store our data in the cloud. Somewhere in the Cloud. Which Cloud? Who cares! But we are still SQL Server Professionals, so… are we need backup? Should we use newest opportunities or old methods? Are we going a step further or step back? On my session, I will try to find answers for all of those (and more) questions. Demos, cases, and examples from the world of backup. And of course worst practices.
• We sleeping well. And our mobile ringing and ringing. Message: DISASTER! In this session (on slides) we are NOT talk about potential disaster (such BCM); we talk about: And what NOW? New version old my old well-known session updated for whole changes which happened in DBA World in last two-three years.
• So, from the ground to the Sky and further - everything for surviving disaster. Which tasks should have been finished BEFORE. Is virtual or physical SQL matter? We talk about systems, databases, peoples, encryption, passwords, certificates and users.
• In this session (on few demos) I'll show which part of our SQL Server Environment are critical and how to be prepared to disaster. In some documents I'll show You how to be BEST prepared.
Our data should be secure. And our environment too. What we can do for maximizing security in a hybrid environment, where SQL Server exist in two forms: premise and cloud. How to organize our job, how to control our data if we use Windows Azure SQL Database - The Cloud Database. physical security, policy-based management, auditing, encryption, federation, access and authorization. All of those subjects will be covered during my session.
Backup? Who cares! Now and Then? We store our data in the cloud. Somewhere in the Cloud. Which Cloud? Who cares! But we are still SQL Server Professionals, so… are we need backup? Should we use newest opportunities or old methods? Are we going a step further or step back? On my session, I will try to find answers for all of those (and more) questions. Demos, cases, and examples from the world of backup. And of course worst practices.
On my first session I would to introduce everyone to formerly known SQL Azure (actually Windows Azure SQL Database). Under Tips and Trick session I will show which points, features, compatibility and non-compatibility for SQL Azure are important for DBA's. I will cover functionalities, performance, cost, and sla and security aspects.
After break I will show how we can work with our data in the Cloud using SQL Azure, Blob Storage, what functionality of backup, restore, encryption and availability are available for us, how we can implement hybrid environment and when an why it is (or not) good practice.
And finally I hope we will find few minutes for discussion about Future of the DBA (not only in AD 2016)
Introduction to SQL Server Analysis services 2008Tobias Koprowski
This is my presentation from 17th Polish SQL server User Group Meeting in Wroclaw. It\'s first part of Quadrology Bussiness Intelligence for ITPros Cycle.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services (and not only). In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
This presentation is based on a real life experience migrating Oracle E-Business Suite production to AWS.
We will talk about:
- Certification basics. Overview on supported configurations.
- How to build. Recommendations based on migration and 2 year production runtime experience.
- Advanced configurations.
- R12.2.
- Microsoft Azure and Oracle Cloud review. Quick comparison outline of main alternative platforms. How ready is Oracle's own cloud service.
- Scaling.
This is a very client demanding topic. Many are looking into cloud migration options and how they can optimize the cost compared to the on-premise hosting, and many misunderstand the complexity of Oracle EBS stack being capable for cloud deployment.
Password Policies in Oracle Access Manager. How to improve user authenticatio...Andrejs Prokopjevs
This presentation is about how System Administrators and/or Oracle Apps DBAs can improve and meet user authentication security standards in Oracle E-Business Suite by using Oracle Access Manager integration and it's password policy management.
We will talk about:
- Current Oracle E-Business Suite password security limitations.
- Implementation of password policy management in Oracle Access Manager releases. Comparing the capabilities and why you should upgrade your OAM to the latest 11gR2.
- A use case example of most common configuration.
- Demo.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services. In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
SQLSaturday is a training event for SQL Server professionals and those wanting to learn about SQL Server. This event will be held Jun 13 2015 at Hochschule Bonn-Rhein-Sieg, Grantham-Allee 20, St. Augustin, Rheinland, 53757, Germany. Admittance to this event is free, all costs are covered by donations and sponsorships. Please register soon as seating is limited, and let friends and colleagues know about the event.
###
Maintenance Plans for Beginners (but not only) | Each of experienced administrators used (to some extent) what is called Maintenance Plans - Plans of Conservation. During this session, I'd like to discuss what can be useful for us to provide functionality when we use them and what to look out for. Session at 200 times the forward-300, with the opening of the discussion.
June 17th & 18th 2015. FREE. Online. On-demand. On your device.
Over 60 sessions in 2 days. Starting at 11:00 EDT on the 17th June, SPBiz brings insights and knowledge to help your business benefit from SharePoint, wherever you are. If you want to get the most out of your SharePoint platform, this is THE conference for you. Free to attend as a delegate, bringing influential speakers and direction setters in the SharePoint community directly to your device.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services. In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
2AM. We sleeping well. And our mobile ringing and ringing. Message: DISASTER! In this session (on slides) we are NOT talk about potential disaster (such BCM); we talk about: What happened NOW? Which tasks should have been finished BEFORE. Is virtual or physical SQL matter? We talk about systems, databases, peoples, encryption, passwords, certificates and users. In this session (on few demos) I'll show which part of our SQL Server Environment are critical and how to be prepared to disaster. In some documents I'll show You how to be BEST prepared.
Running Oracle EBS in the cloud (OAUG Collaborate 18 edition)Andrejs Prokopjevs
This presentation is based on a real-life experience migrating Oracle E-Business Suite R12.1 production to Amazon AWS, and additional proof-of-concept effort done getting various client systems upgraded to R12.2 and migrated to main cloud vendor platforms on the market. We are going to cover here various areas, like:
- Certification basics. Overview look into supported configurations.
- How to architect. Basic recommendations based on migration and 2+ year production runtime experience. We will mainly cover Amazon AWS use case.
- Advanced configurations outline.
- R12.2 and features / nuances coming with it.
- Microsoft Azure and Oracle Cloud review. Quick comparison outline of main alternative platforms.
- Cloud deployment automation and the most common scenario - auto-scaling.
This is a very client demanding topic and many are looking into cloud migration options and how they can optimize the cost comparing to the on-premise hardware hosting. And many are still misunderstanding the complexity of Oracle EBS stack being capable for cloud deployment.
Microsoft Azure zmienia się. Jego częśc poświęcona bazie danych (Windows Azure SQL Database) zmienia się jeszcze szybciej. Podczas tej sesji chciałbym pokazac tym, którzy nie widzieli, oraz przypomniec tym, którzy już coś wiedzą - o co chodzi z WASD, jakie zmiany nastapiły i czego możemy po tej bazie oczekiwać. Dla odważnych będzie okazja podłączenia się do konta w chmurze i przetestowania ych rozwiązań samemu.
SQLSaturday je jednodňová konferencia určená pre SQL Server profesionálov a aj pre tých, ktorí sa chcú dozvedieť niečo o SQL Servri. Na konferencii budú prednášať domáci aj zahraniční prednášatelia a vďaka našim sponzorom je vstup na konferenciu voľný. Podmienkou je len registrácia. Konferencia sa uskutoční dňa 20. júna 2015 v priestoroch spoločnosti Microsoft Slovakia, Apollo Business Center II, Prievozská 4D, 821 09 Bratislava.
Wysoka Dostępność SQL Server 2008 w kontekscie umów SLATobias Koprowski
To druga prezentacja w cztero-częściowym cyklu omawiającym znaczenie wysokiej dostepności w kontekście umów SLA. Prezentacje przeznaczone są dla odbiorców z kręgu ITPro, a publikowane na zywo na portalu VirtualStudy.pl
***
This is second part of my four-parts cycle about Service Level Agreement for ITPros. It a session for Virtualstudy.pl education portal.
On my first session I would to introduce everyone to formerly known SQL Azure (actually Windows Azure SQL Database). Under Tips and Trick session I will show which points, features, compatibility and non-compatibility for SQL Azure are important for DBA's. I will cover functionalities, performance, cost, and sla and security aspects.
After break I will show how we can work with our data in the Cloud using SQL Azure, Blob Storage, what functionality of backup, restore, encryption and availability are available for us, how we can implement hybrid environment and when an why it is (or not) good practice.
And finally I hope we will find few minutes for discussion about Future of the DBA (not only in AD 2016)
Introduction to SQL Server Analysis services 2008Tobias Koprowski
This is my presentation from 17th Polish SQL server User Group Meeting in Wroclaw. It\'s first part of Quadrology Bussiness Intelligence for ITPros Cycle.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services (and not only). In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
This presentation is based on a real life experience migrating Oracle E-Business Suite production to AWS.
We will talk about:
- Certification basics. Overview on supported configurations.
- How to build. Recommendations based on migration and 2 year production runtime experience.
- Advanced configurations.
- R12.2.
- Microsoft Azure and Oracle Cloud review. Quick comparison outline of main alternative platforms. How ready is Oracle's own cloud service.
- Scaling.
This is a very client demanding topic. Many are looking into cloud migration options and how they can optimize the cost compared to the on-premise hosting, and many misunderstand the complexity of Oracle EBS stack being capable for cloud deployment.
Password Policies in Oracle Access Manager. How to improve user authenticatio...Andrejs Prokopjevs
This presentation is about how System Administrators and/or Oracle Apps DBAs can improve and meet user authentication security standards in Oracle E-Business Suite by using Oracle Access Manager integration and it's password policy management.
We will talk about:
- Current Oracle E-Business Suite password security limitations.
- Implementation of password policy management in Oracle Access Manager releases. Comparing the capabilities and why you should upgrade your OAM to the latest 11gR2.
- A use case example of most common configuration.
- Demo.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services. In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
SQLSaturday is a training event for SQL Server professionals and those wanting to learn about SQL Server. This event will be held Jun 13 2015 at Hochschule Bonn-Rhein-Sieg, Grantham-Allee 20, St. Augustin, Rheinland, 53757, Germany. Admittance to this event is free, all costs are covered by donations and sponsorships. Please register soon as seating is limited, and let friends and colleagues know about the event.
###
Maintenance Plans for Beginners (but not only) | Each of experienced administrators used (to some extent) what is called Maintenance Plans - Plans of Conservation. During this session, I'd like to discuss what can be useful for us to provide functionality when we use them and what to look out for. Session at 200 times the forward-300, with the opening of the discussion.
June 17th & 18th 2015. FREE. Online. On-demand. On your device.
Over 60 sessions in 2 days. Starting at 11:00 EDT on the 17th June, SPBiz brings insights and knowledge to help your business benefit from SharePoint, wherever you are. If you want to get the most out of your SharePoint platform, this is THE conference for you. Free to attend as a delegate, bringing influential speakers and direction setters in the SharePoint community directly to your device.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services. In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
2AM. We sleeping well. And our mobile ringing and ringing. Message: DISASTER! In this session (on slides) we are NOT talk about potential disaster (such BCM); we talk about: What happened NOW? Which tasks should have been finished BEFORE. Is virtual or physical SQL matter? We talk about systems, databases, peoples, encryption, passwords, certificates and users. In this session (on few demos) I'll show which part of our SQL Server Environment are critical and how to be prepared to disaster. In some documents I'll show You how to be BEST prepared.
Running Oracle EBS in the cloud (OAUG Collaborate 18 edition)Andrejs Prokopjevs
This presentation is based on a real-life experience migrating Oracle E-Business Suite R12.1 production to Amazon AWS, and additional proof-of-concept effort done getting various client systems upgraded to R12.2 and migrated to main cloud vendor platforms on the market. We are going to cover here various areas, like:
- Certification basics. Overview look into supported configurations.
- How to architect. Basic recommendations based on migration and 2+ year production runtime experience. We will mainly cover Amazon AWS use case.
- Advanced configurations outline.
- R12.2 and features / nuances coming with it.
- Microsoft Azure and Oracle Cloud review. Quick comparison outline of main alternative platforms.
- Cloud deployment automation and the most common scenario - auto-scaling.
This is a very client demanding topic and many are looking into cloud migration options and how they can optimize the cost comparing to the on-premise hardware hosting. And many are still misunderstanding the complexity of Oracle EBS stack being capable for cloud deployment.
Microsoft Azure zmienia się. Jego częśc poświęcona bazie danych (Windows Azure SQL Database) zmienia się jeszcze szybciej. Podczas tej sesji chciałbym pokazac tym, którzy nie widzieli, oraz przypomniec tym, którzy już coś wiedzą - o co chodzi z WASD, jakie zmiany nastapiły i czego możemy po tej bazie oczekiwać. Dla odważnych będzie okazja podłączenia się do konta w chmurze i przetestowania ych rozwiązań samemu.
SQLSaturday je jednodňová konferencia určená pre SQL Server profesionálov a aj pre tých, ktorí sa chcú dozvedieť niečo o SQL Servri. Na konferencii budú prednášať domáci aj zahraniční prednášatelia a vďaka našim sponzorom je vstup na konferenciu voľný. Podmienkou je len registrácia. Konferencia sa uskutoční dňa 20. júna 2015 v priestoroch spoločnosti Microsoft Slovakia, Apollo Business Center II, Prievozská 4D, 821 09 Bratislava.
Wysoka Dostępność SQL Server 2008 w kontekscie umów SLATobias Koprowski
To druga prezentacja w cztero-częściowym cyklu omawiającym znaczenie wysokiej dostepności w kontekście umów SLA. Prezentacje przeznaczone są dla odbiorców z kręgu ITPro, a publikowane na zywo na portalu VirtualStudy.pl
***
This is second part of my four-parts cycle about Service Level Agreement for ITPros. It a session for Virtualstudy.pl education portal.
A Whistleblowing Report to the United States of Congress submitted by Scott Bennett, 2LT, United States Army (Reserve), 11th Psychological Operations Battalion to the Department of Defense Inspector General, Memorial Day, May 27, 2013
The Betrayal and Cover-Up by the U.S. Government of the Union Bank of Switzerland - Terrorist Threat Financia Connection to Booz Allen Hamilton and U.S. Central Command
Scott Bennett - Shell Game (pdf source - http://projectcamelotportal.com/files/SHELL_GAME.pdf
Eventuosity For Event Producers and Service ProvidersJustin Panzer
Producing events is hard work. That's why your clients trust you to do the heavy lifting of everything from event strategy to project management. Do all of that in less time, at lower cost, and with greater control with eventuosity - the cloud-based, full-customizable collaboration platform for events.
Презентация стратегической игры MatriX UrbanАндрей Донских
Стратегическая игра MatriX Urban — это специализированная версия креативной платформы MatriX, предназначенная для поиска нестандартных и свежих решений по развитию территорий и моногородов, улучшению качества жизни населения, поиску новых форматов взаимодействия органов власти, бизнеса, экспертного сообщества, общественных организаций и других заинтересованных сторон.
MatriX Urban — это креативная платформа, предназначенная для проектирования будущего городов и проектов городского развития.
Активные городские сообщества и горожане понимают необходимость перемен и готовы брать на себя ответственность за настоящее и будущее своего города. Это проявляется в том, что они готовы созидательно участвовать в его среде.
Подробнее http://donskih.ru/matrix/matrix-urban/
Virtual Study Beta Exam 71-663 Exchange 2010 Designing And Deploying Messagin...Tobias Koprowski
This is my presentation for VirtualStudy.pl as teh last part of preparation for 71-663 beta exam: 71-663: Pro: Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010
Recent news about the pending shortage of data scientists prompts speculation about automation: will machines replace human analysts? We propose a model of automation, and briefly review progress in automated machine learning over the past twenty years. Summarizing the current state of the art, we look at some of the remaining challenges, and the implications for practicing data scientists.
Why is ERISA attorney Thomas Schendt so passionate about stopping retirement plan leakage? Because 401(k) loan defaults and a misunderstanding of plan sponsor requirements are costing plans billions every year. See why he believes this problem has a simple solution.
The taste of food and beverages can be dictated by the cleanliness of your water. Issues such as sediment, chlorine and hardness are often to blame but can be easily prevented.
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!ITCamp
The new releases of Microsoft SQL Server: SQL Server 2016 & 2017 brings new functionality for Data Security Professionals. Newest release – SQL Server 2017 made those features even more mature. Now you can protect your data in your database anywhere (on-premise, in the cloud, in transit, in the hybrid environment) even more simply than before. Transparent Data Encryption with better algorithms and better support for backup, Row-Level Security, Dynamic Data Masking and Always Encrypted for your application are now simple features. Azure Security Center brings us a new way of looking and adopting security best practices in an easy way. We focus on theory and of course, on demos. We look a little closer for few specific files that exist in our environment. We work on all three different environments, but our goal is only one: protect your data.
Azure SQL Database Introduction by Tim RadneyHasan Savran
Have you been hearing about Azure Managed Instances and want to know what all the fuss is about? Come see how Managed Instances is changing how we think about cloud databases. Managed Instances can be considered a hybrid of Azure SQL Database and on-premises SQL Server with all the awesome benefits of Platform as a Service. You’ll get to see first-hand how easy it is to migrate databases from on-premises to a Managed Instance. We’ll explore the differences between Azure SQL Database, Managed Instances, and SQL Server on an Azure VM to help you determine what is the best fit for your organization. If you’ve been considering Azure for your organization, this session is for you!
Presentation about securing the environment that the Blackboard Learn application runs on. Includes:
* IPS/IDS
* Database Security Recommendations
* Load Balancer
etc.
Geek Sync | Handling HIPAA Compliance with Your Data AccessIDERA Software
You can watch the replay for this Geek Sync webcast in the IDERA Resource Center: http://ow.ly/UXKP50A5aZy
While medical facilities are most at risk for a HIPAA violation, most organizations in the United States have to comply with the law and can be hit with civil and criminal penalties.
Join IDERA and K. Brian Kelley as he looks at what you’re expected to meet with regards to data security. Brian will cover effective mechanisms, both inside SQL Server and out, to comply with these expectations and avoid a HIPAA violation. He will also talk general best practices which lead to and encourage proper data stewardship.
About Brian: Brian’s community involvement stems from being a SQL Server author, columnist, and Microsoft MVP with a focus on SQL Server and Windows security. His skillset extends beyond being a DBA; he has served as an infrastructure and security architect including solutions such as Citrix, virtualization, and Active Directory. Brian is a very active member of the IT community having spoken at DevConnections, SQL Saturdays, code camps, and user groups.
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Andrejs Prokopjevs
Nowadays having a proper security configuration is a huge challenge, especially looking at the global hacks and personal data leak incidents that happened in IT a while back. Oracle EBS is not perfect and has lots of vulnerabilities covered by Oracle almost every quarter. A very small percent of Apps DBAs know all the features and options available, and usually, do not go over firewall/reverse proxy layer.
This presentation is going to cover an overview and recommendations of options and security features that are available and can be used out-of-the-box, and some of the non-trivial configurations that can help to keep your Oracle EBS system protected, per our experience.
One of the greatest challenges to securing any IBM i environment is protecting the system from the people charged with its care: programmers, administrators, and security officers. Even regular end users often carry more privileges than necessary.
Power users might need access to restricted objects and commands, but they rarely need that level of access 24 hours a day, and accountability is essential.
In this slide deck, IBM i security expert Robin Tatam first points out the vulnerabilities associated with powerful users. Then, explore an award-winning approach to regaining the control your auditors demand while allowing your administrators and programmers to do their jobs.
Included is a demonstration of tracking users in hard-to-audit environments such as SQL, QShell, DFU, SEU, and SST.
Security landscape has been a constantly and rapidly changing scenario in the last decades. Threats have evolved from targeting services' availability to targeting data and data integrity. Therefore, now more than ever, data protection becomes critical and needs an in-depth approach which starts from the databes. Learn more about what MySQL has to offer to help you put in place security best practices to start protecting your data straight from the database!
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
The cloud is not an 'All or Nothing' approach with regards to replacing workloads inside your datacenter. Enterprises with existing datacenters can easily extend their Infrastructure into the cloud to seamlessly leverage the benefits of cloud while using the same set of controls familiar to their business. However availability and security still remain among the top two concerns for CIOs when deciding on cloud adoption for their organization.
Amazon Web Services has infrastructure across multiple geographical Regions spanning five continents, with multiple Availability Zones in each Region along with a set of global edge locations. Building a similar infrastructure for high availability with your traditional datacenter would be non-trivial and cost prohibitive. Join this session to understand how you can achieve high availability across geographies, deploy your applications close to your users, control where your data is located, achieve low latency, and migrate your applications around the world in a cost-effective and easy manner using AWS services. You will also learn how AWS builds services in accordance with security best practices, provides appropriate security features in those services, has achieved industry standard certifications, and other third-party attestations. In addition, in line with the shared security model on the cloud, AWS customers must leverage on security features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity, and availability of their data is of the utmost importance to AWS, as is maintaining trust and confidence.
Session form series of conferences during Data Relay (formerly SQL Relay) 2018 in Newcastle, Leeds, Birmingham, Reading, Bristol. The session contains only slides form the talk (no videos included).
Slides from data MindsConnect 2018 Conference hosted at Ghelamnco Arena in Ghent by Belgian SQL Server USer Grup. SECDev(OPS) How to embrace your security.
Session from SQLDay 2016 Conference in Wroclaw.
2 AM. We're sleeping well and our mobile is ringing and ringing. Message: DISASTER! In this session (on slides) we are NOT talking about the potential disaster (such BCM); we talk about: What happened NOW? Which tasks should have been finished BEFORE. Does virtual or physical SQL Server matter? We talk about systems, databases, people, encryption, passwords, certificates and users. In this session (on few demos) I'll show which part of our SQL Server environment are critical and how to be prepared for disaster. In some documents, I'll show You how to be BEST prepared.
DELIVERED: Whitehall Media’s 3rd Enterprise Security and Risk Management conference | April, 28th London {http://www.whitehallmedia.co.uk/esrm/}
ABSTRACT: Cloud Computing is ready. Industry and government are already embarking on a journey towards Cloud. But… Trust is the Primer. How much trust can we place in cloud providers? What is the nature of this trust? How important is it and what is the future of trust?
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services. In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services (and not only). In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services. In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Maintenance Plans for Beginners | Each of experienced administrators used (to some extent) what is called Maintenance Plans - Plans of Conservation. During this session, I'd like to discuss what can be useful for us to provide functionality when we use them and what to look out for. Session at 200 times the forward-300, with the opening of the discussion.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
2. Awesome SQL Server
conferences on your door
step!
w: sqlrelay.co.uk
t: @sqlrelay_uk
SQL Security in the Clouds
Independent Consultant @ ShadowLand Consulting
http://koprowskit.eu/geek || http://itblogs.pl/notbeautifulanymore
3. about me
• independent consultant, security & licensing auditor
• Owner of ShadowLand Consulting
• Microsoft Certified Trainer
• SQL Server MVP (six… years in a row)
• MVP Mentor Program Member
• SharePoint Subject Matter Expert at CQURE
• active blogger, influencer, technical writer
• last 9 years living in Data Processing Center Jungle
• last 15 years working arroung banking and ICT
• Polish Information Technology Society Board Member
• Information Security Systems Association Board Member
4. 1 | Security in a Nutshell
2 | SQL Server Security Best Practices
3 | SQL Server 2014 Security Enhacement
4 | SQL Server Security in The Cloud
Summary
Appendix
AGENDA
8. Security? What is this?
• Security is the degree of resistance to, or protection from, harm. It applies to
any vulnerable and valuable asset, such as a person, dwelling, community,
nation, or organization.
• As noted by the Institute for Security and Open Methodologies (ISECOM) in the
OSSTMM 3 (Open Source Security Testing Methodology Manual), security
provides "a form of protection where a separation is created between the
assets and the threat." These separations are generically called "controls," and
sometimes include changes to the asset or the threat.
14. SQL Server Security Best Practices
• Efficiency and security have an inverse relationship to one another.
• You can have high efficiency or high security, but not both.
Example: `Small Bank Company` tend to favor efficiency over security:
• Cost limitations. This is the first and obvious reason. Community banks are fighting a
constant battle to remain competitive. Implementing security in systems adds costs -
there is no way around it.
• Risk. It's not always a conscious decision for a bank to improve efficiency by sacrificing
security. Sometimes there's a lack of understanding of the risks associated with the
systems we deploy.
• Personnel limitations. The many-hats syndrome runs rampant in smaller community banks.
• Regulatory emphasis. The current regulatory environment stresses controls as they relate
to policy and procedures.
15. authentication
• SQL Server supports:
• Windows Authentication Mode which supports
• Kerberos
• NTLM (Windows NT Lan Manager)
• Mixed Mode Authentication which supports
• Windows Accounts
• SQL Server specific accounts
SECURITY
BEST
PRACTICES
Best Practice:
use Windows Authentication mode
unless legacy application require Mixed Authentication for backward compability
16. secure sysadmin account
• sysadmin account (sa) is most vulnerable account when it’s not changed
• potential SQL Server attackers, hackers aware of this
SECURITY
BEST
PRACTICES
Best Practice:
change name of sysadmin account after installation
SSMS>Object Explorer>Logins>Rename (right click) / T-SQL
17. use complex password
SECURITY
BEST
PRACTICES
Best Practice:
ensure that complex password are used for sa and other sql-server-specific logins. Think about ENFORCE
EXPIRATION & MUST_CHANGE for any new SQL login
18. use specific logins
Best Practice:
use different accounts for different sql-server oriented services
Component Windows Server 2008
Windows 7 and Windows Server
2008 R2 and higher
Recommended accounts
Database Engine NETWORK SERVICE Virtual Account
*
SQL_Engine
SQL Server Agent NETWORK SERVICE Virtual Account
*
SQL_Agent
SSAS NETWORK SERVICE Virtual Account
*
SQL_srvAS
SSIS NETWORK SERVICE Virtual Account
*
SQL_srvIS
SSRS NETWORK SERVICE Virtual Account
*
SQL_srvRS
SQL Server Distributed Replay Controller NETWORK SERVICE Virtual Account
*
SQL_DRContro
SQL Server Distributed Replay Client NETWORK SERVICE Virtual Account
*
SQL_DRReplay
FD Launcher (Full-text Search) LOCAL SERVICE Virtual Account
SQL Server Browser LOCAL SERVICE LOCAL SERVICE
SQL Server VSS Writer LOCAL SYSTEM LOCAL SYSTEM
SECURITY
BEST
PRACTICES
19. sysadmin membership
• Member of sysadmin fixed-server role can do whatever they want on SQL
Server
• by default sysadmin fixed-server role has CONTROL SERVER permission
granted explicity
• do not explicitly grant CONTROL SERVER for Windows logins, Windows Group
logins and SQL logins
SECURITY
BEST
PRACTICES
Best Practice:
carefully choose the membership of sysadmin fixed-server
20. general administration
• everything (almost always) works under sa account especially with CONTROL
SERVER permission
• institute dedicated Windows logins for DBAs, and assign these logins sysadmin
rights on SQL Server for administration purposes.
SECURITY
BEST
PRACTICES
Best Practice:
use built-in fixed server roles and database roles or
create your custom roles, then apply for specific logins
21. revoke guest access
• by default guest accounts exist in every user and system databases
• is a potential security risk in lock down environment
• those accounts could be targets for attackers
• asssign public server role membership if you will need explicit access to user
databases
SECURITY
BEST
PRACTICES
Best Practice:
disable all gueast user access from all user and system databases
(excluding msdb database)
22. limit public permission
• SQL Server has many Stored Procedures and many od them have public access
permission:
• OLE AUTOMATION: sp_OACreate, sp_OAGetProperty, sp_OAStop,
sp_OAMethod, sp_OAGerErrorInfo, sp_OADestroy, sp_OASetProperty
• REGISTRY ACCESS: xp_regremovemultistring, xp_regaddmultistring,
xp_regread, xp_regdeletekey, xp_regdeletevalue, xp_regwrite
• OTHER ROUTINES: sp_sdidebug, xp_logevent, sp_sprintf, xp_dsninfo,
xp_msver, sp_sscanf, xp_stopmail, xp_grantlogin, xp_eventlog, xp_dirtree
SECURITY
BEST
PRACTICES
Best Practice:
revoke public role access for some axtended procedures
and check other store procedures
23. hardening sql server ports
• default sql server port 1433/1434 is well known as standard target for hackers
• by using SQL Server Configuration Manager you:
• can change default port
• can use specific TCP port intead of dynamic
• remeber about similar TCP/UDP ports (1433, 1434)
SECURITY
BEST
PRACTICES
Best Practice:
change default SQL Server port if it’s possible
24. disable sql server browser
• by default SQL Server Browser is disabled
• tt’s necessary to run when multiple instances are running on a single server
• any Windows user having the following rights would be capable to run the SQL
Server Browser service:
• deny access to this computer from the network / deny logon locally /
deny logon as a batch job
• Deny logon through Terminal Services / log on as a service / read and
write the SQL Server registry keys related to network communication
(ports and pipes)
SECURITY
BEST
PRACTICES
Best Practice:
change default SQL Server port if it’s possible
25. secure service accounts
• different service accounts for different services
• dedicated low-privileges domain accounts
• check membership on a regular basis
• use strong and different passwords for each account
SECURITY
BEST
PRACTICES
Best Practice:
create good plan and make note about service accounts and passwords
27. transparent data encryption
• first introduced with SQL Server 2008
• protecting data by performing I/O encryption and decryption for database and
log files
• passphrase (less secure), asymmetric key (strong protection, poor performance),
symmetric key (good performance, strong enough protection), certificate (strong
protection, good performance)
• New functionality for backup:
• takes non-encrypted backup data
• encrypt data before writing to disk
• compression is performed on the backup data first
• then encryption is applied to compressed data
• support for backup to Azure
SQL14 SECURITY
ENHACEMENTS
28. encryption key management
• Encryption options include:
• encryption algorithm
• certificate or asymmetric key
• only asymmetric key reside in EKM is supported
• multiple algorithm up to AES-256 are supported
• manageable by PowerShell, SMO, SSMS, T-SQL
• VERY IMPORTANT:
• asymmetric key or certificate MUST be backed up
• location MUST be different than backup location
• No RESTORE without asymmetric key or certificate
SQL14 SECURITY
ENHACEMENTS
29. connect any database
• new server-level permission
• grant CONNECT ANY DATABASE to a login that must connect to all databases
currently exist and any new in future
• does not grant any parmission in any database beyond connect
• to allow an auditing process to view all data or all database states CONNECT ANY
DATABASE may be combined with:
• SELECT ALL USER SECURABLES
• VIEW SERVER STATE
SQL14 SECURITY
ENHACEMENTS
30. impersonate any login
• new server-level permission
• when granted IMPERSONATE ANY LOGIN allows a middle-tier process to impersonate
the account of clients connecting to it
• when denied IMPERSONATE ANY LOGIN a high privileged login can be blocked from
impersonating other logins
• example:
CONTROL SERVER permission can be blocked
from impersonating other logins
SQL14 SECURITY
ENHACEMENTS
31. select all user securables
• new server-level permission
• when granted SELECT ALL USER SECURABLES a login (for example for auditing
purposes) can view data in all databases that the user can connect to
SQL14 SECURITY
ENHACEMENTS
32. SQL Server Express Security
• by default:
• instance name: SQLExpress
• networking protocol: disabled
• sql server browser: disabled
• user (local) instances:
• separated instance generated from parent instance
• sysadmin privileges on SQL Express on local machine
• runs as user process not as service process
• only windows logins are supported
• RANU instance (run as normal user)
34. Cloud Security
Microsoft Cloud Security Approach in a Nutshell
• Principles, patterns, and practices
• Security engineering
• Threats and countermeasures
• Secure the network, host, and application
• Application scenarios and solutions
• Security frame
• People, process, and technology
• Application, infrastructure, and business http://bit.ly/1zmeYi2
35. Security Model
• uses regular sql security model
• authenticate logins, map to users and roles
• authorize users and roles to sql objects
• support for standard sql auth logins
• username + password
• {admin, administrator, guest, root, sa}
Security model is 100% compatible with on-premise SQL
36. Security Requirements for Azure Platform
Microsoft Azure Datacenters
• North America
• North-central US - Chicago, IL
• South-central US - San Antonio, TX
• West US - California
• East US - Virginia
• Asia
• East Asia - Hong Kong, China
• South East Asia – Singapore
• South America
• Brasil – Sao Paulo
• Europe
• North Europe - Dublin, Ireland
• West Europe - Amsterdam,
Netherlands
• Japan
• Japan East, the Tokyo area
• Japan West, the Kansai area
• Oceania (announced, coming soon)
• Sydney, New South Wales
• Melbourne, Victoria
37. Security Requirements for Azure Platform
• As a Service Provider Microsoft has an obligation
to passing the several rules for security:
• ISO 27001/27002 Audit and Certification
• SOC 1/SSAE 16/ISAE 3402 and SOC 2 Attestations
• Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)
• Payment Card Industry (PCI) Data Security Standards (DSS) Level 1
38. Security Requirements for Azure Platform
Also they passing (…) several data securing audits:
• Australian Government Information Security Registered Assessors Program (IRAP)
• United Kingdom G-Cloud Australian Government IRAP
• Multi-Tier Cloud Security Standard for Singapore (MTCS SS 584:2013)
• HIPAA Business Associate Agreement (BAA)
• EU Model Clauses
• Food and Drug Administration 21 CFR Part 11
• Family Educational Rights and Privacy Act (FERPA)
• Federal Information Processing Standard (FIPS) 140-2
• Trusted Cloud Service Certification developed by China Cloud Computing Promotion and Policy Forum
(CCCPPF)
• Multi-Level Protection Scheme (MLPS)
39. Security Requirements for Azure Platform
ISO/IEC 27001:2005 Audit and Certification
ISO Scope: The following Azure features are in scope for the current ISO audit: Cloud Services (including
Fabric and RDFE), Storage (Tables, Blobs, Queues), Virtual Machines (including with SQL Server), Virtual
Network, Traffic Manager, Web Sites, BizTalk Services, Media Services, Mobile Services, Service Bus,
Workflow, Multi-Factor Authentication, Active Directory, Right Management Service, SQL Database, and
HDInsight. This includes the Information Security Management System (ISMS) for Azure, encompassing
infrastructure, development, operations, and support for these features. Also included are Power BI for
Office 365 and Power Query Service.
SOC 1 and SOC 2 SSAE 16/ISAE 3402 Attestations
Scope: The following Azure features are in scope for the current SOC 1 Type 2 and SOC 2 Type 2 attestations:
Cloud Services (includes stateless Web, and Worker roles), Storage (Tables, Blobs, Queues), Virtual Machines
(includes persistent virtual machines for use with supported operating systems) and Virtual Network
(includes Traffic Manager).
40. Security Requirements for Azure Platform
And of course requirements for Data Centers:
• Physical security of the data centers (locks, cameras, biometric devices, card readers,
alarms)
• Firewalls, application gateways and IDS to protect the network
• Access Control Lists (ACLs) applied to virtual local area networks (VLANs) and applications
• Authentication and authorization of persons or processes that request access to data
• Hardening of the servers and operating system instances
• Redundant internal and external DNS infrastructure with restricted write access
• Securing of virtual machine objects
• Securing of static and dynamic storage containers
41. SQL Server 2005 {9.0} NON-Compability
• Common Language Runtime (CLR) and CLR User-Defined Types
• Database Mirroring
• Service Broker
• Table Partitioning
• Typed XML and XML indexing is not supported. The XML data type is supported
by SQL Azure.
42. SQL Server 2008 {10.0} NON-Compability
• Change Data Capture
• Data Auditing
• Data Compression
• Extended Events
• External Key Management / Extensible Key Management
• FILESTREAM Data
• Integrated Full-Text Search
• Large User-Defined Aggregates (UDAs)
• Large User-Defined Types (UDTs)
• Performance Data Collection (Data Collector)
• Policy-Based Management
• Resource Governor
• SQL Server Replication
• Transparent Data Encryption
43. SQL Server 2008 R2 {10.50} NON-Compability
• SQL Server Utility
• SQL Server PowerShell Provider
• Master Data Services
SQL Server Management Studio does not support
Windows Azure SQL Database
in versions prior to SQL Server 2008 R2
45. SQL Server Security in the Cloud
• Same security principals like SQL Server on premise
• Full responsibility for DBA with Virtual Machine
• Partial responsibility for DBA with Azure SQL Database
• Automatic updates for Azure SQL Database
• New functionality implemented by Microsoft
• Some incompabilities with t-sql, functions, store procedures
• Increased security by default on Azure platform
46. SQL Server in Cloud: WASD vs VM
Choose Azure SQL Database, if:
• You are building brand new, cloud-based applications; or you want to migrate your existing SQL Server database to
Azure and your database is not using one of the unsupported functionalities in Azure SQL Database. For more
information, see Azure SQL Database Transact-SQL Reference. This approach provides the benefits of a fully managed
cloud service and ensures the fast time-to-market.
• You want to have Microsoft perform common management operations on your databases and require stronger
availability SLAs for databases. This approach can minimize the administration costs and at the same time provides a
guaranteed availability for the database.
Choose SQL Server in Azure VM, if:
• You have existing on-premises applications and wish to stop maintaining your own hardware or you consider hybrid
solutions. This approach lets you get access to high database capacity faster and also connects your on-premises
applications to the cloud via a secure tunnel.
• You have existing IT resources, need full administrative rights over SQL Server, and require the full compatibility with
on-premises SQL Server (for example, some features do not exist in Azure SQL Database). This approach lets you
minimize costs for development or modifications of existing applications with the flexibility to run most applications. In
addition, it provides full control on the VM, operating system, and database configuration.
47. Three Pillars of a Secure Hybrid Cloud
Environment
• Pillar One: risk assessment and management
• A definition of the risks that apply to various asset(s), based on their business
criticality.
• An assessment of the current status of each risk before it’s moved to the cloud.
Using this information, each risk can be accepted, mitigated, transferred or avoided.
• An assessment of the risk profile of each asset, assuming it has been moved to the
cloud.
• Pillar Two: policy and compliance
• Cloud providers need to understand that simply listing compliance certifications isn’t
sufficient. In line with the mantra of transparency explored in the previous point,
providers should take a proactive stance to sharing their security implementations
and controls.
Dimension Data often assists clients by providing them with a list of questions
that we believe they should be posing to cloud providers as part of the
evaluation process, to ensure they’re covering all the bases.’
48. Three Pillars of a Secure Hybrid Cloud Environment
• Pillar Three: provider transparency
• Governance: the ability of an organisation to govern and measure enterprise risk
introduced by cloud.
• Legal issues: regulations, and requirements to protect the privacy of data, and the security
of information and computer systems.
• Compliance and audit: maintaining and proving compliance when using the cloud.
• Information management and data security: managing cloud data, and responsibility for
data confidentiality, integrity and availability.
• Portability and interoperability: the ability to move data or services from one provider to
another, or bring them back in-house.
• Business continuity and disaster recovery: operational processes and procedures for
business continuity and disaster recovery.
49. Three Pillars of a Secure Hybrid Cloud Environment
• Pillar Three: provider transparency
• Data centre: evaluating any elements of a provider’s data centre architecture and
operations that could be detrimental to ongoing services.
• Incident response, notification and remediation: adequate incydent detection, response,
notification, and remediation.
• Application security: securing application software running on or developed in the cloud.
• Encryption and key management: identifying proper encryption usage and scalable key
management.
• Identity and access management: assessing an organisation’s readiness to conduct cloud-
based identity, entitlement, and access management.
• Virtualisation: risks associated with multi-tenancy, virtual machine isolation and co-
residence, hypervisor vulnerabilities, etc.
50. Recommendations
• Create a new role for an Information Manager who owns information
governance across (all SharePoint) environments
• Train and educate all stakeholders about risk and liability
• Assess the appropriateness of using SharePoint versus other document
management tools
• Define information governance policies for access, retention, archival, and
backup
• Automate risk controls
• Audit user and data activities
• Resources:
• Microsoft TechNet
• Microsoft MSDN
• Legal Sources for Compliance Requirements
52. links
• ISECOM (the Institute for Security and Open Methodologies)
• http://www.isecom.org/about-us.html
• OSSTMM (Open Source Security Testing Methodology Manual)
• http://www.isecom.org/research/osstmm.html
• Library of Resources for Industrial Control System Cyber Security
• https://scadahacker.com/library/index.html
• patterns & practices: Cloud Security Approach in a Nutshell
• https://technet.microsoft.com/en-us/ff742848.aspx
• Microsoft Azure Trust Center: Security
• http://azure.microsoft.com/en-us/support/trust-center/security/
• 10 Things to know about Azure Security
• https://technet.microsoft.com/en-us/cloud/gg663906.aspx
• Security Best Practice and Label Security Whitepapers
• http://blogs.msdn.com/b/sqlsecurity/archive/2012/03/07/security-best-practice-and-label-security-whitepapers.aspx
53. links
• Hello Secure World
• http://www.microsoft.com/click/hellosecureworld/default.mspx
• SQL Server Label Security Toolkit
• http://sqlserverlst.codeplex.com/
SQL Server Best Practices Analyzer
• Microsoft Baseline Configuration Analyzer 2.0
• http://www.microsoft.com/en-us/download/details.aspx?id=16475
• SQL Server 2005 Best Practices Analyzer (August 2008)
• http://www.microsoft.com/en-us/download/details.aspx?id=23864
• Microsoft® SQL Server® 2008 R2 Best Practices Analyzer
• http://www.microsoft.com/en-us/download/details.aspx?id=15289
• Microsoft® SQL Server® 2012 Best Practices Analyzer
• http://www.microsoft.com/en-us/download/details.aspx?id=29302
54. links
• Microsoft Security Assessment Tool
• http://www.microsoft.com/downloads/details.aspx?FamilyID=6D79DF9C-C6D1-4E8F-8000-
0BE72B430212&displaylang=en
• Microsoft Application Verifier
• http://www.microsoft.com/downloads/details.aspx?FamilyID=bd02c19c-1250-433c-8c1b-
2619bd93b3a2&DisplayLang=en
• Microsoft Threat Analysis & Modelling Tool
• http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-
944703479451&DisplayLang=en
• How To: Protect From SQL Injection in ASP.NET
• http://msdn2.microsoft.com/en-us/library/ms998271.aspx
• Securing Your Database Server
• http://msdn.microsoft.com/en-us/library/aa302434.aspx
• Threats and Countermeasures
• http://www.microsoft.com/technet/security/guidance/serversecurity/tcg/tcgch00.mspx
55. links
• Configure Windows Service Accounts and Permissions
• https://msdn.microsoft.com/en-us/library/ms143504.aspx#Network_Service
• Select an Account for the SQL Server Agent Service
• https://msdn.microsoft.com/en-us/library/ms191543.aspx
• Server Configuration - Service Accounts
• https://msdn.microsoft.com/en-us/library/cc281953.aspx
56. azure resources: security
• Azure Security: Technical Insights
• Security Best Practices for Developing Azure Solutions
• Protecting Data in Azure
• Azure Network Security
• Microsoft Antimalware for Azure Cloud Services and Virtual Machines
• Microsoft Enterprise Cloud Red Teaming
• Microsoft Azure Security and Audit Log Management
• Security Management in Microsoft Azure
• Crypto Services and Data Security in Azure
57. azure resources: security & privacy
• Business Continuity for Azure
• Understanding Security Account Management in Azure
• Azure Data Security: Cleansing and Leakage
• Scenarios and Solutions Using Azure Active Directory Access Control
• Securing and Authenticating a Service Bus Connection
• Azure Privacy Overview (PDF)
• Azure Privacy Statement
• Law Enforcement Request Report
• Protecting Data and Privacy in the Cloud
58. azure resources: compliance & more
• Response to Cloud Security Alliance Cloud Controls Matrix (DOC)
• Azure HIPAA Implementation Guidance (PDF)
• Azure Customer PCI Guide (PDF)
• The Microsoft Approach to Cloud Transparency (PDF)
• Microsoft Trustworthy Computing
• Operational Security for Online Services Overview (PDF)
• Data Classification for Cloud Readiness
• CISO Perspectives on Data Classification (PDF)
• An Introduction to Designing Reliable Cloud Services (PDF)
• Deploying Highly Available and Secure Cloud Solutions (PDF)
59. azure resources
RESOURCE DESCRIPTION
MSDN: Azure SQL Database
MSDN: SQL Server in Azure
Virtual Machines
Azure.com: Azure SQL Database
Links to the library documentation.
Azure SQL Database and SQL
Server -- Performance and
Scalability Compared and
Contrasted
This article explains performance differences and troubleshooting
techniques when using Azure SQL Database and SQL Server running on-
premises or in a VM.
Application Patterns and
Development Strategies for SQL
Server in Azure Virtual Machines
This article discusses the most common application patterns that apply to
SQL Server in Azure VMs and also hybrid scenarios including Azure SQL
Database.
Microsoft Enterprise Library
Transient Fault Handling
Application Block
This library lets developers make their applications running on Azure SQL
Database more resilient by adding robust transient fault handling logic.
Transient faults are errors that occur because of some temporary
condition such as network connectivity issues or service unavailability.
Since Azure SQL Database is a multitenant service, it is important to
handle such errors to minimize any application downtime.
60. credits
• Yes, 123456 is the most common password, but here’s why that’s misleading
http://arstechnica.com/security/2015/01/yes-123456-is-the-most-common-password-but-heres-why-thats-misleading/
• CIO’s are Listening, Security is Important…
https://communities.intel.com/community/itpeernetwork/blog/2014/05/20/cio-s-are-listening-security-is-important