SlideShare a Scribd company logo

Organizational compliance and security in Microsoft SQL 2012-2016

George Walters
George Walters

Organizational compliance and security in Microsoft SQL 2012-2016. This covers encryption at rest and in transit, securing data, application design considerations, Audit, and T-SQL to help you get compliant.

1 of 33
SQL 2012 - 2016 Organizational Security & Compliance George Walters Senior Technology Solutions Professional Data Platform george.walters@microsoft.com @gwalters69 on twitter
SQL Server 2016: Everything built-in The above graphics were published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Consistent experience from on-premises to cloud Microsoft Tableau Oracle $120 $480 $2,230 Self-service BI per user In-memoryacrossall workloads built-inbuilt-in built-in built-in built-in TPC-H 10TB non-clustered results as of 04/06/15, 5/04/15, 4/15/14 and 11/25/13, respectively. http://www.tpc.org/tpch/results/tpch_perf_results.asp?resulttype=noncluster at massive scale 0 1 4 0 0 3 34 29 22 15 5 22 6 43 20 69 18 49 3 0 10 20 30 40 50 60 70 80 2010 2011 2012 2013 2014 2015 SQL Server Oracle MySQL SAP HANA TPC-H Oracle is #5#2 SQL Server #1 SQL Server #3 SQL Server National Institute of Standards and Technology Comprehensive Vulnerability Database update 10/2015 3
Progress on SQL Engine security … A Journey through time 4
ASE256 for backup keys SHA512 for password hashes Built-in cryptography hierarchy Transparent data encryption Extensible key management Sign code modules Encrypted connection on-premises and in Azure SQL database Audit, TDE, Always Encrypted in Azure SQL database
USE master; GO CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<UseStrongPasswordHere>'; Go CREATE CERTIFICATE MyServerCert WITH SUBJECT = 'My DEK Certificate'; go USE AdventureWorks2012; GO CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE MyServerCert; GO ALTER DATABASE AdventureWorks2012 SET ENCRYPTION ON; GO
allow flexible database access for better separation of duties
Performance Security Availability Scalability Operational analytics Insights on operational data; Works with in-memory OLTP and disk-based OLTP In-memory OLTP enhancements Greater T-SQL surface area, terabytes of memory supported, and greater number of parallel CPUs Query data store Monitor and optimize query plans Native JSON Expanded support for JSON data Temporal database support Query data as points in time Always encrypted Sensitive data remains encrypted at all times with ability to query Row-level security Apply fine-grained access control to table rows Dynamic data masking Real-time obfuscation of data to prevent unauthorized access Other enhancements Audit success/failure of database operations TDE support for storage of in- memory OLTP tables Enhanced auditing for OLTP with ability to track history of record changes Enhanced AlwaysOn Three synchronous replicas for auto failover across domains Round robin load balancing of replicas Automatic failover based on database health DTC for transactional integrity across database instances with AlwaysOn Support for SSIS with AlwaysOn Enhanced database caching Cache data with automatic, multiple TempDB files per instance in multi- core environments Mission-critical performance
Always Encrypted SQL Server 2016 Azure SQL Database
Prevents Data Disclosure Client-side encryption of sensitive data using keys that are never given to the database system. Queries on Encrypted Data Support for equality comparison, incl. join, group by and distinct operators. Application Transparency Minimal application changes via server and client library enhancements. Allows customers to securely store sensitive data outside of their trust boundary. Data remains protected from high-privileged, yet unauthorized users. Benefits of Always Encrypted
dbo.Patients Jane Doe Name 243-24-9812 SSN USA Country Jim Gray 198-33-0987 USA John Smith 123-82-1095 USA dbo.Patients Jane Doe Name 1x7fg655se2e SSN USA Jim Gray 0x7ff654ae6d USA John Smith 0y8fj754ea2c USA Country Result Set Jim Gray Name Jane Doe Name 1x7fg655se2e SSN USA Country Jim Gray 0x7ff654ae6d USA John Smith 0y8fj754ea2c USA dbo.Patients SQL Server Query TrustedApps SELECT Name FROM Patients WHERE SSN=@SSN @SSN='198-33-0987' Result Set Jim Gray Name SELECT Name FROM Patients WHERE SSN=@SSN @SSN=0x7ff654ae6d Column Encryption Key Enhanced ADO.NET Library Column Master Key Client side Always Encrypted Help protect data at rest and in motion, on-premises & cloud ciphertext
Randomized encryption Encrypt('123-45-6789') = 0x17cfd50a Repeat: Encrypt('123-45-6789') = 0x9b1fcf32 Allows for transparent retrieval of encrypted data but NO operations More secure Deterministic encryption Encrypt('123-45-6789') = 0x85a55d3f Repeat: Encrypt('123-45-6789') = 0x85a55d3f Allows for transparent retrieval of encrypted data AND equality comparison E.g. in WHERE clauses and joins, distinct, group by Two types of encryption available Randomized encryption uses a method that encrypts data in a less predictable manner Deterministic encryption uses a method which always generates the same encrypted value for any given plain text value Types of Encryption for Always Encrypted
Security Officer 1. Generate CEKs and Master Key 2. Encrypt CEK 3. Store Master Key Securely 4. Upload Encrypted CEK to DB CMK Store: Certificate Store HSM Azure Key Vault … Encrypted CEK Column Encryption Key (CEK) Column Master Key (CMK) Key Provisioning CMK Database Encrypted CEK
Param Encryption Type/ Algorithm Encrypted CEK Value CMK Store Provider Name CMK Path @Name Non-DET/ AES 256 CERTIFICATE _STORE Current User/ My/f2260… EXEC sp_execute_sql N'SELECT * FROM Customers WHERE SSN = @SSN' , @params = N'@SSN VARCHAR(11)', @SSN=0x7ff654ae6d Param Encryption Type/ Algorithm Encrypted CEK Value CMK Store Provider Name CMK Path @SSN DET/ AES 256 CERTIFICATE _STORE Current User/ My/f2260… Enhanced ADO.NET Plaintext CEK Cache exec sp_describe_parameter_encryption @params = N'@SSN VARCHAR(11)' , @tsql = N'SELECT * FROM Customers WHERE SSN = @SSN' Result set (ciphertext) Name Jim Gray Result set (plaintext) using (SqlCommand cmd = new SqlCommand( "SELECT Name FROM Customers WHERE SSN = @SSN“ , conn)) { cmd.Parameters.Add(new SqlParameter( "@SSN", SqlDbType.VarChar, 11).Value = "111-22-3333"); SqlDataReader reader = cmd.ExecuteReader(); Client - Trusted SQL Server - Untrusted Encryptionmetadata Name 0x19ca706fbd9 Encryptionmetadata CMK Store Example
Select columns to be encrypted Analyze schema and application queries to detect conflicts (build time)Set up the keys: master & CEK Static schema analysis tool (SSDT only) UI for selecting columns (no automated data classification) Key setup tool to automate selecting CMK, generating and encrypting CEK and uploading key metadata to the database Setup (SSMS or SSDT) User Experience: SSMS or SSDT (Visual Studio)
Existing App – Setup User Experience: SSMS or SSDT (Visual Studio) UI for selecting columns (no automated data classification) Select candidate columns to be encrypted Analyze schema and application queries to detect conflicts and identify optimal encryption settings Set up the keys Encrypt selected columns while migrating the database to a target server (e.g. in Azure SQL Database Key Setup tool to streamline selecting CMK, generating and encrypting CEK and uploading key metadata to the database Encryption tool creating new (encrypted) columns, copying data from old (plain text) columns, swapping columns and re- creating dependencies Select desired encryption settings for selected columns UI for configuring encryption settings on selected columns (accepting/editing recommendations from the analysis tool) Schema/workload analysis tool analyzing the schema and profiler logs
Data remains encrypted during query Summary: Always encrypted Protect data at rest and in motion, on-premises & cloud Capability ADO.Net client library provides transparent client-side encryption, while SQL Server executes T-SQL queries on encrypted data Benefits Apps TCE-enabled ADO .NET library SQL ServerEncrypted query Columnar key No app changes Master key
Row-Level Security SQL Server 2016 Azure SQL Database
Fine-grained access control over specific rows in a database table Help prevent unauthorized access when multiple users share the same tables, or to implement connection filtering in multitenant applications Administer via SQL Server Management Studio or SQL Server Data Tools Enforcement logic inside the database and schema bound to the table. Protect data privacy by ensuring the right access across rows SQL Database Customer 1 Customer 2 Customer 3 Row-level security
Fine-grained access control Keeping multi-tenant databases secure by limiting access by other users who share the same tables. Application transparency RLS works transparently at query time, no app changes needed. Compatible with RLS in other leading products. Centralized security logic Enforcement logic resides inside database and is schema-bound to the table it protects providing greater security. Reduced application maintenance and complexity. Store data intended for many consumers in a single database/table while at the same time restricting row-level read & write access based on users’ execution context. Benefits of row-level security
CREATE SECURITY POLICY mySecurityPolicy ADD FILTER PREDICATE dbo.fn_securitypredicate(wing, startTime, endTime) ON dbo.patients Predicate function User-defined inline table-valued function (iTVF) implementing security logic Can be arbitrarily complicated, containing joins with other tables Security predicate Applies a predicate function to a particular table (SEMIJOIN APPLY) Two types: filter predicates and blocking predicates Security policy Collection of security predicates for managing security across multiple tables Row Level Security Concepts
CREATE FUNCTION dbo.fn_securitypredicate(@wing int) RETURNS TABLE WITH SCHEMABINDING AS return SELECT 1 as [fn_securitypredicate_result] FROM StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND @wing = d.Wing; CREATE SECURITY POLICY dbo.SecPol ADD FILTER PREDICATE dbo.fn_securitypredicate(Wing) ON Patients WITH (STATE = ON) Fine-grained access control over rows in a table based on one or more pre-defined filtering criteria, e.g., user’s role or clearance level in organization. Concepts: Predicate function Security policy Example
Two App user (e.g., nurse) selects from Patients table Three Security Policy transparently rewrites query to apply filter predicate Database Policy Manager CREATE FUNCTION dbo.fn_securitypredicate(@wing int) RETURNS TABLE WITH SCHEMABINDING AS return SELECT 1 as [fn_securitypredicate_result] FROM StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND @wing = d.Wing; CREATE SECURITY POLICY dbo.SecPol ADD FILTER PREDICATE dbo.fn_securitypredicate(Wing) ON Patients WITH (STATE = ON) Filter Predicate: INNER JOIN… Security Policy Application Patients One Policy manager creates filter predicate and security policy in T-SQL, binding the predicate to the Patients table Nurse SELECT * FROM Patients SELECT * FROM Patients SEMIJOIN APPLY dbo.fn_securitypredicate(patients.Wing); SELECT Patients.* FROM Patients, StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND Patients.wing = d.Wing; RLS in Three Steps
Creates a security policy for row level security. The following examples demonstrate the use of the CREATE SECURITY POLICY syntax. For an example of a complete security policy scenario, see Row Level Security. Create Security Policy -- The following syntax creates a security policy with a filter predicate for the Customer table, and leaves the security policy disabled CREATE SECURITY POLICY [FederatedSecurityPolicy] ADD FILTER PREDICATE [rls].[fn_securitypredicate]([CustomerId]) ON [dbo].[Customer]; -- Create a new schema and predicate function, which will use the application user ID stored in CONTEXT_INFO to filter rows. CREATE FUNCTION rls.fn_securitypredicate (@AppUserId int) RETURNS TABLE WITH SCHEMABINDING AS RETURN ( SELECT 1 AS fn_securitypredicate_result WHERE DATABASE_PRINCIPAL_ID() = DATABASE_PRINCIPAL_ID('dbo') -- application context AND CONTEXT_INFO() = CONVERT(VARBINARY(128), @AppUserId); GO
Dynamic Data Masking SQL Server 2016 Azure SQL Database
Configuration made easy in the new Azure portal Policy-driven at the table and column level, for a defined set of users Data masking applied in real-time to query results based on policy Multiple masking functions available (e.g. full, partial) for various sensitive data categories (e.g. Credit Card Numbers, SSN, etc.) Azure SQL Database SQL Server 2016 CTP2+ Table.CreditCardNo 4465-6571-7868-5796 4468-7746-3848-1978 4484-5434-6858-6550 Real-time data masking; partial masking Dynamic Data Masking Prevent the abuse of sensitive data by hiding it from users
Audit success/failure of database operations Enhanced auditing for OLTP with ability to track history of record changes Transparent Data Encryption support for storage of In- memory OLTP Tables Backup encryption now supported with compression Other security enhancements
MSDN Documentation https://msdn.microsoft.com/en-us/library/dn765131.aspx Security Center for SQL Server Database & SQL Database https://msdn.microsoft.com/en-us/bb510589.aspx SQL Server Security Blog Additional examples, useful tips and tricks http://blogs.msdn.com/b/sqlsecurity/ SQL Server Label Security Toolkit Updated version to take advantage of RLS http://sqlserverlst.codeplex.com/ Security resources
PolyBase SQL Server Hadoop T-SQL query • Manage structured & unstructured data • Simple T-SQL to query Hadoop (HDFS) • JSON support Quote: $658.39 Stretch database App Microsoft Azure Query Customer data Product data Order History Stretch to cloud  • Data is encrypted & queryable • Save money & improve customer experience • No application changes Learn more! www.microsoft.com/ SQLServer2016 Order history Name SSN Date Philip Wenger cm61ba906fd 2/28/2005 Denny Usher ox7ff654ae6d 3/18/2005 Alicia Hodge i2y36cg776rg 4/10/2005 Alta Levy nx290pldo90l 4/27/2005 Dionne Hardin ypo85ba616rj 5/12/2005 Kristy Flowers bns51ra806fd 5/22/2005 Sara Wiley mci12hh906fj 6/07/2005 Whitney Lang utb76b916gi 6/18/2014 Lorenzo Olds px61hi9306fj 7/1/2014 Sophie Cook ol43bi506gd 7/12/2014 Aida Durham tx83hal916fi 7/29/2014 Name DOB State Denny Usher 11/13/58 WA Gina Burch 04/29/76 WA Real-time operational analytics 0100101010110 ETL In-memory ColumnStore In-memory OLTP Real-time business problem detection 2-24 hrs • Up to 30x faster transactions with in-memory OLTP • Queries from minutes to seconds In-database Advanced Analytics R built-in to SQL Server Mission critical OLTP • R built-in to your T-SQL • Real-time operational analytics without moving the data • Open source R with in-memory & massive scale – multi-threading and massive parallel processing End-to-end mobile BI • In-memory built-in • Real-time with direct query capabilities • Powerful modeling with 250+ built-in analytical functions • Mobile reports with online & offline access • Modern data visualizations with Reporting Services or Power BI Highest performing data warehouse SMP MPP Petabyte- scale Data marts Azure SQL Data Warehouse MPP SQL Server SQL Server + Analytics Platform System Data marts Petabyte- scale SMP • Scale to MPP on-premises & in the cloud • Simple T-SQL to manage structured and unstructured data • ½ the cost of Oracle Exadata SQL Server in Azure VM Always Encrypted App SELECT Name FROM Patients WHERE SSN=@SSN @SSN='198-33-0987' SQL Server Column Master Key Query Column Encryption Key Enhanced ADO.NET Library Denny Usher Name 198-33-0987 SSN USA Country Result Set Philip Wegner Name 1x7fg655se2e SSN USA Country Denny Usher 0x7ff654ae6d USA Alicia Hodge 0y8fj754ea2c USA dbo.Patients Denny Usher Name 0x7ff654ae6d SSN USA Country Result Set SELECT Name FROM Patients WHERE SSN=@SSN @SSN=0x7ff654ae6d • Protect data at rest and in motion • Without impacting database performance Trusted On-premises Cloud
Thank you! george.walters@microsoft.com @gwalters69 Resources: http://blogs.msdn.com/b/data-platform/ http://www.microsoftvirtualacademy.com http://channel9.msdn.com https://azure.microsoft.com/en-us/support/trust-center/

Recommended

AcceleTest
AcceleTestAcceleTest
AcceleTest
Liz Martin
 
IRJET - Confidential Image De-Duplication in Cloud Storage
IRJET - Confidential Image De-Duplication in Cloud StorageIRJET - Confidential Image De-Duplication in Cloud Storage
IRJET - Confidential Image De-Duplication in Cloud Storage
IRJET Journal
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack webhostingguy
 
World2016_T5_S7_TeradataFunctionalOverview
World2016_T5_S7_TeradataFunctionalOverviewWorld2016_T5_S7_TeradataFunctionalOverview
World2016_T5_S7_TeradataFunctionalOverviewFarah Omer
 
World2016_T5_S5_SQLServerFunctionalOverview
World2016_T5_S5_SQLServerFunctionalOverviewWorld2016_T5_S5_SQLServerFunctionalOverview
World2016_T5_S5_SQLServerFunctionalOverviewFarah Omer
 
MySQL Indexes and Histograms - RMOUG Training Days 2022
MySQL Indexes and Histograms - RMOUG Training Days 2022MySQL Indexes and Histograms - RMOUG Training Days 2022
MySQL Indexes and Histograms - RMOUG Training Days 2022
Dave Stokes
 
Ch06 ado.net fundamentals
Ch06 ado.net fundamentalsCh06 ado.net fundamentals
Ch06 ado.net fundamentalsMadhuri Kavade
 
A Novel methodology for handling Document Level Security in Search Based Appl...
A Novel methodology for handling Document Level Security in Search Based Appl...A Novel methodology for handling Document Level Security in Search Based Appl...
A Novel methodology for handling Document Level Security in Search Based Appl...
lucenerevolution
 

Recommended

AcceleTest
AcceleTestAcceleTest
AcceleTest
Liz Martin
 
IRJET - Confidential Image De-Duplication in Cloud Storage
IRJET - Confidential Image De-Duplication in Cloud StorageIRJET - Confidential Image De-Duplication in Cloud Storage
IRJET - Confidential Image De-Duplication in Cloud Storage
IRJET Journal
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack webhostingguy
 
World2016_T5_S7_TeradataFunctionalOverview
World2016_T5_S7_TeradataFunctionalOverviewWorld2016_T5_S7_TeradataFunctionalOverview
World2016_T5_S7_TeradataFunctionalOverviewFarah Omer
 
World2016_T5_S5_SQLServerFunctionalOverview
World2016_T5_S5_SQLServerFunctionalOverviewWorld2016_T5_S5_SQLServerFunctionalOverview
World2016_T5_S5_SQLServerFunctionalOverviewFarah Omer
 
MySQL Indexes and Histograms - RMOUG Training Days 2022
MySQL Indexes and Histograms - RMOUG Training Days 2022MySQL Indexes and Histograms - RMOUG Training Days 2022
MySQL Indexes and Histograms - RMOUG Training Days 2022
Dave Stokes
 
Ch06 ado.net fundamentals
Ch06 ado.net fundamentalsCh06 ado.net fundamentals
Ch06 ado.net fundamentalsMadhuri Kavade
 
A Novel methodology for handling Document Level Security in Search Based Appl...
A Novel methodology for handling Document Level Security in Search Based Appl...A Novel methodology for handling Document Level Security in Search Based Appl...
A Novel methodology for handling Document Level Security in Search Based Appl...
lucenerevolution
 
Towards Secure and Dependable Storage Services in Cloud Computing
Towards Secure and Dependable Storage Services in Cloud Computing Towards Secure and Dependable Storage Services in Cloud Computing
Towards Secure and Dependable Storage Services in Cloud Computing
IJMER
 
Evident Discovery2
Evident Discovery2Evident Discovery2
Evident Discovery2Clark8435
 
Towards secure and dependable storage
Towards secure and dependable storageTowards secure and dependable storage
Towards secure and dependable storageKhaja Moiz Uddin
 
Securing Search Data in the Cloud
Securing Search Data in the CloudSecuring Search Data in the Cloud
Securing Search Data in the Cloud
SearchStax
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Security
ijsrd.com
 
Farheen
Farheen Farheen
Farheen
Farheen Naaz
 
ASP.NET 08 - Data Binding And Representation
ASP.NET 08 - Data Binding And RepresentationASP.NET 08 - Data Binding And Representation
ASP.NET 08 - Data Binding And Representation
Randy Connolly
 
PLSQL Standards and Best Practices
PLSQL Standards and Best PracticesPLSQL Standards and Best Practices
PLSQL Standards and Best Practices
Alwyn D'Souza
 
Using hash fields in sql server tech republic
Using hash fields in sql server tech republicUsing hash fields in sql server tech republic
Using hash fields in sql server tech republicKaing Menglieng
 
BigData Security - A Point of View
BigData Security - A Point of ViewBigData Security - A Point of View
BigData Security - A Point of View
Karan Alang
 
Towards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudTowards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudsibidlegend
 
secure data transfer and deletion from counting bloom filter in cloud computing.
secure data transfer and deletion from counting bloom filter in cloud computing.secure data transfer and deletion from counting bloom filter in cloud computing.
secure data transfer and deletion from counting bloom filter in cloud computing.
Venkat Projects
 
Oracle developer interview questions(entry level)
Oracle developer interview questions(entry level)Oracle developer interview questions(entry level)
Oracle developer interview questions(entry level)
Naveen P
 
cPanel now supports MySQL 8.0 - My Top Seven Features
cPanel now supports MySQL 8.0 - My Top Seven FeaturescPanel now supports MySQL 8.0 - My Top Seven Features
cPanel now supports MySQL 8.0 - My Top Seven Features
Dave Stokes
 
IRJET- Secure Data Deduplication for Cloud Server using HMAC Algorithm
IRJET- Secure Data Deduplication for Cloud Server using HMAC AlgorithmIRJET- Secure Data Deduplication for Cloud Server using HMAC Algorithm
IRJET- Secure Data Deduplication for Cloud Server using HMAC Algorithm
IRJET Journal
 
Sql Summit Clr, Service Broker And Xml
Sql Summit Clr, Service Broker And XmlSql Summit Clr, Service Broker And Xml
Sql Summit Clr, Service Broker And Xml
David Truxall
 
Using object dependencies in sql server 2008 tech republic
Using object dependencies in sql server 2008 tech republicUsing object dependencies in sql server 2008 tech republic
Using object dependencies in sql server 2008 tech republicKaing Menglieng
 
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...
Michael Noel
 
ADO.NET
ADO.NETADO.NET
ADO.NET
Wani Zahoor
 
What's new in SQL Server 2016
What's new in SQL Server 2016What's new in SQL Server 2016
What's new in SQL Server 2016
James Serra
 
AcceleTest
AcceleTestAcceleTest
AcceleTest
Liz Martin
 
Sql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedSql Server 2016 Always Encrypted
Sql Server 2016 Always Encrypted
Duncan Greaves PhD
 

More Related Content

What's hot

Towards Secure and Dependable Storage Services in Cloud Computing
Towards Secure and Dependable Storage Services in Cloud Computing Towards Secure and Dependable Storage Services in Cloud Computing
Towards Secure and Dependable Storage Services in Cloud Computing
IJMER
 
Evident Discovery2
Evident Discovery2Evident Discovery2
Evident Discovery2Clark8435
 
Towards secure and dependable storage
Towards secure and dependable storageTowards secure and dependable storage
Towards secure and dependable storageKhaja Moiz Uddin
 
Securing Search Data in the Cloud
Securing Search Data in the CloudSecuring Search Data in the Cloud
Securing Search Data in the Cloud
SearchStax
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Security
ijsrd.com
 
Farheen
Farheen Farheen
Farheen
Farheen Naaz
 
ASP.NET 08 - Data Binding And Representation
ASP.NET 08 - Data Binding And RepresentationASP.NET 08 - Data Binding And Representation
ASP.NET 08 - Data Binding And Representation
Randy Connolly
 
PLSQL Standards and Best Practices
PLSQL Standards and Best PracticesPLSQL Standards and Best Practices
PLSQL Standards and Best Practices
Alwyn D'Souza
 
Using hash fields in sql server tech republic
Using hash fields in sql server tech republicUsing hash fields in sql server tech republic
Using hash fields in sql server tech republicKaing Menglieng
 
BigData Security - A Point of View
BigData Security - A Point of ViewBigData Security - A Point of View
BigData Security - A Point of View
Karan Alang
 
Towards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudTowards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudsibidlegend
 
secure data transfer and deletion from counting bloom filter in cloud computing.
secure data transfer and deletion from counting bloom filter in cloud computing.secure data transfer and deletion from counting bloom filter in cloud computing.
secure data transfer and deletion from counting bloom filter in cloud computing.
Venkat Projects
 
Oracle developer interview questions(entry level)
Oracle developer interview questions(entry level)Oracle developer interview questions(entry level)
Oracle developer interview questions(entry level)
Naveen P
 
cPanel now supports MySQL 8.0 - My Top Seven Features
cPanel now supports MySQL 8.0 - My Top Seven FeaturescPanel now supports MySQL 8.0 - My Top Seven Features
cPanel now supports MySQL 8.0 - My Top Seven Features
Dave Stokes
 
IRJET- Secure Data Deduplication for Cloud Server using HMAC Algorithm
IRJET- Secure Data Deduplication for Cloud Server using HMAC AlgorithmIRJET- Secure Data Deduplication for Cloud Server using HMAC Algorithm
IRJET- Secure Data Deduplication for Cloud Server using HMAC Algorithm
IRJET Journal
 
Sql Summit Clr, Service Broker And Xml
Sql Summit Clr, Service Broker And XmlSql Summit Clr, Service Broker And Xml
Sql Summit Clr, Service Broker And Xml
David Truxall
 
Using object dependencies in sql server 2008 tech republic
Using object dependencies in sql server 2008 tech republicUsing object dependencies in sql server 2008 tech republic
Using object dependencies in sql server 2008 tech republicKaing Menglieng
 
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...
Michael Noel
 
ADO.NET
ADO.NETADO.NET
ADO.NET
Wani Zahoor
 

What's hot (19)

Towards Secure and Dependable Storage Services in Cloud Computing
Towards Secure and Dependable Storage Services in Cloud Computing Towards Secure and Dependable Storage Services in Cloud Computing
Towards Secure and Dependable Storage Services in Cloud Computing
 
Evident Discovery2
Evident Discovery2Evident Discovery2
Evident Discovery2
 
Towards secure and dependable storage
Towards secure and dependable storageTowards secure and dependable storage
Towards secure and dependable storage
 
Securing Search Data in the Cloud
Securing Search Data in the CloudSecuring Search Data in the Cloud
Securing Search Data in the Cloud
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Security
 
Farheen
Farheen Farheen
Farheen
 
ASP.NET 08 - Data Binding And Representation
ASP.NET 08 - Data Binding And RepresentationASP.NET 08 - Data Binding And Representation
ASP.NET 08 - Data Binding And Representation
 
PLSQL Standards and Best Practices
PLSQL Standards and Best PracticesPLSQL Standards and Best Practices
PLSQL Standards and Best Practices
 
Using hash fields in sql server tech republic
Using hash fields in sql server tech republicUsing hash fields in sql server tech republic
Using hash fields in sql server tech republic
 
BigData Security - A Point of View
BigData Security - A Point of ViewBigData Security - A Point of View
BigData Security - A Point of View
 
Towards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudTowards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloud
 
secure data transfer and deletion from counting bloom filter in cloud computing.
secure data transfer and deletion from counting bloom filter in cloud computing.secure data transfer and deletion from counting bloom filter in cloud computing.
secure data transfer and deletion from counting bloom filter in cloud computing.
 
Oracle developer interview questions(entry level)
Oracle developer interview questions(entry level)Oracle developer interview questions(entry level)
Oracle developer interview questions(entry level)
 
cPanel now supports MySQL 8.0 - My Top Seven Features
cPanel now supports MySQL 8.0 - My Top Seven FeaturescPanel now supports MySQL 8.0 - My Top Seven Features
cPanel now supports MySQL 8.0 - My Top Seven Features
 
IRJET- Secure Data Deduplication for Cloud Server using HMAC Algorithm
IRJET- Secure Data Deduplication for Cloud Server using HMAC AlgorithmIRJET- Secure Data Deduplication for Cloud Server using HMAC Algorithm
IRJET- Secure Data Deduplication for Cloud Server using HMAC Algorithm
 
Sql Summit Clr, Service Broker And Xml
Sql Summit Clr, Service Broker And XmlSql Summit Clr, Service Broker And Xml
Sql Summit Clr, Service Broker And Xml
 
Using object dependencies in sql server 2008 tech republic
Using object dependencies in sql server 2008 tech republicUsing object dependencies in sql server 2008 tech republic
Using object dependencies in sql server 2008 tech republic
 
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...
 
ADO.NET
ADO.NETADO.NET
ADO.NET
 

Similar to Organizational compliance and security in Microsoft SQL 2012-2016

What's new in SQL Server 2016
What's new in SQL Server 2016What's new in SQL Server 2016
What's new in SQL Server 2016
James Serra
 
AcceleTest
AcceleTestAcceleTest
AcceleTest
Liz Martin
 
Sql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedSql Server 2016 Always Encrypted
Sql Server 2016 Always Encrypted
Duncan Greaves PhD
 
Always encrypted overview
Always encrypted overviewAlways encrypted overview
Always encrypted overview
SolidQ
 
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
Jürgen Ambrosi
 
Expert summit SQL Server 2016
Expert summit SQL Server 2016Expert summit SQL Server 2016
Expert summit SQL Server 2016
Łukasz Grala
 
JoTechies - Azure SQL DB
JoTechies - Azure SQL DBJoTechies - Azure SQL DB
JoTechies - Azure SQL DB
JoTechies
 
Novidades do SQL Server 2016
Novidades do SQL Server 2016Novidades do SQL Server 2016
Novidades do SQL Server 2016
Marcos Freccia
 
SQL Server Ground to Cloud.pptx
SQL Server Ground to Cloud.pptxSQL Server Ground to Cloud.pptx
SQL Server Ground to Cloud.pptx
saidbilgen
 
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATAEXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
IRJET Journal
 
SQL Server 2016 - Always On.pptx
SQL Server 2016 - Always On.pptxSQL Server 2016 - Always On.pptx
SQL Server 2016 - Always On.pptx
QuyVo27
 
Sqrrl and Accumulo
Sqrrl and AccumuloSqrrl and Accumulo
Sqrrl and Accumulo
John Dougherty
 
Azure Data platform
Azure Data platformAzure Data platform
Azure Data platform
Mostafa
 
Keeping Private Data Private
Keeping Private Data PrivateKeeping Private Data Private
Keeping Private Data PrivateDobler Consulting
 
Secure and efficient skyline queries on encrypted data
Secure and efficient skyline queries on encrypted dataSecure and efficient skyline queries on encrypted data
Secure and efficient skyline queries on encrypted data
JAYAPRAKASH JPINFOTECH
 
Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...
Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...
Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...
Maginatics
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
European Collaboration Summit
 
Sql 2016 - What's New
Sql 2016 - What's NewSql 2016 - What's New
Sql 2016 - What's New
dpcobb
 
What's new in SQL Server 2016
What's new in SQL Server 2016What's new in SQL Server 2016
What's new in SQL Server 2016
Onomi
 

Similar to Organizational compliance and security in Microsoft SQL 2012-2016 (20)

What's new in SQL Server 2016
What's new in SQL Server 2016What's new in SQL Server 2016
What's new in SQL Server 2016
 
AcceleTest
AcceleTestAcceleTest
AcceleTest
 
Sql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedSql Server 2016 Always Encrypted
Sql Server 2016 Always Encrypted
 
Always encrypted overview
Always encrypted overviewAlways encrypted overview
Always encrypted overview
 
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
 
Expert summit SQL Server 2016
Expert summit SQL Server 2016Expert summit SQL Server 2016
Expert summit SQL Server 2016
 
JoTechies - Azure SQL DB
JoTechies - Azure SQL DBJoTechies - Azure SQL DB
JoTechies - Azure SQL DB
 
Novidades do SQL Server 2016
Novidades do SQL Server 2016Novidades do SQL Server 2016
Novidades do SQL Server 2016
 
SQL Server Ground to Cloud.pptx
SQL Server Ground to Cloud.pptxSQL Server Ground to Cloud.pptx
SQL Server Ground to Cloud.pptx
 
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATAEXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
 
SQL Server 2016 - Always On.pptx
SQL Server 2016 - Always On.pptxSQL Server 2016 - Always On.pptx
SQL Server 2016 - Always On.pptx
 
Sqrrl and Accumulo
Sqrrl and AccumuloSqrrl and Accumulo
Sqrrl and Accumulo
 
Day2
Day2Day2
Day2
 
Azure Data platform
Azure Data platformAzure Data platform
Azure Data platform
 
Keeping Private Data Private
Keeping Private Data PrivateKeeping Private Data Private
Keeping Private Data Private
 
Secure and efficient skyline queries on encrypted data
Secure and efficient skyline queries on encrypted dataSecure and efficient skyline queries on encrypted data
Secure and efficient skyline queries on encrypted data
 
Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...
Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...
Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Sql 2016 - What's New
Sql 2016 - What's NewSql 2016 - What's New
Sql 2016 - What's New
 
What's new in SQL Server 2016
What's new in SQL Server 2016What's new in SQL Server 2016
What's new in SQL Server 2016
 

More from George Walters

Customer migration to Azure SQL database, December 2019
Customer migration to Azure SQL database, December 2019Customer migration to Azure SQL database, December 2019
Customer migration to Azure SQL database, December 2019
George Walters
 
Inclusion in language and action
Inclusion in language and actionInclusion in language and action
Inclusion in language and action
George Walters
 
Sql server 2019 new features
Sql server 2019 new featuresSql server 2019 new features
Sql server 2019 new features
George Walters
 
Azure SQL Database Managed Instance - technical overview
Azure SQL Database Managed Instance - technical overviewAzure SQL Database Managed Instance - technical overview
Azure SQL Database Managed Instance - technical overview
George Walters
 
Working at Microsoft, Certifications, and Diversity
Working at Microsoft, Certifications, and DiversityWorking at Microsoft, Certifications, and Diversity
Working at Microsoft, Certifications, and Diversity
George Walters
 
Customer migration to azure sql database from on-premises SQL, for a SaaS app...
Customer migration to azure sql database from on-premises SQL, for a SaaS app...Customer migration to azure sql database from on-premises SQL, for a SaaS app...
Customer migration to azure sql database from on-premises SQL, for a SaaS app...
George Walters
 
Organizational compliance and security SQL 2012-2019 by George Walters
Organizational compliance and security SQL 2012-2019 by George WaltersOrganizational compliance and security SQL 2012-2019 by George Walters
Organizational compliance and security SQL 2012-2019 by George Walters
George Walters
 
Microsoft SQL server 2017 Level 300 technical deck
Microsoft SQL server 2017 Level 300 technical deckMicrosoft SQL server 2017 Level 300 technical deck
Microsoft SQL server 2017 Level 300 technical deck
George Walters
 

More from George Walters (8)

Customer migration to Azure SQL database, December 2019
Customer migration to Azure SQL database, December 2019Customer migration to Azure SQL database, December 2019
Customer migration to Azure SQL database, December 2019
 
Inclusion in language and action
Inclusion in language and actionInclusion in language and action
Inclusion in language and action
 
Sql server 2019 new features
Sql server 2019 new featuresSql server 2019 new features
Sql server 2019 new features
 
Azure SQL Database Managed Instance - technical overview
Azure SQL Database Managed Instance - technical overviewAzure SQL Database Managed Instance - technical overview
Azure SQL Database Managed Instance - technical overview
 
Working at Microsoft, Certifications, and Diversity
Working at Microsoft, Certifications, and DiversityWorking at Microsoft, Certifications, and Diversity
Working at Microsoft, Certifications, and Diversity
 
Customer migration to azure sql database from on-premises SQL, for a SaaS app...
Customer migration to azure sql database from on-premises SQL, for a SaaS app...Customer migration to azure sql database from on-premises SQL, for a SaaS app...
Customer migration to azure sql database from on-premises SQL, for a SaaS app...
 
Organizational compliance and security SQL 2012-2019 by George Walters
Organizational compliance and security SQL 2012-2019 by George WaltersOrganizational compliance and security SQL 2012-2019 by George Walters
Organizational compliance and security SQL 2012-2019 by George Walters
 
Microsoft SQL server 2017 Level 300 technical deck
Microsoft SQL server 2017 Level 300 technical deckMicrosoft SQL server 2017 Level 300 technical deck
Microsoft SQL server 2017 Level 300 technical deck
 

Recently uploaded

Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
ewymefz
 
Empowering Data Analytics Ecosystem.pptx
Empowering Data Analytics Ecosystem.pptxEmpowering Data Analytics Ecosystem.pptx
Empowering Data Analytics Ecosystem.pptx
benishzehra469
 
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
u86oixdj
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
ewymefz
 
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
vcaxypu
 
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
slg6lamcq
 
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
oz8q3jxlp
 
一比一原版(CBU毕业证)卡普顿大学毕业证如何办理
一比一原版(CBU毕业证)卡普顿大学毕业证如何办理一比一原版(CBU毕业证)卡普顿大学毕业证如何办理
一比一原版(CBU毕业证)卡普顿大学毕业证如何办理
ahzuo
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year Rebound
Oppotus
 
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
AbhimanyuSinha9
 
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Subhajit Sahu
 
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
Tiktokethiodaily
 
SOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape ReportSOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape Report
SOCRadar
 
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
ahzuo
 
一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单
enxupq
 
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
John Andrews
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Boston Institute of Analytics
 
Adjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTESAdjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTES
Subhajit Sahu
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
ewymefz
 

Recently uploaded (20)

Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
 
Empowering Data Analytics Ecosystem.pptx
Empowering Data Analytics Ecosystem.pptxEmpowering Data Analytics Ecosystem.pptx
Empowering Data Analytics Ecosystem.pptx
 
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
 
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
 
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
 
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
 
一比一原版(CBU毕业证)卡普顿大学毕业证如何办理
一比一原版(CBU毕业证)卡普顿大学毕业证如何办理一比一原版(CBU毕业证)卡普顿大学毕业证如何办理
一比一原版(CBU毕业证)卡普顿大学毕业证如何办理
 
Q1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year ReboundQ1’2024 Update: MYCI’s Leap Year Rebound
Q1’2024 Update: MYCI’s Leap Year Rebound
 
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
 
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
 
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
 
SOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape ReportSOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape Report
 
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
 
一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单一比一原版(QU毕业证)皇后大学毕业证成绩单
一比一原版(QU毕业证)皇后大学毕业证成绩单
 
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
 
Adjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTESAdjusting primitives for graph : SHORT REPORT / NOTES
Adjusting primitives for graph : SHORT REPORT / NOTES
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
 

Organizational compliance and security in Microsoft SQL 2012-2016

  • 1. SQL 2012 - 2016 Organizational Security & Compliance George Walters Senior Technology Solutions Professional Data Platform george.walters@microsoft.com @gwalters69 on twitter
  • 2.
  • 3. SQL Server 2016: Everything built-in The above graphics were published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Consistent experience from on-premises to cloud Microsoft Tableau Oracle $120 $480 $2,230 Self-service BI per user In-memoryacrossall workloads built-inbuilt-in built-in built-in built-in TPC-H 10TB non-clustered results as of 04/06/15, 5/04/15, 4/15/14 and 11/25/13, respectively. http://www.tpc.org/tpch/results/tpch_perf_results.asp?resulttype=noncluster at massive scale 0 1 4 0 0 3 34 29 22 15 5 22 6 43 20 69 18 49 3 0 10 20 30 40 50 60 70 80 2010 2011 2012 2013 2014 2015 SQL Server Oracle MySQL SAP HANA TPC-H Oracle is #5#2 SQL Server #1 SQL Server #3 SQL Server National Institute of Standards and Technology Comprehensive Vulnerability Database update 10/2015 3
  • 4. Progress on SQL Engine security … A Journey through time 4
  • 5.
  • 6. ASE256 for backup keys SHA512 for password hashes Built-in cryptography hierarchy Transparent data encryption Extensible key management Sign code modules Encrypted connection on-premises and in Azure SQL database Audit, TDE, Always Encrypted in Azure SQL database
  • 7.
  • 8. USE master; GO CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<UseStrongPasswordHere>'; Go CREATE CERTIFICATE MyServerCert WITH SUBJECT = 'My DEK Certificate'; go USE AdventureWorks2012; GO CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE MyServerCert; GO ALTER DATABASE AdventureWorks2012 SET ENCRYPTION ON; GO
  • 9. allow flexible database access for better separation of duties
  • 10.
  • 11. Performance Security Availability Scalability Operational analytics Insights on operational data; Works with in-memory OLTP and disk-based OLTP In-memory OLTP enhancements Greater T-SQL surface area, terabytes of memory supported, and greater number of parallel CPUs Query data store Monitor and optimize query plans Native JSON Expanded support for JSON data Temporal database support Query data as points in time Always encrypted Sensitive data remains encrypted at all times with ability to query Row-level security Apply fine-grained access control to table rows Dynamic data masking Real-time obfuscation of data to prevent unauthorized access Other enhancements Audit success/failure of database operations TDE support for storage of in- memory OLTP tables Enhanced auditing for OLTP with ability to track history of record changes Enhanced AlwaysOn Three synchronous replicas for auto failover across domains Round robin load balancing of replicas Automatic failover based on database health DTC for transactional integrity across database instances with AlwaysOn Support for SSIS with AlwaysOn Enhanced database caching Cache data with automatic, multiple TempDB files per instance in multi- core environments Mission-critical performance
  • 12. Always Encrypted SQL Server 2016 Azure SQL Database
  • 13. Prevents Data Disclosure Client-side encryption of sensitive data using keys that are never given to the database system. Queries on Encrypted Data Support for equality comparison, incl. join, group by and distinct operators. Application Transparency Minimal application changes via server and client library enhancements. Allows customers to securely store sensitive data outside of their trust boundary. Data remains protected from high-privileged, yet unauthorized users. Benefits of Always Encrypted
  • 14. dbo.Patients Jane Doe Name 243-24-9812 SSN USA Country Jim Gray 198-33-0987 USA John Smith 123-82-1095 USA dbo.Patients Jane Doe Name 1x7fg655se2e SSN USA Jim Gray 0x7ff654ae6d USA John Smith 0y8fj754ea2c USA Country Result Set Jim Gray Name Jane Doe Name 1x7fg655se2e SSN USA Country Jim Gray 0x7ff654ae6d USA John Smith 0y8fj754ea2c USA dbo.Patients SQL Server Query TrustedApps SELECT Name FROM Patients WHERE SSN=@SSN @SSN='198-33-0987' Result Set Jim Gray Name SELECT Name FROM Patients WHERE SSN=@SSN @SSN=0x7ff654ae6d Column Encryption Key Enhanced ADO.NET Library Column Master Key Client side Always Encrypted Help protect data at rest and in motion, on-premises & cloud ciphertext
  • 15. Randomized encryption Encrypt('123-45-6789') = 0x17cfd50a Repeat: Encrypt('123-45-6789') = 0x9b1fcf32 Allows for transparent retrieval of encrypted data but NO operations More secure Deterministic encryption Encrypt('123-45-6789') = 0x85a55d3f Repeat: Encrypt('123-45-6789') = 0x85a55d3f Allows for transparent retrieval of encrypted data AND equality comparison E.g. in WHERE clauses and joins, distinct, group by Two types of encryption available Randomized encryption uses a method that encrypts data in a less predictable manner Deterministic encryption uses a method which always generates the same encrypted value for any given plain text value Types of Encryption for Always Encrypted
  • 16. Security Officer 1. Generate CEKs and Master Key 2. Encrypt CEK 3. Store Master Key Securely 4. Upload Encrypted CEK to DB CMK Store: Certificate Store HSM Azure Key Vault … Encrypted CEK Column Encryption Key (CEK) Column Master Key (CMK) Key Provisioning CMK Database Encrypted CEK
  • 17. Param Encryption Type/ Algorithm Encrypted CEK Value CMK Store Provider Name CMK Path @Name Non-DET/ AES 256 CERTIFICATE _STORE Current User/ My/f2260… EXEC sp_execute_sql N'SELECT * FROM Customers WHERE SSN = @SSN' , @params = N'@SSN VARCHAR(11)', @SSN=0x7ff654ae6d Param Encryption Type/ Algorithm Encrypted CEK Value CMK Store Provider Name CMK Path @SSN DET/ AES 256 CERTIFICATE _STORE Current User/ My/f2260… Enhanced ADO.NET Plaintext CEK Cache exec sp_describe_parameter_encryption @params = N'@SSN VARCHAR(11)' , @tsql = N'SELECT * FROM Customers WHERE SSN = @SSN' Result set (ciphertext) Name Jim Gray Result set (plaintext) using (SqlCommand cmd = new SqlCommand( "SELECT Name FROM Customers WHERE SSN = @SSN“ , conn)) { cmd.Parameters.Add(new SqlParameter( "@SSN", SqlDbType.VarChar, 11).Value = "111-22-3333"); SqlDataReader reader = cmd.ExecuteReader(); Client - Trusted SQL Server - Untrusted Encryptionmetadata Name 0x19ca706fbd9 Encryptionmetadata CMK Store Example
  • 18. Select columns to be encrypted Analyze schema and application queries to detect conflicts (build time)Set up the keys: master & CEK Static schema analysis tool (SSDT only) UI for selecting columns (no automated data classification) Key setup tool to automate selecting CMK, generating and encrypting CEK and uploading key metadata to the database Setup (SSMS or SSDT) User Experience: SSMS or SSDT (Visual Studio)
  • 19. Existing App – Setup User Experience: SSMS or SSDT (Visual Studio) UI for selecting columns (no automated data classification) Select candidate columns to be encrypted Analyze schema and application queries to detect conflicts and identify optimal encryption settings Set up the keys Encrypt selected columns while migrating the database to a target server (e.g. in Azure SQL Database Key Setup tool to streamline selecting CMK, generating and encrypting CEK and uploading key metadata to the database Encryption tool creating new (encrypted) columns, copying data from old (plain text) columns, swapping columns and re- creating dependencies Select desired encryption settings for selected columns UI for configuring encryption settings on selected columns (accepting/editing recommendations from the analysis tool) Schema/workload analysis tool analyzing the schema and profiler logs
  • 20. Data remains encrypted during query Summary: Always encrypted Protect data at rest and in motion, on-premises & cloud Capability ADO.Net client library provides transparent client-side encryption, while SQL Server executes T-SQL queries on encrypted data Benefits Apps TCE-enabled ADO .NET library SQL ServerEncrypted query Columnar key No app changes Master key
  • 21. Row-Level Security SQL Server 2016 Azure SQL Database
  • 22. Fine-grained access control over specific rows in a database table Help prevent unauthorized access when multiple users share the same tables, or to implement connection filtering in multitenant applications Administer via SQL Server Management Studio or SQL Server Data Tools Enforcement logic inside the database and schema bound to the table. Protect data privacy by ensuring the right access across rows SQL Database Customer 1 Customer 2 Customer 3 Row-level security
  • 23. Fine-grained access control Keeping multi-tenant databases secure by limiting access by other users who share the same tables. Application transparency RLS works transparently at query time, no app changes needed. Compatible with RLS in other leading products. Centralized security logic Enforcement logic resides inside database and is schema-bound to the table it protects providing greater security. Reduced application maintenance and complexity. Store data intended for many consumers in a single database/table while at the same time restricting row-level read & write access based on users’ execution context. Benefits of row-level security
  • 24. CREATE SECURITY POLICY mySecurityPolicy ADD FILTER PREDICATE dbo.fn_securitypredicate(wing, startTime, endTime) ON dbo.patients Predicate function User-defined inline table-valued function (iTVF) implementing security logic Can be arbitrarily complicated, containing joins with other tables Security predicate Applies a predicate function to a particular table (SEMIJOIN APPLY) Two types: filter predicates and blocking predicates Security policy Collection of security predicates for managing security across multiple tables Row Level Security Concepts
  • 25. CREATE FUNCTION dbo.fn_securitypredicate(@wing int) RETURNS TABLE WITH SCHEMABINDING AS return SELECT 1 as [fn_securitypredicate_result] FROM StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND @wing = d.Wing; CREATE SECURITY POLICY dbo.SecPol ADD FILTER PREDICATE dbo.fn_securitypredicate(Wing) ON Patients WITH (STATE = ON) Fine-grained access control over rows in a table based on one or more pre-defined filtering criteria, e.g., user’s role or clearance level in organization. Concepts: Predicate function Security policy Example
  • 26. Two App user (e.g., nurse) selects from Patients table Three Security Policy transparently rewrites query to apply filter predicate Database Policy Manager CREATE FUNCTION dbo.fn_securitypredicate(@wing int) RETURNS TABLE WITH SCHEMABINDING AS return SELECT 1 as [fn_securitypredicate_result] FROM StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND @wing = d.Wing; CREATE SECURITY POLICY dbo.SecPol ADD FILTER PREDICATE dbo.fn_securitypredicate(Wing) ON Patients WITH (STATE = ON) Filter Predicate: INNER JOIN… Security Policy Application Patients One Policy manager creates filter predicate and security policy in T-SQL, binding the predicate to the Patients table Nurse SELECT * FROM Patients SELECT * FROM Patients SEMIJOIN APPLY dbo.fn_securitypredicate(patients.Wing); SELECT Patients.* FROM Patients, StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND Patients.wing = d.Wing; RLS in Three Steps
  • 27. Creates a security policy for row level security. The following examples demonstrate the use of the CREATE SECURITY POLICY syntax. For an example of a complete security policy scenario, see Row Level Security. Create Security Policy -- The following syntax creates a security policy with a filter predicate for the Customer table, and leaves the security policy disabled CREATE SECURITY POLICY [FederatedSecurityPolicy] ADD FILTER PREDICATE [rls].[fn_securitypredicate]([CustomerId]) ON [dbo].[Customer]; -- Create a new schema and predicate function, which will use the application user ID stored in CONTEXT_INFO to filter rows. CREATE FUNCTION rls.fn_securitypredicate (@AppUserId int) RETURNS TABLE WITH SCHEMABINDING AS RETURN ( SELECT 1 AS fn_securitypredicate_result WHERE DATABASE_PRINCIPAL_ID() = DATABASE_PRINCIPAL_ID('dbo') -- application context AND CONTEXT_INFO() = CONVERT(VARBINARY(128), @AppUserId); GO
  • 28. Dynamic Data Masking SQL Server 2016 Azure SQL Database
  • 29. Configuration made easy in the new Azure portal Policy-driven at the table and column level, for a defined set of users Data masking applied in real-time to query results based on policy Multiple masking functions available (e.g. full, partial) for various sensitive data categories (e.g. Credit Card Numbers, SSN, etc.) Azure SQL Database SQL Server 2016 CTP2+ Table.CreditCardNo 4465-6571-7868-5796 4468-7746-3848-1978 4484-5434-6858-6550 Real-time data masking; partial masking Dynamic Data Masking Prevent the abuse of sensitive data by hiding it from users
  • 30. Audit success/failure of database operations Enhanced auditing for OLTP with ability to track history of record changes Transparent Data Encryption support for storage of In- memory OLTP Tables Backup encryption now supported with compression Other security enhancements
  • 31. MSDN Documentation https://msdn.microsoft.com/en-us/library/dn765131.aspx Security Center for SQL Server Database & SQL Database https://msdn.microsoft.com/en-us/bb510589.aspx SQL Server Security Blog Additional examples, useful tips and tricks http://blogs.msdn.com/b/sqlsecurity/ SQL Server Label Security Toolkit Updated version to take advantage of RLS http://sqlserverlst.codeplex.com/ Security resources
  • 32. PolyBase SQL Server Hadoop T-SQL query • Manage structured & unstructured data • Simple T-SQL to query Hadoop (HDFS) • JSON support Quote: $658.39 Stretch database App Microsoft Azure Query Customer data Product data Order History Stretch to cloud  • Data is encrypted & queryable • Save money & improve customer experience • No application changes Learn more! www.microsoft.com/ SQLServer2016 Order history Name SSN Date Philip Wenger cm61ba906fd 2/28/2005 Denny Usher ox7ff654ae6d 3/18/2005 Alicia Hodge i2y36cg776rg 4/10/2005 Alta Levy nx290pldo90l 4/27/2005 Dionne Hardin ypo85ba616rj 5/12/2005 Kristy Flowers bns51ra806fd 5/22/2005 Sara Wiley mci12hh906fj 6/07/2005 Whitney Lang utb76b916gi 6/18/2014 Lorenzo Olds px61hi9306fj 7/1/2014 Sophie Cook ol43bi506gd 7/12/2014 Aida Durham tx83hal916fi 7/29/2014 Name DOB State Denny Usher 11/13/58 WA Gina Burch 04/29/76 WA Real-time operational analytics 0100101010110 ETL In-memory ColumnStore In-memory OLTP Real-time business problem detection 2-24 hrs • Up to 30x faster transactions with in-memory OLTP • Queries from minutes to seconds In-database Advanced Analytics R built-in to SQL Server Mission critical OLTP • R built-in to your T-SQL • Real-time operational analytics without moving the data • Open source R with in-memory & massive scale – multi-threading and massive parallel processing End-to-end mobile BI • In-memory built-in • Real-time with direct query capabilities • Powerful modeling with 250+ built-in analytical functions • Mobile reports with online & offline access • Modern data visualizations with Reporting Services or Power BI Highest performing data warehouse SMP MPP Petabyte- scale Data marts Azure SQL Data Warehouse MPP SQL Server SQL Server + Analytics Platform System Data marts Petabyte- scale SMP • Scale to MPP on-premises & in the cloud • Simple T-SQL to manage structured and unstructured data • ½ the cost of Oracle Exadata SQL Server in Azure VM Always Encrypted App SELECT Name FROM Patients WHERE SSN=@SSN @SSN='198-33-0987' SQL Server Column Master Key Query Column Encryption Key Enhanced ADO.NET Library Denny Usher Name 198-33-0987 SSN USA Country Result Set Philip Wegner Name 1x7fg655se2e SSN USA Country Denny Usher 0x7ff654ae6d USA Alicia Hodge 0y8fj754ea2c USA dbo.Patients Denny Usher Name 0x7ff654ae6d SSN USA Country Result Set SELECT Name FROM Patients WHERE SSN=@SSN @SSN=0x7ff654ae6d • Protect data at rest and in motion • Without impacting database performance Trusted On-premises Cloud