The compliance and security aspects of SQL Server, and the greater platform, are covered here. This goes through CTP 2.3 of SQL 2019. I start with the history of security in SQL Server, from the changes with SQL 2005, then into SQL 2008, 2008r2, 2012, 2014, 2016, 2017. We cover the requirement for installation, auditing, encryption, compliance, and so forth.
This presentation shows new features in SQL 2019, and a recap of features from SQL 2000 through 2017 as well. You would be wise to hear someone from Microsoft deliver this material.
The document outlines the roadmap for SQL Server, including enhancements to performance, security, availability, development tools, and big data capabilities. Key updates include improved intelligent query processing, confidential computing with secure enclaves, high availability options on Kubernetes, machine learning services, and tools in Azure Data Studio. The roadmap aims to make SQL Server the most secure, high performing, and intelligent data platform across on-premises, private cloud and public cloud environments.
Sql server 2019 New Features by Yevhen NedaskivskyiAlex Tumanoff
SQL Server 2019 introduces several new high availability and disaster recovery features such as support for up to 5 synchronous replicas in an Always On availability group and improved connection redirection capabilities. It also enhances PolyBase integration and provides new options for certificate management across instances. Additional new features include support for persistent memory, columnstore index improvements, and resumable online index operations.
Odessa .net-user-group-sql-server-2019-hidden-gems by Denis ReznikAlex Tumanoff
This document discusses hidden gems in SQL Server 2019, including lightweight query profiling, DBCC PAGE, dm_os_host_info, dm_os_schedulers, and QUERY OPTIMIZER COMPATIBILITY LEVEL. It provides demos of these lesser known features and notes that the string truncation error message is one of the most well-known hidden features. The author concludes that more hidden features will continue to be added to SQL Server.
A preview into SQL Server 2019 from Bob, Asad and my presentation at PASS Summit 2018 (Nov '18). We provided insights into what our public preview builds for SQL Server 2019 had in November.
Here are a few questions I have after the material covered so far:
1. What is the difference between the compute pool and app pool in a SQL Server 2019 big data cluster?
2. How does Polybase work differently in a SQL Server 2019 big data cluster compared to a traditional Polybase setup?
3. What components make up the storage pool in a SQL Server 2019 big data cluster?
This document summarizes the key features and capabilities of SQL Server 2017. It highlights that SQL Server 2017 runs on Linux and Docker in addition to Windows, supports graph queries and advanced machine learning with R and Python, and features adaptive query processing for improved performance. The document also discusses SQL Server 2017's abilities around data management, analytics, security, and its role in enabling hybrid cloud solutions with Microsoft Azure.
- The document provides an overview of SQL Server 2019 Master Data Service (MDS), including what MDS is, its components, how to develop MDS models, integrate MDS with other systems, and administer MDS.
- Key topics covered include MDS architecture, the MDS repository, model development features like entities, attributes, hierarchies and business rules, management features like versioning and changesets, and integration methods like staging tables and views.
- The session aims to explain what MDS is, how to install, configure and use MDS for projects, but does not cover programming with master data, high availability, or migration from prior versions.
This presentation shows new features in SQL 2019, and a recap of features from SQL 2000 through 2017 as well. You would be wise to hear someone from Microsoft deliver this material.
The document outlines the roadmap for SQL Server, including enhancements to performance, security, availability, development tools, and big data capabilities. Key updates include improved intelligent query processing, confidential computing with secure enclaves, high availability options on Kubernetes, machine learning services, and tools in Azure Data Studio. The roadmap aims to make SQL Server the most secure, high performing, and intelligent data platform across on-premises, private cloud and public cloud environments.
Sql server 2019 New Features by Yevhen NedaskivskyiAlex Tumanoff
SQL Server 2019 introduces several new high availability and disaster recovery features such as support for up to 5 synchronous replicas in an Always On availability group and improved connection redirection capabilities. It also enhances PolyBase integration and provides new options for certificate management across instances. Additional new features include support for persistent memory, columnstore index improvements, and resumable online index operations.
Odessa .net-user-group-sql-server-2019-hidden-gems by Denis ReznikAlex Tumanoff
This document discusses hidden gems in SQL Server 2019, including lightweight query profiling, DBCC PAGE, dm_os_host_info, dm_os_schedulers, and QUERY OPTIMIZER COMPATIBILITY LEVEL. It provides demos of these lesser known features and notes that the string truncation error message is one of the most well-known hidden features. The author concludes that more hidden features will continue to be added to SQL Server.
A preview into SQL Server 2019 from Bob, Asad and my presentation at PASS Summit 2018 (Nov '18). We provided insights into what our public preview builds for SQL Server 2019 had in November.
Here are a few questions I have after the material covered so far:
1. What is the difference between the compute pool and app pool in a SQL Server 2019 big data cluster?
2. How does Polybase work differently in a SQL Server 2019 big data cluster compared to a traditional Polybase setup?
3. What components make up the storage pool in a SQL Server 2019 big data cluster?
This document summarizes the key features and capabilities of SQL Server 2017. It highlights that SQL Server 2017 runs on Linux and Docker in addition to Windows, supports graph queries and advanced machine learning with R and Python, and features adaptive query processing for improved performance. The document also discusses SQL Server 2017's abilities around data management, analytics, security, and its role in enabling hybrid cloud solutions with Microsoft Azure.
- The document provides an overview of SQL Server 2019 Master Data Service (MDS), including what MDS is, its components, how to develop MDS models, integrate MDS with other systems, and administer MDS.
- Key topics covered include MDS architecture, the MDS repository, model development features like entities, attributes, hierarchies and business rules, management features like versioning and changesets, and integration methods like staging tables and views.
- The session aims to explain what MDS is, how to install, configure and use MDS for projects, but does not cover programming with master data, high availability, or migration from prior versions.
SQL Server 2016 introduces several new features for In-Memory OLTP including support for up to 2 TB of user data in memory, system-versioned tables, row-level security, and Transparent Data Encryption. The in-memory processing has also been updated to support more T-SQL functionality such as foreign keys, LOB data types, outer joins, and subqueries. The garbage collection process for removing unused memory has also been improved.
TriggerDB Consulting SRL is an Argentina-based company founded by Maximiliano Accotto, an expert in Microsoft SQL Server and BI. They provide consulting, support, and training services for technologies like SQL Server, analytics, and PowerBI. Their 15+ years of experience and over 150 clients in the region have made them a leader in SQL Server, analytics, and PowerBI consulting services.
Discovery Day 2019 Sofia - Big data clustersIvan Donev
This document provides an overview of the architecture and components of SQL Server 2019 Big Data Clusters. It describes the key Kubernetes concepts used in Big Data Clusters like pods, services, and nodes. It then explains the different planes (control, compute, data) and nodes that make up a Big Data Cluster and their roles. Components in each plane like the SQL master instance, compute pools, storage pools, and data pools are also outlined.
SQL Server 2017 Deep Dive - @Ignite 2017Travis Wright
This was a presentation given at Ignite 2017 on SQL Server 2017. It covers the main new capabilities of SQL Server 2017. The video recording of the session is available here: https://myignite.microsoft.com/sessions/54946?source=sessions
Discovery Day 2019 Sofia - What is new in SQL Server 2019Ivan Donev
This document summarizes new features in SQL Server 2019 including:
- Support for big data analytics using SQL Server, Spark, and data lakes for high volume data storage and access.
- Enhanced data virtualization capabilities to combine data from multiple sources.
- An integrated AI platform to ingest, prepare, train, store, and operationalize machine learning models.
- Improved security, performance, and high availability features like Always Encrypted with secure enclaves and accelerated database recovery.
- Continued improvements based on community feedback.
SQL Server 2016 Everything built-in FULL deckHamid J. Fard
SQL Server 2016 provides everything built-in, including advanced analytics, business intelligence, operational analytics, and data warehousing capabilities. It delivers a consistent experience from on-premises to cloud and hybrid cloud environments. SQL Server 2016 represents the best release in the product's history with continuous innovation and a cloud-first approach.
Temporal Tables, Transparent Archiving in DB2 for z/OS and IDAACuneyt Goksu
The document discusses several data archiving solutions for z/OS systems including temporal tables, transparent archiving, and IDAA technology. Temporal tables allow querying and updating historical data using system time periods. Transparent archiving moves old data to other storage platforms while still allowing dynamic queries. IDAA provides accelerated query performance for temporal tables by routing queries to an accelerator system. The solutions can be combined for different use cases depending on data retention and access needs.
The document discusses how businesses need to build a data strategy and modernize their data platforms to harness the power of data from diverse and growing sources. It provides examples of how organizations like healthcare and energy companies are using technologies like machine learning, real-time analytics, and predictive modeling on data from various sources to improve outcomes, predict trends, and drive business decisions. The Microsoft data platform is positioned as helping businesses manage both traditional and new forms of data, gain insights faster, and transform into data-driven organizations through offerings like SQL Server, Azure, Power BI, and the Internet of Things.
Bi and AI updates in the Microsoft Data Platform stackIvan Donev
This document provides an overview and agenda for a presentation on new features in the Microsoft data platform universe including SQL Server, Azure, and Power BI, with a focus on business intelligence (BI) and artificial intelligence (AI).
The presentation covers new features in SQL Server 2019 for BI like calculation groups and dynamic formatting in Analysis Services tabular mode. It also highlights important updates in Azure including new serverless and hyperscale options for Azure SQL Database, updates to data ingestion and storage with Azure Data Factory v2 and Azure Data Lake Gen 2, and changes to data modeling, preparation, and serving capabilities in Azure SQL Data Warehouse.
The document concludes by discussing options for incorporating AI and machine learning into BI solutions using either
Here are the slides for my talk "An intro to Azure Data Lake" at Techorama NL 2018. The session was held on Tuesday October 2nd from 15:00 - 16:00 in room 7.
This document summarizes key components of Microsoft Azure's data platform, including SQL Database, NoSQL options like Azure Tables, Blob Storage, and Azure Files. It provides an overview of each service, how they work, common use cases, and demos of creating resources and accessing data. The document is aimed at helping readers understand Azure's database and data storage options for building cloud applications.
The document provides an overview and summary of new features in Microsoft SQL Server 2016. It discusses enhancements to the database engine, in-memory OLTP, columnstore indexes, R services, high availability, security, and Reporting Services. Key highlights include support for up to 2TB of durable memory-optimized tables, increased index key size limits, temporal data support, row-level security, and improved integration with Azure and Power BI capabilities. The presentation aims to help users understand and leverage the new and improved features in SQL Server 2016.
SQL Server 2016 is now in review! The newest version promises to deliver new real-time, built-in advanced analytics, advanced security technology, hybrid cloud scenarios as well as amazing rich visualizations on mobile devices.
There are many great reasons to move to SQL 2016, however if you are still working on SQL Server 2005 you may have another good motivator - the end-of-life clock of SQL 2005 is ticking down and support is about to end April 12, 2016.
In this deck we review the significant licensing changes introduced with SQL 2012. If our experience as Microsoft's Gold Certified Member has taught us anything - it is one thing. During migrations many of our clients get outright lost when trying to figure out the number of licenses they have or need. This often leads to under-deployment, and subsequently serious compliance issues with Microsoft. And yes, in some cases over-deployment means big savings back to your department.
This document summarizes new features in SQL Server 2016 for SQL Server Integration Services (SSIS), Master Data Services (MDS), Data Quality Services (DQS), Analysis Services (SSAS), and Reporting Services (SSRS). For SSIS, new features include auto-adjusting buffer size, an Azure feature pack, and incremental package deployment. For MDS, improvements include longer attribute names, composite indexes, and entity synchronization. For SSAS, enhancements focus on performance, consistency, and new DAX functions. For SSRS, additions center around treemap/sunburst charts, custom parameters, and HTML5 rendering.
This document provides an overview of Azure Databricks, including:
- Azure Databricks is an Apache Spark-based analytics platform optimized for Microsoft Azure cloud services. It includes Spark SQL, streaming, machine learning libraries, and integrates fully with Azure services.
- Clusters in Azure Databricks provide a unified platform for various analytics use cases. The workspace stores notebooks, libraries, dashboards, and folders. Notebooks provide a code environment with visualizations. Jobs and alerts can run and notify on notebooks.
- The Databricks File System (DBFS) stores files in Azure Blob storage in a distributed file system accessible from notebooks. Business intelligence tools can connect to Databricks clusters via JDBC
Data Integration through Data Virtualization (SQL Server Konferenz 2019)Cathrine Wilhelmsen
Data Integration through Data Virtualization - PolyBase and new SQL Server 2019 Features (Presented at SQL Server Konferenz 2019 on February 21st, 2019)
An overview of the new features available in SQL Server 2016 including Stretch Database, Always Encrypted, Data Masking, In Memory Operational Analytics and more.
This document provides an introduction and overview of Azure Data Lake. It describes Azure Data Lake as a single store of all data ranging from raw to processed that can be used for reporting, analytics and machine learning. It discusses key Azure Data Lake components like Data Lake Store, Data Lake Analytics, HDInsight and the U-SQL language. It compares Data Lakes to data warehouses and explains how Azure Data Lake Store, Analytics and U-SQL process and transform data at scale.
The document provides information about an upcoming SQL Saturday event on June 1, 2013 focused on SQL Server 2012 Integration Services for beginners. It includes an agenda for the event that covers topics such as an introduction to SSIS, SSIS tools, variables, parameters, expressions, SSIS tasks, containers, and data flows. The speaker is then introduced, which details his experience and qualifications.
This document provides an overview of Always Encrypted in Microsoft SQL Server 2016, which allows customers to securely store sensitive data outside of their trust boundary while protecting data from highly privileged users. Key capabilities of Always Encrypted include client-side encryption of sensitive data using keys never provided to the database system and support for queries on encrypted data, with minimal application changes required.
Organizational compliance and security in Microsoft SQL 2012-2016George Walters
Organizational compliance and security in Microsoft SQL 2012-2016. This covers encryption at rest and in transit, securing data, application design considerations, Audit, and T-SQL to help you get compliant.
SQL Server 2016 introduces several new features for In-Memory OLTP including support for up to 2 TB of user data in memory, system-versioned tables, row-level security, and Transparent Data Encryption. The in-memory processing has also been updated to support more T-SQL functionality such as foreign keys, LOB data types, outer joins, and subqueries. The garbage collection process for removing unused memory has also been improved.
TriggerDB Consulting SRL is an Argentina-based company founded by Maximiliano Accotto, an expert in Microsoft SQL Server and BI. They provide consulting, support, and training services for technologies like SQL Server, analytics, and PowerBI. Their 15+ years of experience and over 150 clients in the region have made them a leader in SQL Server, analytics, and PowerBI consulting services.
Discovery Day 2019 Sofia - Big data clustersIvan Donev
This document provides an overview of the architecture and components of SQL Server 2019 Big Data Clusters. It describes the key Kubernetes concepts used in Big Data Clusters like pods, services, and nodes. It then explains the different planes (control, compute, data) and nodes that make up a Big Data Cluster and their roles. Components in each plane like the SQL master instance, compute pools, storage pools, and data pools are also outlined.
SQL Server 2017 Deep Dive - @Ignite 2017Travis Wright
This was a presentation given at Ignite 2017 on SQL Server 2017. It covers the main new capabilities of SQL Server 2017. The video recording of the session is available here: https://myignite.microsoft.com/sessions/54946?source=sessions
Discovery Day 2019 Sofia - What is new in SQL Server 2019Ivan Donev
This document summarizes new features in SQL Server 2019 including:
- Support for big data analytics using SQL Server, Spark, and data lakes for high volume data storage and access.
- Enhanced data virtualization capabilities to combine data from multiple sources.
- An integrated AI platform to ingest, prepare, train, store, and operationalize machine learning models.
- Improved security, performance, and high availability features like Always Encrypted with secure enclaves and accelerated database recovery.
- Continued improvements based on community feedback.
SQL Server 2016 Everything built-in FULL deckHamid J. Fard
SQL Server 2016 provides everything built-in, including advanced analytics, business intelligence, operational analytics, and data warehousing capabilities. It delivers a consistent experience from on-premises to cloud and hybrid cloud environments. SQL Server 2016 represents the best release in the product's history with continuous innovation and a cloud-first approach.
Temporal Tables, Transparent Archiving in DB2 for z/OS and IDAACuneyt Goksu
The document discusses several data archiving solutions for z/OS systems including temporal tables, transparent archiving, and IDAA technology. Temporal tables allow querying and updating historical data using system time periods. Transparent archiving moves old data to other storage platforms while still allowing dynamic queries. IDAA provides accelerated query performance for temporal tables by routing queries to an accelerator system. The solutions can be combined for different use cases depending on data retention and access needs.
The document discusses how businesses need to build a data strategy and modernize their data platforms to harness the power of data from diverse and growing sources. It provides examples of how organizations like healthcare and energy companies are using technologies like machine learning, real-time analytics, and predictive modeling on data from various sources to improve outcomes, predict trends, and drive business decisions. The Microsoft data platform is positioned as helping businesses manage both traditional and new forms of data, gain insights faster, and transform into data-driven organizations through offerings like SQL Server, Azure, Power BI, and the Internet of Things.
Bi and AI updates in the Microsoft Data Platform stackIvan Donev
This document provides an overview and agenda for a presentation on new features in the Microsoft data platform universe including SQL Server, Azure, and Power BI, with a focus on business intelligence (BI) and artificial intelligence (AI).
The presentation covers new features in SQL Server 2019 for BI like calculation groups and dynamic formatting in Analysis Services tabular mode. It also highlights important updates in Azure including new serverless and hyperscale options for Azure SQL Database, updates to data ingestion and storage with Azure Data Factory v2 and Azure Data Lake Gen 2, and changes to data modeling, preparation, and serving capabilities in Azure SQL Data Warehouse.
The document concludes by discussing options for incorporating AI and machine learning into BI solutions using either
Here are the slides for my talk "An intro to Azure Data Lake" at Techorama NL 2018. The session was held on Tuesday October 2nd from 15:00 - 16:00 in room 7.
This document summarizes key components of Microsoft Azure's data platform, including SQL Database, NoSQL options like Azure Tables, Blob Storage, and Azure Files. It provides an overview of each service, how they work, common use cases, and demos of creating resources and accessing data. The document is aimed at helping readers understand Azure's database and data storage options for building cloud applications.
The document provides an overview and summary of new features in Microsoft SQL Server 2016. It discusses enhancements to the database engine, in-memory OLTP, columnstore indexes, R services, high availability, security, and Reporting Services. Key highlights include support for up to 2TB of durable memory-optimized tables, increased index key size limits, temporal data support, row-level security, and improved integration with Azure and Power BI capabilities. The presentation aims to help users understand and leverage the new and improved features in SQL Server 2016.
SQL Server 2016 is now in review! The newest version promises to deliver new real-time, built-in advanced analytics, advanced security technology, hybrid cloud scenarios as well as amazing rich visualizations on mobile devices.
There are many great reasons to move to SQL 2016, however if you are still working on SQL Server 2005 you may have another good motivator - the end-of-life clock of SQL 2005 is ticking down and support is about to end April 12, 2016.
In this deck we review the significant licensing changes introduced with SQL 2012. If our experience as Microsoft's Gold Certified Member has taught us anything - it is one thing. During migrations many of our clients get outright lost when trying to figure out the number of licenses they have or need. This often leads to under-deployment, and subsequently serious compliance issues with Microsoft. And yes, in some cases over-deployment means big savings back to your department.
This document summarizes new features in SQL Server 2016 for SQL Server Integration Services (SSIS), Master Data Services (MDS), Data Quality Services (DQS), Analysis Services (SSAS), and Reporting Services (SSRS). For SSIS, new features include auto-adjusting buffer size, an Azure feature pack, and incremental package deployment. For MDS, improvements include longer attribute names, composite indexes, and entity synchronization. For SSAS, enhancements focus on performance, consistency, and new DAX functions. For SSRS, additions center around treemap/sunburst charts, custom parameters, and HTML5 rendering.
This document provides an overview of Azure Databricks, including:
- Azure Databricks is an Apache Spark-based analytics platform optimized for Microsoft Azure cloud services. It includes Spark SQL, streaming, machine learning libraries, and integrates fully with Azure services.
- Clusters in Azure Databricks provide a unified platform for various analytics use cases. The workspace stores notebooks, libraries, dashboards, and folders. Notebooks provide a code environment with visualizations. Jobs and alerts can run and notify on notebooks.
- The Databricks File System (DBFS) stores files in Azure Blob storage in a distributed file system accessible from notebooks. Business intelligence tools can connect to Databricks clusters via JDBC
Data Integration through Data Virtualization (SQL Server Konferenz 2019)Cathrine Wilhelmsen
Data Integration through Data Virtualization - PolyBase and new SQL Server 2019 Features (Presented at SQL Server Konferenz 2019 on February 21st, 2019)
An overview of the new features available in SQL Server 2016 including Stretch Database, Always Encrypted, Data Masking, In Memory Operational Analytics and more.
This document provides an introduction and overview of Azure Data Lake. It describes Azure Data Lake as a single store of all data ranging from raw to processed that can be used for reporting, analytics and machine learning. It discusses key Azure Data Lake components like Data Lake Store, Data Lake Analytics, HDInsight and the U-SQL language. It compares Data Lakes to data warehouses and explains how Azure Data Lake Store, Analytics and U-SQL process and transform data at scale.
The document provides information about an upcoming SQL Saturday event on June 1, 2013 focused on SQL Server 2012 Integration Services for beginners. It includes an agenda for the event that covers topics such as an introduction to SSIS, SSIS tools, variables, parameters, expressions, SSIS tasks, containers, and data flows. The speaker is then introduced, which details his experience and qualifications.
This document provides an overview of Always Encrypted in Microsoft SQL Server 2016, which allows customers to securely store sensitive data outside of their trust boundary while protecting data from highly privileged users. Key capabilities of Always Encrypted include client-side encryption of sensitive data using keys never provided to the database system and support for queries on encrypted data, with minimal application changes required.
Organizational compliance and security in Microsoft SQL 2012-2016George Walters
Organizational compliance and security in Microsoft SQL 2012-2016. This covers encryption at rest and in transit, securing data, application design considerations, Audit, and T-SQL to help you get compliant.
This document provides an overview of 10 steps to secure Microsoft SQL Server databases. It discusses establishing physical security, isolating protected data, reducing the attack surface, using least privileged access, maintaining secure connections, categorizing data, protecting against SQL injection, conducting vulnerability assessments, encrypting data, and implementing row-level security. The document also includes demonstrations of SQL Server vulnerability assessment and transparent data encryption features. It emphasizes that securing SQL Server is an ongoing and continuous process.
The document discusses keeping private data private through various data security techniques. It focuses on data masking, which involves replacing sensitive data with realistic but non-sensitive substitutes. Various methods for data masking are described, including data substitution, truncation, randomization, and dynamic or real-time masking. The document emphasizes that data masking helps enable testing and analytics while protecting sensitive production data.
The document discusses InfoSphere Optim Test Data Management and its capabilities for managing test data across the information lifecycle. It highlights risks of poor test data management like privacy issues and inefficient processes. InfoSphere Optim provides capabilities like masking sensitive data, extracting targeted test data subsets, and automating test data refresh. It also supports test data management for IMS databases on z/OS.
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseWinWire Technologies Inc
The webinar talked about the layers of data protection, important security features, potential scenarios in which these features can be applied to limit exposure to security threats and best practices for securing business applications and data. We covered following topics on SQL Server 2016 and Azure SQL Database security features
• Access Level Control
• Data Encryption
• Monitoring
This document discusses database security and SQL injection attacks. It begins with an overview of access control in SQL and views before discussing SQL injection attacks in more detail. The key points are that SQL injection attacks involve inserting malicious SQL statements into user input fields to exploit applications that directly insert user input into SQL queries. Examples are given of how attacks can read or delete entire databases. The best defenses include using prepared statements with bound parameters and validating/sanitizing all user input.
A walkthrough on implementing Always Encrypted Encryption on sensitive information to reduce your attack surface area and develop an active data security posture.
The document discusses database security and SQL injection attacks. It provides an overview of access control in SQL and MySQL, including the use of views and privileges. It then describes SQL injection attacks, giving examples of how attackers can exploit vulnerabilities to view sensitive data or delete tables. The best defense is using prepared statements with bound parameters rather than embedding user input directly into SQL. Other defenses include input validation, output encoding, limiting permissions, and configuring error reporting.
The document discusses database security and SQL injection attacks. It provides an overview of access control in SQL and MySQL, views, and limitations of SQL security. It defines SQL injection attacks and gives examples of how attacks work by inserting malicious SQL statements into user input. The document recommends best practices for prevention, including using prepared statements with bound variables, input validation, output encoding, and limiting database permissions.
The document discusses best practices for locking down databases and applications in Microsoft SQL Server. It covers topics such as authentication, logins vs users, database roles, permissions, ownership chaining, auditing, and encryption. The author is a SQL Server MVP who provides recommendations based on their experience with security architecture, incident response, and SQL Server.
Ingres now Actian Corporation, is the leading open source database management company. We are the world’s second largest open source company and the pioneer of The New
Economics of IT, providing business-critical open source solutions at dramatically reduced cost than proprietary software vendors. As a leader in The New
Economics of IT, Ingres delivers low cost and accelerated innovation to its more than 10,000 customers worldwide.
Data modeling is the process of exploring data structures and relationships. It involves identifying entity types, attributes, relationships and applying normalization. Conceptual, logical and physical data models are used at different stages of the design process. Database security involves techniques like access control, encryption and firewalls to protect data confidentiality, integrity and availability. Issues like SQL injection occur when user input is not sanitized before passing to the database.
This document discusses database security and SQL injection attacks. It begins by defining databases and their components like tables, rows, and columns. It then explains relational databases and SQL. The document discusses SQL injection attacks in detail, providing examples of how attacks work and countermeasures. It also covers topics like role-based access control, inference, statistical databases, and database encryption.
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...Emtec Inc.
This document discusses PCI compliance and real-time analytics using Oracle tools. It provides background on PCI standards and compliance requirements. It then describes how Oracle tools can help with six PCI requirements, including encrypting data, restricting access, and reporting. The document also discusses challenges with native Oracle reporting and interim reporting. It then describes a materialized view solution developed to provide portable data and near real-time analytics on credit card transactions in Oracle E-Business Suite.
The document discusses data security best practices for SQL Server applications and audit compliance. It recommends authenticating users, encrypting data, using parameterized queries to prevent SQL injection, and auditing database activity. SQL Server 2008 introduced features like Transparent Data Encryption and Extensible Key Management to help meet compliance requirements.
The document outlines the goals and features of Microsoft SQL Data Services (SDS). Key points include:
- SDS provides scalable data storage and query processing using Microsoft SQL Server technologies in a hosted environment.
- It offers benefits like ease of application development via web APIs, unlimited scalable storage, availability, security protections and strong service level agreements.
- The presentation will demonstrate the SDS object model, querying capabilities, and differences between SDS and traditional SQL Server.
MongoDB.local Austin 2018: Pissing Off IT and Delivery: A Tale of 2 ODS'sMongoDB
Long live RDBMs! For years they have been a staple of large data set storage, manipulation & retrieval. But what if I told you that we were able to simplify every aspect of our new ODS; from data maintenance and implementation to API design, scalability and maintainability by doing one simple thing?
Presented by: Scott Jones, Acxiom Fellow, Acxiom
Similar to Organizational compliance and security SQL 2012-2019 by George Walters (20)
Customer migration to Azure SQL database, December 2019George Walters
This is a real life story on how a software as a service application moved to the cloud, to azure, over a period of two years. We discuss migration, business drivers, technology, and how it got done. We talk through more modern ways to refactor or change code to get into the cloud nowadays.
Inclusion in language and action: What you can do to improve yourself with respect to: Mainsplaining, Ableism, disability, gender, and bias. You want to improve, and this can be a piece of that puzzle.
Azure SQL Database now has a Managed Instance, for near 100% compatibility for lifting-and-shifting applications running on Microsoft SQL Server to Azure. Contact me for more information.
Customer migration to azure sql database from on-premises SQL, for a SaaS app...George Walters
Why would someone take a working on-premises SaaS infrastructure, and migrate it to Azure? We review the technology decisions behind this conversion, and business choices behind migrating to Azure. The SQL 2012 infrastructure and application was migrated to PaaS Services. Finally, how would we do this architecture in 2019.
Microsoft SQL server 2017 Level 300 technical deckGeorge Walters
This deck covers new features in SQL Server 2017, as well as carryover features from 2012 onwards. This includes high availability, columnstore, alwayson, In-memory tables, and other enterprise features.
Beyond the Basics of A/B Tests: Highly Innovative Experimentation Tactics You...Aggregage
This webinar will explore cutting-edge, less familiar but powerful experimentation methodologies which address well-known limitations of standard A/B Testing. Designed for data and product leaders, this session aims to inspire the embrace of innovative approaches and provide insights into the frontiers of experimentation!
Predictably Improve Your B2B Tech Company's Performance by Leveraging DataKiwi Creative
Harness the power of AI-backed reports, benchmarking and data analysis to predict trends and detect anomalies in your marketing efforts.
Peter Caputa, CEO at Databox, reveals how you can discover the strategies and tools to increase your growth rate (and margins!).
From metrics to track to data habits to pick up, enhance your reporting for powerful insights to improve your B2B tech company's marketing.
- - -
This is the webinar recording from the June 2024 HubSpot User Group (HUG) for B2B Technology USA.
Watch the video recording at https://youtu.be/5vjwGfPN9lw
Sign up for future HUG events at https://events.hubspot.com/b2b-technology-usa/
Open Source Contributions to Postgres: The Basics POSETTE 2024ElizabethGarrettChri
Postgres is the most advanced open-source database in the world and it's supported by a community, not a single company. So how does this work? How does code actually get into Postgres? I recently had a patch submitted and committed and I want to share what I learned in that process. I’ll give you an overview of Postgres versions and how the underlying project codebase functions. I’ll also show you the process for submitting a patch and getting that tested and committed.
The Ipsos - AI - Monitor 2024 Report.pdfSocial Samosa
According to Ipsos AI Monitor's 2024 report, 65% Indians said that products and services using AI have profoundly changed their daily life in the past 3-5 years.
Organizational compliance and security SQL 2012-2019 by George Walters
1. Microsoft SQL Server 2012 – 2017
(with 2019 CTP 2.3 Preview)
Organizational Security
& Compliance
George Walters
Senior Partner Technical Strategist for ISV Partners
george.walters@microsoft.com
@geo_walters on twitter
https://www.linkedin.com/in/georgewalters/
2.
3. Why is security important?
4
https://www.identityforce.com/blog/2019-data-breaches
UConn Health
February 22, 2019: In another major data breach of a university health facility, patients of UConn Health have had their personal
information exposed after a third party accessed employee email accounts. About 326,000 people were affected in the breach, which
compromised names, dates of birth, addresses, Social Security numbers, and limited medical information.
Dow Jones
March 1, 2019: A database containing 2,418,862 identity records on government officials and politicians from every country in the
world was leaked online from a Dow Jones watchlist. The watchlist is compiled from publicly available information on prominent
individuals who have the ability to embezzle money, accept bribes, or launder funds.
Rush University Medical Center
March 4, 2019: About 45,000 patients of Chicago-based Rush health system were exposed in a data breach. Names, addresses,
birthdays, Social Security numbers, and health insurance information were compromised after an employee disclosed billing
documents to an unauthorized third party.
Health Alliance Plan
March 6, 2019: The protected medical information of 120,000 patients has been exposed in a Health Alliance Plan data breach. The
names, addresses, dates of birth, member ID numbers, healthcare provider names, patient ID numbers, and claim information were
compromised after a ransomware attack infiltrated Wolverine Solutions Group, a third-party vendor who manages the network’s
mailing services.
https://www.zdnet.com/article/citrix-discloses-security-breach-of-internal-network/
CITRIX
March 8, 2019: “hackers accessed and downloaded business documents, but Citrix wasn't able to identify what specific documents had
been stolen at the time of his announcement today.”
6. ASE256 for backup keys
SHA512 for password hashes
Built-in cryptography hierarchy
Transparent data encryption
Extensible key management
Sign code modules
Encrypted connection on-premises and in
Azure SQL database
Audit, TDE, Always Encrypted in Azure SQL database or
Azure SQL Managed Instance
Beginning with SQL Server 2016, all algorithms other than AES128, AES192, and
AES256 are deprecated. To use older algorithms (not recommended) you must
set the database to database compatibility level 120 or lower.
7.
8. USE master;
GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD =
'<UseStrongPasswordHere>';
Go
CREATE CERTIFICATE MyServerCert WITH SUBJECT = 'My DEK Certificate';
go
USE AdventureWorks2012;
GO
-- RED ALERT: BACKUP THE CERTIFICATE !!!
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_128
ENCRYPTION BY SERVER CERTIFICATE MyServerCert;
GO
ALTER DATABASE AdventureWorks2016
SET ENCRYPTION ON;
GO
11. Performance Security Availability Scalability
Operational analytics
Insights on operational data;
Works with in-memory OLTP and
disk-based OLTP
In-memory OLTP
enhancements
Greater T-SQL surface area,
terabytes of memory supported,
and greater number of parallel
CPUs
Query data store
Monitor and optimize query plans
Native JSON
Expanded support for JSON data
Temporal database support
Query data as points in time
Always encrypted
Sensitive data remains encrypted at
all times with ability to query
Row-level security
Apply fine-grained access control
to table rows
Dynamic data masking
Real-time obfuscation of data to
prevent unauthorized access
Other enhancements
Audit success/failure of database
operations
TDE support for storage of in-
memory OLTP tables
Enhanced auditing for OLTP with
ability to track history of record
changes
Enhanced AlwaysOn
Three synchronous replicas for auto
failover across domains
Round robin load balancing of
replicas
Automatic failover based on
database health
DTC for transactional integrity
across database instances with
AlwaysOn
Support for SSIS with AlwaysOn
Enhanced database caching
Cache data with automatic, multiple
TempDB files per instance in multi-
core environments
Mission-critical performance
13. Prevents Data
Disclosure
Client-side encryption of
sensitive data using keys that
are never given to the
database system.
Queries on
Encrypted Data
Support for equality
comparison, incl. join, group
by and distinct operators.
Application
Transparency
Minimal application changes
via server and client library
enhancements.
Allows customers to securely store sensitive data outside
of their trust boundary.
Data remains protected from high-privileged, yet
unauthorized users.
Benefits of Always Encrypted
14. dbo.Patients
Jane Doe
Name
243-24-9812
SSN
USA
Country
Jim Gray 198-33-0987 USA
John Smith 123-82-1095 USA
dbo.Patients
Jane Doe
Name
1x7fg655se2e
SSN
USA
Jim Gray 0x7ff654ae6d USA
John Smith 0y8fj754ea2c USA
Country
Result Set
Jim Gray
Name
Jane Doe
Name
1x7fg655se2e
SSN
USA
Country
Jim Gray 0x7ff654ae6d USA
John Smith 0y8fj754ea2c USA
dbo.Patients
SQL Server
Query
TrustedApps
SELECT Name FROM
Patients WHERE SSN=@SSN
@SSN='198-33-0987'
Result Set
Jim Gray
Name
SELECT Name FROM
Patients WHERE SSN=@SSN
@SSN=0x7ff654ae6d
Column
Encryption
Key
Enhanced
ADO.NET
Library
Column
Master
Key
Client side
Always Encrypted
Help protect data at rest and in motion, on-premises & cloud
ciphertext
15. Randomized encryption
Encrypt('123-45-6789') = 0x17cfd50a
Repeat: Encrypt('123-45-6789') = 0x9b1fcf32
Allows for transparent retrieval of encrypted
data but NO operations
More secure
Deterministic encryption
Encrypt('123-45-6789') = 0x85a55d3f
Repeat: Encrypt('123-45-6789') = 0x85a55d3f
Allows for transparent retrieval of encrypted
data AND equality comparison
E.g. in WHERE clauses and joins, distinct,
group by
Two types of
encryption available
Randomized encryption uses a
method that encrypts data in a less
predictable manner
Deterministic encryption uses a
method which always generates the
same encrypted value for any given
plain text value
Types of Encryption for Always Encrypted
16. Security
Officer
1. Generate CEKs and Master Key
2. Encrypt CEK
3. Store Master Key Securely
4. Upload Encrypted CEK to DB
CMK Store:
Certificate Store
HSM
Azure Key Vault
…
Encrypted
CEK
Column
Encryption Key
(CEK)
Column
Master Key
(CMK)
Key Provisioning
CMK
Database
Encrypted CEK
17. Param
Encryption
Type/
Algorithm
Encrypted
CEK Value
CMK Store
Provider
Name CMK Path
@Name Non-DET/
AES 256
CERTIFICATE
_STORE
Current User/
My/f2260…
EXEC sp_execute_sql
N'SELECT * FROM Customers WHERE SSN = @SSN'
, @params = N'@SSN VARCHAR(11)', @SSN=0x7ff654ae6d
Param
Encryption
Type/
Algorithm
Encrypted
CEK Value
CMK Store
Provider
Name CMK Path
@SSN DET/ AES
256
CERTIFICATE
_STORE
Current User/
My/f2260…
Enhanced
ADO.NET
Plaintext
CEK
Cache
exec sp_describe_parameter_encryption
@params = N'@SSN VARCHAR(11)'
, @tsql = N'SELECT * FROM Customers WHERE SSN = @SSN'
Result set (ciphertext)
Name
Jim Gray
Result set (plaintext)
using (SqlCommand cmd = new
SqlCommand(
"SELECT Name FROM Customers WHERE SSN
= @SSN“
, conn))
{
cmd.Parameters.Add(new SqlParameter(
"@SSN", SqlDbType.VarChar, 11).Value
=
"111-22-3333");
SqlDataReader reader =
cmd.ExecuteReader();
Client - Trusted SQL Server - Untrusted
Encryptionmetadata
Name
0x19ca706fbd9
Encryptionmetadata
CMK Store
Example
18. Select columns to
be encrypted
Analyze schema
and application
queries to detect
conflicts (build
time)Set up the keys:
master & CEK
Static schema
analysis tool
(SSDT only)
UI for selecting columns (no
automated data classification)
Key setup tool to automate
selecting CMK, generating and
encrypting CEK and uploading
key metadata to the database
Setup (SSMS or SSDT)
User Experience: SSMS or SSDT (Visual Studio)
19. Existing App – Setup
User Experience: SSMS or SSDT (Visual Studio)
UI for selecting columns
(no automated data
classification)
Select candidate
columns to be
encrypted
Analyze schema and
application queries to
detect conflicts and
identify optimal
encryption settings
Set up the keys
Encrypt selected
columns while
migrating the
database to a target
server (e.g. in Azure
SQL Database
Key Setup tool to
streamline selecting CMK,
generating and encrypting
CEK and uploading key
metadata to the database
Encryption tool creating
new (encrypted) columns,
copying data from old
(plain text) columns,
swapping columns and re-
creating dependencies
Select desired
encryption settings
for selected columns
UI for configuring
encryption settings on
selected columns
(accepting/editing
recommendations from
the analysis tool)
Schema/workload analysis
tool analyzing the schema
and profiler logs
20. Data remains encrypted
during query
Summary: Always encrypted
Protect data at rest and in motion, on-premises & cloud
Capability
ADO.Net client library provides
transparent client-side encryption, while
SQL Server executes T-SQL queries on
encrypted data
Benefits
Apps TCE-enabled
ADO .NET library
SQL ServerEncrypted
query
Columnar
key
No app
changes
Master
key
22. Fine-grained access control over specific
rows in a database table
Help prevent unauthorized access when
multiple users share the same tables, or to
implement connection filtering in
multitenant applications
Administer via SQL Server Management
Studio or SQL Server Data Tools
Enforcement logic inside the database and
schema bound to the table.
Protect data privacy by ensuring the right access across rows
SQL Database
Customer 1
Customer 2
Customer 3
Row-level security
23. Fine-grained
access control
Keeping multi-tenant
databases secure by limiting
access by other users who
share the same tables.
Application
transparency
RLS works transparently at
query time, no app changes
needed.
Compatible with RLS in other
leading products.
Centralized
security logic
Enforcement logic resides
inside database and is
schema-bound to the table it
protects providing greater
security. Reduced application
maintenance and complexity.
Store data intended for many consumers in a single database/table while at the same time restricting
row-level read & write access based on users’ execution context.
Benefits of row-level security
24. CREATE SECURITY POLICY mySecurityPolicy
ADD FILTER PREDICATE dbo.fn_securitypredicate(wing, startTime,
endTime)
ON dbo.patients
Predicate function
User-defined inline table-valued function (iTVF) implementing security logic
Can be arbitrarily complicated, containing joins with other tables
Security predicate
Applies a predicate function to a particular table (SEMIJOIN APPLY)
Two types: filter predicates and blocking predicates
Security policy
Collection of security predicates for managing security across multiple tables
Row Level Security Concepts
25. CREATE FUNCTION dbo.fn_securitypredicate(@wing int)
RETURNS TABLE WITH SCHEMABINDING AS
return SELECT 1 as [fn_securitypredicate_result]
FROM
StaffDuties d INNER JOIN Employees e
ON (d.EmpId = e.EmpId)
WHERE e.UserSID = SUSER_SID()
AND @wing = d.Wing;
CREATE SECURITY POLICY dbo.SecPol
ADD FILTER PREDICATE
dbo.fn_securitypredicate(Wing)
ON Patients
WITH (STATE = ON)
Fine-grained access
control over rows in a
table based on one or
more pre-defined filtering
criteria, e.g., user’s role or
clearance level in
organization.
Concepts:
Predicate function
Security policy
Example
26. Two
App user (e.g., nurse) selects from Patients table
Three
Security Policy transparently rewrites query to apply filter predicate
Database
Policy Manager
CREATE FUNCTION dbo.fn_securitypredicate(@wing int)
RETURNS TABLE WITH SCHEMABINDING AS
return SELECT 1 as [fn_securitypredicate_result] FROM
StaffDuties d INNER JOIN Employees e
ON (d.EmpId = e.EmpId)
WHERE e.UserSID = SUSER_SID() AND @wing = d.Wing;
CREATE SECURITY POLICY dbo.SecPol
ADD FILTER PREDICATE dbo.fn_securitypredicate(Wing) ON
Patients
WITH (STATE = ON)
Filter
Predicate:
INNER
JOIN…
Security
Policy
Application
Patients
One
Policy manager creates filter predicate and security policy in T-SQL, binding the
predicate to the Patients table
Nurse
SELECT * FROM Patients
SELECT * FROM Patients
SEMIJOIN APPLY dbo.fn_securitypredicate(patients.Wing);
SELECT Patients.* FROM Patients,
StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId)
WHERE e.UserSID = SUSER_SID() AND Patients.wing = d.Wing;
RLS in Three Steps
27. Creates a security policy for row
level security.
The following examples
demonstrate the use of the
CREATE SECURITY POLICY
syntax.
For an example of a complete
security policy scenario, see Row
Level Security.
Create Security Policy
-- The following syntax creates a security policy with a filter
predicate for the Customer table, and leaves the security
policy disabled
CREATE SECURITY POLICY [FederatedSecurityPolicy]
ADD FILTER PREDICATE
[rls].[fn_securitypredicate]([CustomerId])
ON [dbo].[Customer];
-- Create a new schema and predicate function, which will use
the application user ID stored in CONTEXT_INFO to filter rows.
CREATE FUNCTION rls.fn_securitypredicate (@AppUserId
int)
RETURNS TABLE
WITH SCHEMABINDING
AS
RETURN (
SELECT 1 AS fn_securitypredicate_result
WHERE
DATABASE_PRINCIPAL_ID() =
DATABASE_PRINCIPAL_ID('dbo')
-- application context
AND CONTEXT_INFO() = CONVERT(VARBINARY(128),
@AppUserId);
GO
29. Configuration made easy in the new
Azure portal
Policy-driven at the table and column
level, for a defined set of users
Data masking applied in real-time to
query results based on policy
Multiple masking functions available
(e.g. full, partial) for various sensitive
data categories (e.g. Credit Card
Numbers, SSN, etc.)
Azure SQL Database
SQL Server 2016
CTP2+
Table.CreditCardNo
4465-6571-7868-5796
4468-7746-3848-1978
4484-5434-6858-6550
Real-time data masking;
partial masking
Dynamic Data Masking
Prevent the abuse of sensitive data by hiding it from users
30. Audit success/failure
of database
operations
Enhanced auditing
for OLTP with ability
to track history of
record changes
Transparent Data
Encryption support
for storage of In-
memory OLTP
Tables
Backup encryption
now supported with
compression
Other security enhancements
31. gMSA support
Group Managed Service Accounts (gMSA)
Automatically set domain scope for Managed Service Accounts
Automatic password rotation
Much more secure than regular domain accounts
Enables cross-system security context
Why would I want a gMSA?
No need to manually change passwords on all AlwaysOn instances
How does it work?
Passwords are managed by domain
What versions will it be supported in?
Supported in SQL Server 2014 and SQL Server 2016
32. Domain-independent Availability Groups
Environments supported:
Cross domains (with trust)
Cross domains (no trust)
No domain at all
Cluster management via PowerShell only
SQL management as normal
Use of certificate-secured endpoints like DBM
What versions will it be supported in?
SQL Server 2016
SQL 2017: Cross-Windows-and-Linux Availability Groups
33. SQL 2017 new Security Features
.NET CLR (common language runtime)
CLR uses Code Access Security (CAS) in the .NET Framework, which is no longer
supported as a security boundary. (Safe might no longer be safe!)
sp_configure option called clr strict security is introduced to enhance the
security of CLR assemblies.
New Permissions
DATABASE SCOPED CREDENTIAL is now a class of securable, supporting
CONTROL, ALTER, REFERENCES, TAKE OWNERSHIP, and VIEW DEFINITION
permissions.
ADMINISTER DATABASE BULK OPERATIONS, which is restricted to SQL
Database, is now visible in sys.fn_builtin_permissions.
34. SQL 2019 CTP 2.3 new Security Features
Certificate management is now integrated into the
SQL Server Configuration Manager, simplifying
common tasks such as:
• Viewing and validating certificates installed in a SQL Server
instance.
• Viewing certificates close to expiration.
• Deploy certificates across machines participating in Always
On Availability Groups (from the node holding the primary
replica).
• Deploy certificates across machines participating in a failover
cluster instance (from the active node).
35. SQL Server Security Center
https://docs.microsoft.com/en-us/sql/relational-databases/security/security-
center-for-sql-server-database-engine-and-azure-sql-database
SQL Server Security Documentation (2016) (Change
number for version)
https://docs.microsoft.com/en-us/sql/database-engine/whats-new-in-sql-server-
2016#Security
SQL Server 2017 New Features
https://docs.microsoft.com/en-us/sql/database-engine/whats-new-in-sql-server-
2017
SQL Injection Resources
https://docs.microsoft.com/en-us/sql/relational-databases/security/sql-
injection
Security resources
36. End-to-end mobile
BI
on any device
Choice of platform
and language
Most secure
over the last 7 years
0
20
40
60
80
100
120
140
160
180
200
1 2 3 4 5 6
Vulnerabilities(2010-2016)
A fraction of the cost
Self-serviceBIperuser
Only commercial DB
with AI built-in
Microsoft Tableau Oracle
$120
$480
$2,230
Industry-leading
performance
1/10
Most consistent data platform
#1 TPC-H
performance
1TB, 10TB, 30TB
#1 TPC-E performance
#1 price/performance
T-SQL
Java
C/C++
C#/VB.NET
PHP
Node.js
Python
Ruby
R
R and Python +
in-memory at massive scale
Native T-SQL scoring
SQL SERVER 2017
INDUSTRY-LEADING PERFORMANCE AND
SECURIT Y NOW ON LINUX AND DOCKER
Private cloud Public cloud
In-memory across all workloads
1/10th the cost of Oracle
37. Thank you!
george.walters@microsoft.com
@geo_walters on twitter
Blog: https://georgewalters.wordpress.com/
Resources:
SQL Server Blog: https://cloudblogs.microsoft.com/sqlserver/
Microsoft Documentation (Pretty good nowadays!) https://docs.microsoft.com/en-us/
Learning via docs: https://docs.microsoft.com/en-us/learn/
Hands-on labs: https://www.microsoft.com/handsonlabs
In-Person events: https://events.microsoft.com/
SQL Saturday (Centered around Microsoft data platform): http://www.sqlsaturday.com
Microsoft virtual academy: https://mva.microsoft.com/
EdX has tons of material: https://www.edx.org/course?search_query=microsoft