SlideShare a Scribd company logo

Organizational compliance and security SQL 2012-2019 by George Walters

George Walters
George Walters

The compliance and security aspects of SQL Server, and the greater platform, are covered here. This goes through CTP 2.3 of SQL 2019. I start with the history of security in SQL Server, from the changes with SQL 2005, then into SQL 2008, 2008r2, 2012, 2014, 2016, 2017. We cover the requirement for installation, auditing, encryption, compliance, and so forth.

Data & Analytics
1 of 37
Microsoft SQL Server 2012 – 2017 (with 2019 CTP 2.3 Preview) Organizational Security & Compliance George Walters Senior Partner Technical Strategist for ISV Partners george.walters@microsoft.com @geo_walters on twitter https://www.linkedin.com/in/georgewalters/
Why is security important? 4 https://www.identityforce.com/blog/2019-data-breaches UConn Health February 22, 2019: In another major data breach of a university health facility, patients of UConn Health have had their personal information exposed after a third party accessed employee email accounts. About 326,000 people were affected in the breach, which compromised names, dates of birth, addresses, Social Security numbers, and limited medical information. Dow Jones March 1, 2019: A database containing 2,418,862 identity records on government officials and politicians from every country in the world was leaked online from a Dow Jones watchlist. The watchlist is compiled from publicly available information on prominent individuals who have the ability to embezzle money, accept bribes, or launder funds. Rush University Medical Center March 4, 2019: About 45,000 patients of Chicago-based Rush health system were exposed in a data breach. Names, addresses, birthdays, Social Security numbers, and health insurance information were compromised after an employee disclosed billing documents to an unauthorized third party. Health Alliance Plan March 6, 2019: The protected medical information of 120,000 patients has been exposed in a Health Alliance Plan data breach. The names, addresses, dates of birth, member ID numbers, healthcare provider names, patient ID numbers, and claim information were compromised after a ransomware attack infiltrated Wolverine Solutions Group, a third-party vendor who manages the network’s mailing services. https://www.zdnet.com/article/citrix-discloses-security-breach-of-internal-network/ CITRIX March 8, 2019: “hackers accessed and downloaded business documents, but Citrix wasn't able to identify what specific documents had been stolen at the time of his announcement today.”
Progress on SQL Engine security … A Journey through time 5
ASE256 for backup keys SHA512 for password hashes Built-in cryptography hierarchy Transparent data encryption Extensible key management Sign code modules Encrypted connection on-premises and in Azure SQL database Audit, TDE, Always Encrypted in Azure SQL database or Azure SQL Managed Instance Beginning with SQL Server 2016, all algorithms other than AES128, AES192, and AES256 are deprecated. To use older algorithms (not recommended) you must set the database to database compatibility level 120 or lower.
USE master; GO CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<UseStrongPasswordHere>'; Go CREATE CERTIFICATE MyServerCert WITH SUBJECT = 'My DEK Certificate'; go USE AdventureWorks2012; GO -- RED ALERT: BACKUP THE CERTIFICATE !!! CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE MyServerCert; GO ALTER DATABASE AdventureWorks2016 SET ENCRYPTION ON; GO
allow flexible database access for better separation of duties
Performance Security Availability Scalability Operational analytics Insights on operational data; Works with in-memory OLTP and disk-based OLTP In-memory OLTP enhancements Greater T-SQL surface area, terabytes of memory supported, and greater number of parallel CPUs Query data store Monitor and optimize query plans Native JSON Expanded support for JSON data Temporal database support Query data as points in time Always encrypted Sensitive data remains encrypted at all times with ability to query Row-level security Apply fine-grained access control to table rows Dynamic data masking Real-time obfuscation of data to prevent unauthorized access Other enhancements Audit success/failure of database operations TDE support for storage of in- memory OLTP tables Enhanced auditing for OLTP with ability to track history of record changes Enhanced AlwaysOn Three synchronous replicas for auto failover across domains Round robin load balancing of replicas Automatic failover based on database health DTC for transactional integrity across database instances with AlwaysOn Support for SSIS with AlwaysOn Enhanced database caching Cache data with automatic, multiple TempDB files per instance in multi- core environments Mission-critical performance
Always Encrypted SQL Server 2016+ Azure SQL Database Azure SQL Managed Instance
Prevents Data Disclosure Client-side encryption of sensitive data using keys that are never given to the database system. Queries on Encrypted Data Support for equality comparison, incl. join, group by and distinct operators. Application Transparency Minimal application changes via server and client library enhancements. Allows customers to securely store sensitive data outside of their trust boundary. Data remains protected from high-privileged, yet unauthorized users. Benefits of Always Encrypted
dbo.Patients Jane Doe Name 243-24-9812 SSN USA Country Jim Gray 198-33-0987 USA John Smith 123-82-1095 USA dbo.Patients Jane Doe Name 1x7fg655se2e SSN USA Jim Gray 0x7ff654ae6d USA John Smith 0y8fj754ea2c USA Country Result Set Jim Gray Name Jane Doe Name 1x7fg655se2e SSN USA Country Jim Gray 0x7ff654ae6d USA John Smith 0y8fj754ea2c USA dbo.Patients SQL Server Query TrustedApps SELECT Name FROM Patients WHERE SSN=@SSN @SSN='198-33-0987' Result Set Jim Gray Name SELECT Name FROM Patients WHERE SSN=@SSN @SSN=0x7ff654ae6d Column Encryption Key Enhanced ADO.NET Library Column Master Key Client side Always Encrypted Help protect data at rest and in motion, on-premises & cloud ciphertext
Randomized encryption Encrypt('123-45-6789') = 0x17cfd50a Repeat: Encrypt('123-45-6789') = 0x9b1fcf32 Allows for transparent retrieval of encrypted data but NO operations More secure Deterministic encryption Encrypt('123-45-6789') = 0x85a55d3f Repeat: Encrypt('123-45-6789') = 0x85a55d3f Allows for transparent retrieval of encrypted data AND equality comparison E.g. in WHERE clauses and joins, distinct, group by Two types of encryption available Randomized encryption uses a method that encrypts data in a less predictable manner Deterministic encryption uses a method which always generates the same encrypted value for any given plain text value Types of Encryption for Always Encrypted
Security Officer 1. Generate CEKs and Master Key 2. Encrypt CEK 3. Store Master Key Securely 4. Upload Encrypted CEK to DB CMK Store: Certificate Store HSM Azure Key Vault … Encrypted CEK Column Encryption Key (CEK) Column Master Key (CMK) Key Provisioning CMK Database Encrypted CEK
Param Encryption Type/ Algorithm Encrypted CEK Value CMK Store Provider Name CMK Path @Name Non-DET/ AES 256 CERTIFICATE _STORE Current User/ My/f2260… EXEC sp_execute_sql N'SELECT * FROM Customers WHERE SSN = @SSN' , @params = N'@SSN VARCHAR(11)', @SSN=0x7ff654ae6d Param Encryption Type/ Algorithm Encrypted CEK Value CMK Store Provider Name CMK Path @SSN DET/ AES 256 CERTIFICATE _STORE Current User/ My/f2260… Enhanced ADO.NET Plaintext CEK Cache exec sp_describe_parameter_encryption @params = N'@SSN VARCHAR(11)' , @tsql = N'SELECT * FROM Customers WHERE SSN = @SSN' Result set (ciphertext) Name Jim Gray Result set (plaintext) using (SqlCommand cmd = new SqlCommand( "SELECT Name FROM Customers WHERE SSN = @SSN“ , conn)) { cmd.Parameters.Add(new SqlParameter( "@SSN", SqlDbType.VarChar, 11).Value = "111-22-3333"); SqlDataReader reader = cmd.ExecuteReader(); Client - Trusted SQL Server - Untrusted Encryptionmetadata Name 0x19ca706fbd9 Encryptionmetadata CMK Store Example
Select columns to be encrypted Analyze schema and application queries to detect conflicts (build time)Set up the keys: master & CEK Static schema analysis tool (SSDT only) UI for selecting columns (no automated data classification) Key setup tool to automate selecting CMK, generating and encrypting CEK and uploading key metadata to the database Setup (SSMS or SSDT) User Experience: SSMS or SSDT (Visual Studio)
Existing App – Setup User Experience: SSMS or SSDT (Visual Studio) UI for selecting columns (no automated data classification) Select candidate columns to be encrypted Analyze schema and application queries to detect conflicts and identify optimal encryption settings Set up the keys Encrypt selected columns while migrating the database to a target server (e.g. in Azure SQL Database Key Setup tool to streamline selecting CMK, generating and encrypting CEK and uploading key metadata to the database Encryption tool creating new (encrypted) columns, copying data from old (plain text) columns, swapping columns and re- creating dependencies Select desired encryption settings for selected columns UI for configuring encryption settings on selected columns (accepting/editing recommendations from the analysis tool) Schema/workload analysis tool analyzing the schema and profiler logs
Data remains encrypted during query Summary: Always encrypted Protect data at rest and in motion, on-premises & cloud Capability ADO.Net client library provides transparent client-side encryption, while SQL Server executes T-SQL queries on encrypted data Benefits Apps TCE-enabled ADO .NET library SQL ServerEncrypted query Columnar key No app changes Master key
Row-Level Security SQL Server 2016 Azure SQL Database
Fine-grained access control over specific rows in a database table Help prevent unauthorized access when multiple users share the same tables, or to implement connection filtering in multitenant applications Administer via SQL Server Management Studio or SQL Server Data Tools Enforcement logic inside the database and schema bound to the table. Protect data privacy by ensuring the right access across rows SQL Database Customer 1 Customer 2 Customer 3 Row-level security
Fine-grained access control Keeping multi-tenant databases secure by limiting access by other users who share the same tables. Application transparency RLS works transparently at query time, no app changes needed. Compatible with RLS in other leading products. Centralized security logic Enforcement logic resides inside database and is schema-bound to the table it protects providing greater security. Reduced application maintenance and complexity. Store data intended for many consumers in a single database/table while at the same time restricting row-level read & write access based on users’ execution context. Benefits of row-level security
CREATE SECURITY POLICY mySecurityPolicy ADD FILTER PREDICATE dbo.fn_securitypredicate(wing, startTime, endTime) ON dbo.patients Predicate function User-defined inline table-valued function (iTVF) implementing security logic Can be arbitrarily complicated, containing joins with other tables Security predicate Applies a predicate function to a particular table (SEMIJOIN APPLY) Two types: filter predicates and blocking predicates Security policy Collection of security predicates for managing security across multiple tables Row Level Security Concepts
CREATE FUNCTION dbo.fn_securitypredicate(@wing int) RETURNS TABLE WITH SCHEMABINDING AS return SELECT 1 as [fn_securitypredicate_result] FROM StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND @wing = d.Wing; CREATE SECURITY POLICY dbo.SecPol ADD FILTER PREDICATE dbo.fn_securitypredicate(Wing) ON Patients WITH (STATE = ON) Fine-grained access control over rows in a table based on one or more pre-defined filtering criteria, e.g., user’s role or clearance level in organization. Concepts: Predicate function Security policy Example
Two App user (e.g., nurse) selects from Patients table Three Security Policy transparently rewrites query to apply filter predicate Database Policy Manager CREATE FUNCTION dbo.fn_securitypredicate(@wing int) RETURNS TABLE WITH SCHEMABINDING AS return SELECT 1 as [fn_securitypredicate_result] FROM StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND @wing = d.Wing; CREATE SECURITY POLICY dbo.SecPol ADD FILTER PREDICATE dbo.fn_securitypredicate(Wing) ON Patients WITH (STATE = ON) Filter Predicate: INNER JOIN… Security Policy Application Patients One Policy manager creates filter predicate and security policy in T-SQL, binding the predicate to the Patients table Nurse SELECT * FROM Patients SELECT * FROM Patients SEMIJOIN APPLY dbo.fn_securitypredicate(patients.Wing); SELECT Patients.* FROM Patients, StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND Patients.wing = d.Wing; RLS in Three Steps
Creates a security policy for row level security. The following examples demonstrate the use of the CREATE SECURITY POLICY syntax. For an example of a complete security policy scenario, see Row Level Security. Create Security Policy -- The following syntax creates a security policy with a filter predicate for the Customer table, and leaves the security policy disabled CREATE SECURITY POLICY [FederatedSecurityPolicy] ADD FILTER PREDICATE [rls].[fn_securitypredicate]([CustomerId]) ON [dbo].[Customer]; -- Create a new schema and predicate function, which will use the application user ID stored in CONTEXT_INFO to filter rows. CREATE FUNCTION rls.fn_securitypredicate (@AppUserId int) RETURNS TABLE WITH SCHEMABINDING AS RETURN ( SELECT 1 AS fn_securitypredicate_result WHERE DATABASE_PRINCIPAL_ID() = DATABASE_PRINCIPAL_ID('dbo') -- application context AND CONTEXT_INFO() = CONVERT(VARBINARY(128), @AppUserId); GO
Dynamic Data Masking SQL Server 2016 Azure SQL Database
Configuration made easy in the new Azure portal Policy-driven at the table and column level, for a defined set of users Data masking applied in real-time to query results based on policy Multiple masking functions available (e.g. full, partial) for various sensitive data categories (e.g. Credit Card Numbers, SSN, etc.) Azure SQL Database SQL Server 2016 CTP2+ Table.CreditCardNo 4465-6571-7868-5796 4468-7746-3848-1978 4484-5434-6858-6550 Real-time data masking; partial masking Dynamic Data Masking Prevent the abuse of sensitive data by hiding it from users
Audit success/failure of database operations Enhanced auditing for OLTP with ability to track history of record changes Transparent Data Encryption support for storage of In- memory OLTP Tables Backup encryption now supported with compression Other security enhancements
gMSA support Group Managed Service Accounts (gMSA) Automatically set domain scope for Managed Service Accounts Automatic password rotation Much more secure than regular domain accounts Enables cross-system security context Why would I want a gMSA? No need to manually change passwords on all AlwaysOn instances How does it work? Passwords are managed by domain What versions will it be supported in? Supported in SQL Server 2014 and SQL Server 2016
Domain-independent Availability Groups Environments supported: Cross domains (with trust) Cross domains (no trust) No domain at all Cluster management via PowerShell only SQL management as normal Use of certificate-secured endpoints like DBM What versions will it be supported in? SQL Server 2016 SQL 2017: Cross-Windows-and-Linux Availability Groups
SQL 2017 new Security Features .NET CLR (common language runtime) CLR uses Code Access Security (CAS) in the .NET Framework, which is no longer supported as a security boundary. (Safe might no longer be safe!) sp_configure option called clr strict security is introduced to enhance the security of CLR assemblies. New Permissions DATABASE SCOPED CREDENTIAL is now a class of securable, supporting CONTROL, ALTER, REFERENCES, TAKE OWNERSHIP, and VIEW DEFINITION permissions. ADMINISTER DATABASE BULK OPERATIONS, which is restricted to SQL Database, is now visible in sys.fn_builtin_permissions.
SQL 2019 CTP 2.3 new Security Features Certificate management is now integrated into the SQL Server Configuration Manager, simplifying common tasks such as: • Viewing and validating certificates installed in a SQL Server instance. • Viewing certificates close to expiration. • Deploy certificates across machines participating in Always On Availability Groups (from the node holding the primary replica). • Deploy certificates across machines participating in a failover cluster instance (from the active node).
SQL Server Security Center https://docs.microsoft.com/en-us/sql/relational-databases/security/security- center-for-sql-server-database-engine-and-azure-sql-database SQL Server Security Documentation (2016) (Change number for version) https://docs.microsoft.com/en-us/sql/database-engine/whats-new-in-sql-server- 2016#Security SQL Server 2017 New Features https://docs.microsoft.com/en-us/sql/database-engine/whats-new-in-sql-server- 2017 SQL Injection Resources https://docs.microsoft.com/en-us/sql/relational-databases/security/sql- injection Security resources
End-to-end mobile BI on any device Choice of platform and language Most secure over the last 7 years 0 20 40 60 80 100 120 140 160 180 200 1 2 3 4 5 6 Vulnerabilities(2010-2016) A fraction of the cost Self-serviceBIperuser Only commercial DB with AI built-in Microsoft Tableau Oracle $120 $480 $2,230 Industry-leading performance 1/10 Most consistent data platform #1 TPC-H performance 1TB, 10TB, 30TB #1 TPC-E performance #1 price/performance T-SQL Java C/C++ C#/VB.NET PHP Node.js Python Ruby R R and Python + in-memory at massive scale Native T-SQL scoring SQL SERVER 2017 INDUSTRY-LEADING PERFORMANCE AND SECURIT Y NOW ON LINUX AND DOCKER Private cloud Public cloud In-memory across all workloads 1/10th the cost of Oracle
Thank you! george.walters@microsoft.com @geo_walters on twitter Blog: https://georgewalters.wordpress.com/ Resources: SQL Server Blog: https://cloudblogs.microsoft.com/sqlserver/ Microsoft Documentation (Pretty good nowadays!) https://docs.microsoft.com/en-us/ Learning via docs: https://docs.microsoft.com/en-us/learn/ Hands-on labs: https://www.microsoft.com/handsonlabs In-Person events: https://events.microsoft.com/ SQL Saturday (Centered around Microsoft data platform): http://www.sqlsaturday.com Microsoft virtual academy: https://mva.microsoft.com/ EdX has tons of material: https://www.edx.org/course?search_query=microsoft

Recommended

Sql server 2019 new features
Sql server 2019 new featuresSql server 2019 new features
Sql server 2019 new features
George Walters
 
Overview SQL Server 2019
Overview SQL Server 2019Overview SQL Server 2019
Overview SQL Server 2019
Juan Fabian
 
Sql server 2019 New Features by Yevhen Nedaskivskyi
Sql server 2019 New Features by Yevhen NedaskivskyiSql server 2019 New Features by Yevhen Nedaskivskyi
Sql server 2019 New Features by Yevhen Nedaskivskyi
Alex Tumanoff
 
Odessa .net-user-group-sql-server-2019-hidden-gems by Denis Reznik
Odessa .net-user-group-sql-server-2019-hidden-gems by Denis ReznikOdessa .net-user-group-sql-server-2019-hidden-gems by Denis Reznik
Odessa .net-user-group-sql-server-2019-hidden-gems by Denis Reznik
Alex Tumanoff
 
The Roadmap for SQL Server 2019
The Roadmap for SQL Server 2019The Roadmap for SQL Server 2019
The Roadmap for SQL Server 2019
Amit Banerjee
 
SQL Server 2019 Big Data Cluster
SQL Server 2019 Big Data ClusterSQL Server 2019 Big Data Cluster
SQL Server 2019 Big Data Cluster
Maximiliano Accotto
 
Introducing Microsoft SQL Server 2017
Introducing Microsoft SQL Server 2017Introducing Microsoft SQL Server 2017
Introducing Microsoft SQL Server 2017
David J Rosenthal
 
SQL Server 2019 Master Data Service
SQL Server 2019 Master Data ServiceSQL Server 2019 Master Data Service
SQL Server 2019 Master Data Service
Kenichiro Nakamura
 

Recommended

Sql server 2019 new features
Sql server 2019 new featuresSql server 2019 new features
Sql server 2019 new features
George Walters
 
Overview SQL Server 2019
Overview SQL Server 2019Overview SQL Server 2019
Overview SQL Server 2019
Juan Fabian
 
Sql server 2019 New Features by Yevhen Nedaskivskyi
Sql server 2019 New Features by Yevhen NedaskivskyiSql server 2019 New Features by Yevhen Nedaskivskyi
Sql server 2019 New Features by Yevhen Nedaskivskyi
Alex Tumanoff
 
Odessa .net-user-group-sql-server-2019-hidden-gems by Denis Reznik
Odessa .net-user-group-sql-server-2019-hidden-gems by Denis ReznikOdessa .net-user-group-sql-server-2019-hidden-gems by Denis Reznik
Odessa .net-user-group-sql-server-2019-hidden-gems by Denis Reznik
Alex Tumanoff
 
The Roadmap for SQL Server 2019
The Roadmap for SQL Server 2019The Roadmap for SQL Server 2019
The Roadmap for SQL Server 2019
Amit Banerjee
 
SQL Server 2019 Big Data Cluster
SQL Server 2019 Big Data ClusterSQL Server 2019 Big Data Cluster
SQL Server 2019 Big Data Cluster
Maximiliano Accotto
 
Introducing Microsoft SQL Server 2017
Introducing Microsoft SQL Server 2017Introducing Microsoft SQL Server 2017
Introducing Microsoft SQL Server 2017
David J Rosenthal
 
SQL Server 2019 Master Data Service
SQL Server 2019 Master Data ServiceSQL Server 2019 Master Data Service
SQL Server 2019 Master Data Service
Kenichiro Nakamura
 
Exploring sql server 2016
Exploring sql server 2016Exploring sql server 2016
Exploring sql server 2016
Antonios Chatzipavlis
 
Modernizando plataforma de bi
Modernizando plataforma de biModernizando plataforma de bi
Modernizando plataforma de bi
Maximiliano Accotto
 
Discovery Day 2019 Sofia - Big data clusters
Discovery Day 2019 Sofia - Big data clustersDiscovery Day 2019 Sofia - Big data clusters
Discovery Day 2019 Sofia - Big data clusters
Ivan Donev
 
SQL Server 2017 Deep Dive - @Ignite 2017
SQL Server 2017 Deep Dive - @Ignite 2017SQL Server 2017 Deep Dive - @Ignite 2017
SQL Server 2017 Deep Dive - @Ignite 2017
Travis Wright
 
Discovery Day 2019 Sofia - What is new in SQL Server 2019
Discovery Day 2019 Sofia - What is new in SQL Server 2019Discovery Day 2019 Sofia - What is new in SQL Server 2019
Discovery Day 2019 Sofia - What is new in SQL Server 2019
Ivan Donev
 
SQL Server 2016 Everything built-in FULL deck
SQL Server 2016 Everything built-in FULL deckSQL Server 2016 Everything built-in FULL deck
SQL Server 2016 Everything built-in FULL deck
Hamid J. Fard
 
Temporal Tables, Transparent Archiving in DB2 for z/OS and IDAA
Temporal Tables, Transparent Archiving in DB2 for z/OS and IDAATemporal Tables, Transparent Archiving in DB2 for z/OS and IDAA
Temporal Tables, Transparent Archiving in DB2 for z/OS and IDAA
Cuneyt Goksu
 
Data Platform Overview
Data Platform OverviewData Platform Overview
Data Platform Overview
Hamid J. Fard
 
Bi and AI updates in the Microsoft Data Platform stack
Bi and AI updates in the Microsoft Data Platform stackBi and AI updates in the Microsoft Data Platform stack
Bi and AI updates in the Microsoft Data Platform stack
Ivan Donev
 
An intro to Azure Data Lake
An intro to Azure Data LakeAn intro to Azure Data Lake
An intro to Azure Data Lake
Rick van den Bosch
 
Azure - Data Platform
Azure - Data PlatformAzure - Data Platform
Azure - Data Platform
giventocode
 
SQL server 2016 New Features
SQL server 2016 New FeaturesSQL server 2016 New Features
SQL server 2016 New Features
aminmesbahi
 
Microsoft ignite 2018 SQL Server 2019 big data clusters - intro session
Microsoft ignite 2018 SQL Server 2019 big data clusters - intro sessionMicrosoft ignite 2018 SQL Server 2019 big data clusters - intro session
Microsoft ignite 2018 SQL Server 2019 big data clusters - intro session
Travis Wright
 
Everything you need to know about SQL Server 2016
Everything you need to know about SQL Server 2016Everything you need to know about SQL Server 2016
Everything you need to know about SQL Server 2016
Softchoice Corporation
 
SQL Server 2016 BI updates
SQL Server 2016 BI updatesSQL Server 2016 BI updates
SQL Server 2016 BI updates
Chris Testa-O'Neill
 
Azure data bricks by Eugene Polonichko
Azure data bricks by Eugene PolonichkoAzure data bricks by Eugene Polonichko
Azure data bricks by Eugene Polonichko
Alex Tumanoff
 
Data Integration through Data Virtualization (SQL Server Konferenz 2019)
Data Integration through Data Virtualization (SQL Server Konferenz 2019)Data Integration through Data Virtualization (SQL Server Konferenz 2019)
Data Integration through Data Virtualization (SQL Server Konferenz 2019)
Cathrine Wilhelmsen
 
What's new in SQL Server 2016
What's new in SQL Server 2016What's new in SQL Server 2016
What's new in SQL Server 2016
Onomi
 
Introduction to Azure Data Lake
Introduction to Azure Data LakeIntroduction to Azure Data Lake
Introduction to Azure Data Lake
Antonios Chatzipavlis
 
Ssn0020 ssis 2012 for beginners
Ssn0020 ssis 2012 for beginnersSsn0020 ssis 2012 for beginners
Ssn0020 ssis 2012 for beginners
Antonios Chatzipavlis
 
Always encrypted overview
Always encrypted overviewAlways encrypted overview
Always encrypted overview
SolidQ
 
Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016
George Walters
 

More Related Content

What's hot

Exploring sql server 2016
Exploring sql server 2016Exploring sql server 2016
Exploring sql server 2016
Antonios Chatzipavlis
 
Modernizando plataforma de bi
Modernizando plataforma de biModernizando plataforma de bi
Modernizando plataforma de bi
Maximiliano Accotto
 
Discovery Day 2019 Sofia - Big data clusters
Discovery Day 2019 Sofia - Big data clustersDiscovery Day 2019 Sofia - Big data clusters
Discovery Day 2019 Sofia - Big data clusters
Ivan Donev
 
SQL Server 2017 Deep Dive - @Ignite 2017
SQL Server 2017 Deep Dive - @Ignite 2017SQL Server 2017 Deep Dive - @Ignite 2017
SQL Server 2017 Deep Dive - @Ignite 2017
Travis Wright
 
Discovery Day 2019 Sofia - What is new in SQL Server 2019
Discovery Day 2019 Sofia - What is new in SQL Server 2019Discovery Day 2019 Sofia - What is new in SQL Server 2019
Discovery Day 2019 Sofia - What is new in SQL Server 2019
Ivan Donev
 
SQL Server 2016 Everything built-in FULL deck
SQL Server 2016 Everything built-in FULL deckSQL Server 2016 Everything built-in FULL deck
SQL Server 2016 Everything built-in FULL deck
Hamid J. Fard
 
Temporal Tables, Transparent Archiving in DB2 for z/OS and IDAA
Temporal Tables, Transparent Archiving in DB2 for z/OS and IDAATemporal Tables, Transparent Archiving in DB2 for z/OS and IDAA
Temporal Tables, Transparent Archiving in DB2 for z/OS and IDAA
Cuneyt Goksu
 
Data Platform Overview
Data Platform OverviewData Platform Overview
Data Platform Overview
Hamid J. Fard
 
Bi and AI updates in the Microsoft Data Platform stack
Bi and AI updates in the Microsoft Data Platform stackBi and AI updates in the Microsoft Data Platform stack
Bi and AI updates in the Microsoft Data Platform stack
Ivan Donev
 
An intro to Azure Data Lake
An intro to Azure Data LakeAn intro to Azure Data Lake
An intro to Azure Data Lake
Rick van den Bosch
 
Azure - Data Platform
Azure - Data PlatformAzure - Data Platform
Azure - Data Platform
giventocode
 
SQL server 2016 New Features
SQL server 2016 New FeaturesSQL server 2016 New Features
SQL server 2016 New Features
aminmesbahi
 
Microsoft ignite 2018 SQL Server 2019 big data clusters - intro session
Microsoft ignite 2018 SQL Server 2019 big data clusters - intro sessionMicrosoft ignite 2018 SQL Server 2019 big data clusters - intro session
Microsoft ignite 2018 SQL Server 2019 big data clusters - intro session
Travis Wright
 
Everything you need to know about SQL Server 2016
Everything you need to know about SQL Server 2016Everything you need to know about SQL Server 2016
Everything you need to know about SQL Server 2016
Softchoice Corporation
 
SQL Server 2016 BI updates
SQL Server 2016 BI updatesSQL Server 2016 BI updates
SQL Server 2016 BI updates
Chris Testa-O'Neill
 
Azure data bricks by Eugene Polonichko
Azure data bricks by Eugene PolonichkoAzure data bricks by Eugene Polonichko
Azure data bricks by Eugene Polonichko
Alex Tumanoff
 
Data Integration through Data Virtualization (SQL Server Konferenz 2019)
Data Integration through Data Virtualization (SQL Server Konferenz 2019)Data Integration through Data Virtualization (SQL Server Konferenz 2019)
Data Integration through Data Virtualization (SQL Server Konferenz 2019)
Cathrine Wilhelmsen
 
What's new in SQL Server 2016
What's new in SQL Server 2016What's new in SQL Server 2016
What's new in SQL Server 2016
Onomi
 
Introduction to Azure Data Lake
Introduction to Azure Data LakeIntroduction to Azure Data Lake
Introduction to Azure Data Lake
Antonios Chatzipavlis
 
Ssn0020 ssis 2012 for beginners
Ssn0020 ssis 2012 for beginnersSsn0020 ssis 2012 for beginners
Ssn0020 ssis 2012 for beginners
Antonios Chatzipavlis
 

What's hot (20)

Exploring sql server 2016
Exploring sql server 2016Exploring sql server 2016
Exploring sql server 2016
 
Modernizando plataforma de bi
Modernizando plataforma de biModernizando plataforma de bi
Modernizando plataforma de bi
 
Discovery Day 2019 Sofia - Big data clusters
Discovery Day 2019 Sofia - Big data clustersDiscovery Day 2019 Sofia - Big data clusters
Discovery Day 2019 Sofia - Big data clusters
 
SQL Server 2017 Deep Dive - @Ignite 2017
SQL Server 2017 Deep Dive - @Ignite 2017SQL Server 2017 Deep Dive - @Ignite 2017
SQL Server 2017 Deep Dive - @Ignite 2017
 
Discovery Day 2019 Sofia - What is new in SQL Server 2019
Discovery Day 2019 Sofia - What is new in SQL Server 2019Discovery Day 2019 Sofia - What is new in SQL Server 2019
Discovery Day 2019 Sofia - What is new in SQL Server 2019
 
SQL Server 2016 Everything built-in FULL deck
SQL Server 2016 Everything built-in FULL deckSQL Server 2016 Everything built-in FULL deck
SQL Server 2016 Everything built-in FULL deck
 
Temporal Tables, Transparent Archiving in DB2 for z/OS and IDAA
Temporal Tables, Transparent Archiving in DB2 for z/OS and IDAATemporal Tables, Transparent Archiving in DB2 for z/OS and IDAA
Temporal Tables, Transparent Archiving in DB2 for z/OS and IDAA
 
Data Platform Overview
Data Platform OverviewData Platform Overview
Data Platform Overview
 
Bi and AI updates in the Microsoft Data Platform stack
Bi and AI updates in the Microsoft Data Platform stackBi and AI updates in the Microsoft Data Platform stack
Bi and AI updates in the Microsoft Data Platform stack
 
An intro to Azure Data Lake
An intro to Azure Data LakeAn intro to Azure Data Lake
An intro to Azure Data Lake
 
Azure - Data Platform
Azure - Data PlatformAzure - Data Platform
Azure - Data Platform
 
SQL server 2016 New Features
SQL server 2016 New FeaturesSQL server 2016 New Features
SQL server 2016 New Features
 
Microsoft ignite 2018 SQL Server 2019 big data clusters - intro session
Microsoft ignite 2018 SQL Server 2019 big data clusters - intro sessionMicrosoft ignite 2018 SQL Server 2019 big data clusters - intro session
Microsoft ignite 2018 SQL Server 2019 big data clusters - intro session
 
Everything you need to know about SQL Server 2016
Everything you need to know about SQL Server 2016Everything you need to know about SQL Server 2016
Everything you need to know about SQL Server 2016
 
SQL Server 2016 BI updates
SQL Server 2016 BI updatesSQL Server 2016 BI updates
SQL Server 2016 BI updates
 
Azure data bricks by Eugene Polonichko
Azure data bricks by Eugene PolonichkoAzure data bricks by Eugene Polonichko
Azure data bricks by Eugene Polonichko
 
Data Integration through Data Virtualization (SQL Server Konferenz 2019)
Data Integration through Data Virtualization (SQL Server Konferenz 2019)Data Integration through Data Virtualization (SQL Server Konferenz 2019)
Data Integration through Data Virtualization (SQL Server Konferenz 2019)
 
What's new in SQL Server 2016
What's new in SQL Server 2016What's new in SQL Server 2016
What's new in SQL Server 2016
 
Introduction to Azure Data Lake
Introduction to Azure Data LakeIntroduction to Azure Data Lake
Introduction to Azure Data Lake
 
Ssn0020 ssis 2012 for beginners
Ssn0020 ssis 2012 for beginnersSsn0020 ssis 2012 for beginners
Ssn0020 ssis 2012 for beginners
 

Similar to Organizational compliance and security SQL 2012-2019 by George Walters

Always encrypted overview
Always encrypted overviewAlways encrypted overview
Always encrypted overview
SolidQ
 
Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016
George Walters
 
Overview of Microsoft Sql Server Security
Overview of Microsoft Sql Server SecurityOverview of Microsoft Sql Server Security
Overview of Microsoft Sql Server Security
Gary Manley, MA, PMP
 
Keeping Private Data Private
Keeping Private Data PrivateKeeping Private Data Private
Keeping Private Data Private
Dobler Consulting
 
Optim test data management for IMS 2011
Optim test data management for IMS 2011Optim test data management for IMS 2011
Optim test data management for IMS 2011
evgeni77
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
WinWire Technologies Inc
 
AcceleTest
AcceleTestAcceleTest
AcceleTest
Liz Martin
 
AcceleTest
AcceleTestAcceleTest
AcceleTest
Liz Martin
 
Sql security
Sql securitySql security
Sql security
Safwan Hashmi
 
Sql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedSql Server 2016 Always Encrypted
Sql Server 2016 Always Encrypted
Duncan Greaves PhD
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
LokeshK66
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
CNSHacking
 
Fortress SQL Server
Fortress SQL ServerFortress SQL Server
Fortress SQL Server
webhostingguy
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and compliance
Actian Corporation
 
Database modeling and security
Database modeling and securityDatabase modeling and security
Database modeling and security
Neeharika Nidadavolu
 
Lecture 15-16.pdf
Lecture 15-16.pdfLecture 15-16.pdf
Lecture 15-16.pdf
FumikageTokoyami4
 
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
Emtec Inc.
 
SQL Server 2008 Security Overview
SQL Server 2008 Security OverviewSQL Server 2008 Security Overview
SQL Server 2008 Security Overview
ukdpe
 
IndyCodeCamp SDS May 16th 2009
IndyCodeCamp SDS May 16th 2009IndyCodeCamp SDS May 16th 2009
IndyCodeCamp SDS May 16th 2009
Aaron King
 
MongoDB.local Austin 2018: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB.local Austin 2018: Pissing Off IT and Delivery: A Tale of 2 ODS'sMongoDB.local Austin 2018: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB.local Austin 2018: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB
 

Similar to Organizational compliance and security SQL 2012-2019 by George Walters (20)

Always encrypted overview
Always encrypted overviewAlways encrypted overview
Always encrypted overview
 
Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016
 
Overview of Microsoft Sql Server Security
Overview of Microsoft Sql Server SecurityOverview of Microsoft Sql Server Security
Overview of Microsoft Sql Server Security
 
Keeping Private Data Private
Keeping Private Data PrivateKeeping Private Data Private
Keeping Private Data Private
 
Optim test data management for IMS 2011
Optim test data management for IMS 2011Optim test data management for IMS 2011
Optim test data management for IMS 2011
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
 
AcceleTest
AcceleTestAcceleTest
AcceleTest
 
AcceleTest
AcceleTestAcceleTest
AcceleTest
 
Sql security
Sql securitySql security
Sql security
 
Sql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedSql Server 2016 Always Encrypted
Sql Server 2016 Always Encrypted
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
 
Fortress SQL Server
Fortress SQL ServerFortress SQL Server
Fortress SQL Server
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and compliance
 
Database modeling and security
Database modeling and securityDatabase modeling and security
Database modeling and security
 
Lecture 15-16.pdf
Lecture 15-16.pdfLecture 15-16.pdf
Lecture 15-16.pdf
 
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
 
SQL Server 2008 Security Overview
SQL Server 2008 Security OverviewSQL Server 2008 Security Overview
SQL Server 2008 Security Overview
 
IndyCodeCamp SDS May 16th 2009
IndyCodeCamp SDS May 16th 2009IndyCodeCamp SDS May 16th 2009
IndyCodeCamp SDS May 16th 2009
 
MongoDB.local Austin 2018: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB.local Austin 2018: Pissing Off IT and Delivery: A Tale of 2 ODS'sMongoDB.local Austin 2018: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB.local Austin 2018: Pissing Off IT and Delivery: A Tale of 2 ODS's
 

More from George Walters

Customer migration to Azure SQL database, December 2019
Customer migration to Azure SQL database, December 2019Customer migration to Azure SQL database, December 2019
Customer migration to Azure SQL database, December 2019
George Walters
 
Inclusion in language and action
Inclusion in language and actionInclusion in language and action
Inclusion in language and action
George Walters
 
Azure SQL Database Managed Instance - technical overview
Azure SQL Database Managed Instance - technical overviewAzure SQL Database Managed Instance - technical overview
Azure SQL Database Managed Instance - technical overview
George Walters
 
Working at Microsoft, Certifications, and Diversity
Working at Microsoft, Certifications, and DiversityWorking at Microsoft, Certifications, and Diversity
Working at Microsoft, Certifications, and Diversity
George Walters
 
Customer migration to azure sql database from on-premises SQL, for a SaaS app...
Customer migration to azure sql database from on-premises SQL, for a SaaS app...Customer migration to azure sql database from on-premises SQL, for a SaaS app...
Customer migration to azure sql database from on-premises SQL, for a SaaS app...
George Walters
 
Microsoft SQL server 2017 Level 300 technical deck
Microsoft SQL server 2017 Level 300 technical deckMicrosoft SQL server 2017 Level 300 technical deck
Microsoft SQL server 2017 Level 300 technical deck
George Walters
 

More from George Walters (6)

Customer migration to Azure SQL database, December 2019
Customer migration to Azure SQL database, December 2019Customer migration to Azure SQL database, December 2019
Customer migration to Azure SQL database, December 2019
 
Inclusion in language and action
Inclusion in language and actionInclusion in language and action
Inclusion in language and action
 
Azure SQL Database Managed Instance - technical overview
Azure SQL Database Managed Instance - technical overviewAzure SQL Database Managed Instance - technical overview
Azure SQL Database Managed Instance - technical overview
 
Working at Microsoft, Certifications, and Diversity
Working at Microsoft, Certifications, and DiversityWorking at Microsoft, Certifications, and Diversity
Working at Microsoft, Certifications, and Diversity
 
Customer migration to azure sql database from on-premises SQL, for a SaaS app...
Customer migration to azure sql database from on-premises SQL, for a SaaS app...Customer migration to azure sql database from on-premises SQL, for a SaaS app...
Customer migration to azure sql database from on-premises SQL, for a SaaS app...
 
Microsoft SQL server 2017 Level 300 technical deck
Microsoft SQL server 2017 Level 300 technical deckMicrosoft SQL server 2017 Level 300 technical deck
Microsoft SQL server 2017 Level 300 technical deck
 

Recently uploaded

Beyond the Basics of A/B Tests: Highly Innovative Experimentation Tactics You...
Beyond the Basics of A/B Tests: Highly Innovative Experimentation Tactics You...Beyond the Basics of A/B Tests: Highly Innovative Experimentation Tactics You...
Beyond the Basics of A/B Tests: Highly Innovative Experimentation Tactics You...
Aggregage
 
原版一比一多伦多大学毕业证(UofT毕业证书)如何办理
原版一比一多伦多大学毕业证(UofT毕业证书)如何办理原版一比一多伦多大学毕业证(UofT毕业证书)如何办理
原版一比一多伦多大学毕业证(UofT毕业证书)如何办理
mkkikqvo
 
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
Predictably Improve Your B2B Tech Company's Performance by Leveraging DataPredictably Improve Your B2B Tech Company's Performance by Leveraging Data
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
Kiwi Creative
 
在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样
在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样
在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样
v7oacc3l
 
一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
z6osjkqvd
 
一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理
一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理
一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理
nyvan3
 
一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理
ywqeos
 
DATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docx
DATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docxDATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docx
DATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docx
SaffaIbrahim1
 
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
nuttdpt
 
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
hqfek
 
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
xclpvhuk
 
原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理
原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理 原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理
原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理
tzu5xla
 
Template xxxxxxxx ssssssssssss Sertifikat.pptx
Template xxxxxxxx ssssssssssss Sertifikat.pptxTemplate xxxxxxxx ssssssssssss Sertifikat.pptx
Template xxxxxxxx ssssssssssss Sertifikat.pptx
TeukuEriSyahputra
 
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
slg6lamcq
 
Open Source Contributions to Postgres: The Basics POSETTE 2024
Open Source Contributions to Postgres: The Basics POSETTE 2024Open Source Contributions to Postgres: The Basics POSETTE 2024
Open Source Contributions to Postgres: The Basics POSETTE 2024
ElizabethGarrettChri
 
一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理
bmucuha
 
一比一原版(harvard毕业证书)哈佛大学毕业证如何办理
一比一原版(harvard毕业证书)哈佛大学毕业证如何办理一比一原版(harvard毕业证书)哈佛大学毕业证如何办理
一比一原版(harvard毕业证书)哈佛大学毕业证如何办理
taqyea
 
The Ipsos - AI - Monitor 2024 Report.pdf
The Ipsos - AI - Monitor 2024 Report.pdfThe Ipsos - AI - Monitor 2024 Report.pdf
The Ipsos - AI - Monitor 2024 Report.pdf
Social Samosa
 
Palo Alto Cortex XDR presentation .......
Palo Alto Cortex XDR presentation .......Palo Alto Cortex XDR presentation .......
Palo Alto Cortex XDR presentation .......
Sachin Paul
 
Sample Devops SRE Product Companies .pdf
Sample Devops SRE Product Companies .pdfSample Devops SRE Product Companies .pdf
Sample Devops SRE Product Companies .pdf
Vineet
 

Recently uploaded (20)

Beyond the Basics of A/B Tests: Highly Innovative Experimentation Tactics You...
Beyond the Basics of A/B Tests: Highly Innovative Experimentation Tactics You...Beyond the Basics of A/B Tests: Highly Innovative Experimentation Tactics You...
Beyond the Basics of A/B Tests: Highly Innovative Experimentation Tactics You...
 
原版一比一多伦多大学毕业证(UofT毕业证书)如何办理
原版一比一多伦多大学毕业证(UofT毕业证书)如何办理原版一比一多伦多大学毕业证(UofT毕业证书)如何办理
原版一比一多伦多大学毕业证(UofT毕业证书)如何办理
 
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
Predictably Improve Your B2B Tech Company's Performance by Leveraging DataPredictably Improve Your B2B Tech Company's Performance by Leveraging Data
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
 
在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样
在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样
在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样
 
一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
一比一原版英属哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
 
一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理
一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理
一比一原版英国赫特福德大学毕业证(hertfordshire毕业证书)如何办理
 
一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)伦敦商学院毕业证如何办理
 
DATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docx
DATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docxDATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docx
DATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docx
 
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
 
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
 
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
 
原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理
原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理 原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理
原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理
 
Template xxxxxxxx ssssssssssss Sertifikat.pptx
Template xxxxxxxx ssssssssssss Sertifikat.pptxTemplate xxxxxxxx ssssssssssss Sertifikat.pptx
Template xxxxxxxx ssssssssssss Sertifikat.pptx
 
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
 
Open Source Contributions to Postgres: The Basics POSETTE 2024
Open Source Contributions to Postgres: The Basics POSETTE 2024Open Source Contributions to Postgres: The Basics POSETTE 2024
Open Source Contributions to Postgres: The Basics POSETTE 2024
 
一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理
 
一比一原版(harvard毕业证书)哈佛大学毕业证如何办理
一比一原版(harvard毕业证书)哈佛大学毕业证如何办理一比一原版(harvard毕业证书)哈佛大学毕业证如何办理
一比一原版(harvard毕业证书)哈佛大学毕业证如何办理
 
The Ipsos - AI - Monitor 2024 Report.pdf
The Ipsos - AI - Monitor 2024 Report.pdfThe Ipsos - AI - Monitor 2024 Report.pdf
The Ipsos - AI - Monitor 2024 Report.pdf
 
Palo Alto Cortex XDR presentation .......
Palo Alto Cortex XDR presentation .......Palo Alto Cortex XDR presentation .......
Palo Alto Cortex XDR presentation .......
 
Sample Devops SRE Product Companies .pdf
Sample Devops SRE Product Companies .pdfSample Devops SRE Product Companies .pdf
Sample Devops SRE Product Companies .pdf
 

Organizational compliance and security SQL 2012-2019 by George Walters

  • 1. Microsoft SQL Server 2012 – 2017 (with 2019 CTP 2.3 Preview) Organizational Security & Compliance George Walters Senior Partner Technical Strategist for ISV Partners george.walters@microsoft.com @geo_walters on twitter https://www.linkedin.com/in/georgewalters/
  • 2.
  • 3. Why is security important? 4 https://www.identityforce.com/blog/2019-data-breaches UConn Health February 22, 2019: In another major data breach of a university health facility, patients of UConn Health have had their personal information exposed after a third party accessed employee email accounts. About 326,000 people were affected in the breach, which compromised names, dates of birth, addresses, Social Security numbers, and limited medical information. Dow Jones March 1, 2019: A database containing 2,418,862 identity records on government officials and politicians from every country in the world was leaked online from a Dow Jones watchlist. The watchlist is compiled from publicly available information on prominent individuals who have the ability to embezzle money, accept bribes, or launder funds. Rush University Medical Center March 4, 2019: About 45,000 patients of Chicago-based Rush health system were exposed in a data breach. Names, addresses, birthdays, Social Security numbers, and health insurance information were compromised after an employee disclosed billing documents to an unauthorized third party. Health Alliance Plan March 6, 2019: The protected medical information of 120,000 patients has been exposed in a Health Alliance Plan data breach. The names, addresses, dates of birth, member ID numbers, healthcare provider names, patient ID numbers, and claim information were compromised after a ransomware attack infiltrated Wolverine Solutions Group, a third-party vendor who manages the network’s mailing services. https://www.zdnet.com/article/citrix-discloses-security-breach-of-internal-network/ CITRIX March 8, 2019: “hackers accessed and downloaded business documents, but Citrix wasn't able to identify what specific documents had been stolen at the time of his announcement today.”
  • 4. Progress on SQL Engine security … A Journey through time 5
  • 5.
  • 6. ASE256 for backup keys SHA512 for password hashes Built-in cryptography hierarchy Transparent data encryption Extensible key management Sign code modules Encrypted connection on-premises and in Azure SQL database Audit, TDE, Always Encrypted in Azure SQL database or Azure SQL Managed Instance Beginning with SQL Server 2016, all algorithms other than AES128, AES192, and AES256 are deprecated. To use older algorithms (not recommended) you must set the database to database compatibility level 120 or lower.
  • 7.
  • 8. USE master; GO CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<UseStrongPasswordHere>'; Go CREATE CERTIFICATE MyServerCert WITH SUBJECT = 'My DEK Certificate'; go USE AdventureWorks2012; GO -- RED ALERT: BACKUP THE CERTIFICATE !!! CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE MyServerCert; GO ALTER DATABASE AdventureWorks2016 SET ENCRYPTION ON; GO
  • 9. allow flexible database access for better separation of duties
  • 10.
  • 11. Performance Security Availability Scalability Operational analytics Insights on operational data; Works with in-memory OLTP and disk-based OLTP In-memory OLTP enhancements Greater T-SQL surface area, terabytes of memory supported, and greater number of parallel CPUs Query data store Monitor and optimize query plans Native JSON Expanded support for JSON data Temporal database support Query data as points in time Always encrypted Sensitive data remains encrypted at all times with ability to query Row-level security Apply fine-grained access control to table rows Dynamic data masking Real-time obfuscation of data to prevent unauthorized access Other enhancements Audit success/failure of database operations TDE support for storage of in- memory OLTP tables Enhanced auditing for OLTP with ability to track history of record changes Enhanced AlwaysOn Three synchronous replicas for auto failover across domains Round robin load balancing of replicas Automatic failover based on database health DTC for transactional integrity across database instances with AlwaysOn Support for SSIS with AlwaysOn Enhanced database caching Cache data with automatic, multiple TempDB files per instance in multi- core environments Mission-critical performance
  • 12. Always Encrypted SQL Server 2016+ Azure SQL Database Azure SQL Managed Instance
  • 13. Prevents Data Disclosure Client-side encryption of sensitive data using keys that are never given to the database system. Queries on Encrypted Data Support for equality comparison, incl. join, group by and distinct operators. Application Transparency Minimal application changes via server and client library enhancements. Allows customers to securely store sensitive data outside of their trust boundary. Data remains protected from high-privileged, yet unauthorized users. Benefits of Always Encrypted
  • 14. dbo.Patients Jane Doe Name 243-24-9812 SSN USA Country Jim Gray 198-33-0987 USA John Smith 123-82-1095 USA dbo.Patients Jane Doe Name 1x7fg655se2e SSN USA Jim Gray 0x7ff654ae6d USA John Smith 0y8fj754ea2c USA Country Result Set Jim Gray Name Jane Doe Name 1x7fg655se2e SSN USA Country Jim Gray 0x7ff654ae6d USA John Smith 0y8fj754ea2c USA dbo.Patients SQL Server Query TrustedApps SELECT Name FROM Patients WHERE SSN=@SSN @SSN='198-33-0987' Result Set Jim Gray Name SELECT Name FROM Patients WHERE SSN=@SSN @SSN=0x7ff654ae6d Column Encryption Key Enhanced ADO.NET Library Column Master Key Client side Always Encrypted Help protect data at rest and in motion, on-premises & cloud ciphertext
  • 15. Randomized encryption Encrypt('123-45-6789') = 0x17cfd50a Repeat: Encrypt('123-45-6789') = 0x9b1fcf32 Allows for transparent retrieval of encrypted data but NO operations More secure Deterministic encryption Encrypt('123-45-6789') = 0x85a55d3f Repeat: Encrypt('123-45-6789') = 0x85a55d3f Allows for transparent retrieval of encrypted data AND equality comparison E.g. in WHERE clauses and joins, distinct, group by Two types of encryption available Randomized encryption uses a method that encrypts data in a less predictable manner Deterministic encryption uses a method which always generates the same encrypted value for any given plain text value Types of Encryption for Always Encrypted
  • 16. Security Officer 1. Generate CEKs and Master Key 2. Encrypt CEK 3. Store Master Key Securely 4. Upload Encrypted CEK to DB CMK Store: Certificate Store HSM Azure Key Vault … Encrypted CEK Column Encryption Key (CEK) Column Master Key (CMK) Key Provisioning CMK Database Encrypted CEK
  • 17. Param Encryption Type/ Algorithm Encrypted CEK Value CMK Store Provider Name CMK Path @Name Non-DET/ AES 256 CERTIFICATE _STORE Current User/ My/f2260… EXEC sp_execute_sql N'SELECT * FROM Customers WHERE SSN = @SSN' , @params = N'@SSN VARCHAR(11)', @SSN=0x7ff654ae6d Param Encryption Type/ Algorithm Encrypted CEK Value CMK Store Provider Name CMK Path @SSN DET/ AES 256 CERTIFICATE _STORE Current User/ My/f2260… Enhanced ADO.NET Plaintext CEK Cache exec sp_describe_parameter_encryption @params = N'@SSN VARCHAR(11)' , @tsql = N'SELECT * FROM Customers WHERE SSN = @SSN' Result set (ciphertext) Name Jim Gray Result set (plaintext) using (SqlCommand cmd = new SqlCommand( "SELECT Name FROM Customers WHERE SSN = @SSN“ , conn)) { cmd.Parameters.Add(new SqlParameter( "@SSN", SqlDbType.VarChar, 11).Value = "111-22-3333"); SqlDataReader reader = cmd.ExecuteReader(); Client - Trusted SQL Server - Untrusted Encryptionmetadata Name 0x19ca706fbd9 Encryptionmetadata CMK Store Example
  • 18. Select columns to be encrypted Analyze schema and application queries to detect conflicts (build time)Set up the keys: master & CEK Static schema analysis tool (SSDT only) UI for selecting columns (no automated data classification) Key setup tool to automate selecting CMK, generating and encrypting CEK and uploading key metadata to the database Setup (SSMS or SSDT) User Experience: SSMS or SSDT (Visual Studio)
  • 19. Existing App – Setup User Experience: SSMS or SSDT (Visual Studio) UI for selecting columns (no automated data classification) Select candidate columns to be encrypted Analyze schema and application queries to detect conflicts and identify optimal encryption settings Set up the keys Encrypt selected columns while migrating the database to a target server (e.g. in Azure SQL Database Key Setup tool to streamline selecting CMK, generating and encrypting CEK and uploading key metadata to the database Encryption tool creating new (encrypted) columns, copying data from old (plain text) columns, swapping columns and re- creating dependencies Select desired encryption settings for selected columns UI for configuring encryption settings on selected columns (accepting/editing recommendations from the analysis tool) Schema/workload analysis tool analyzing the schema and profiler logs
  • 20. Data remains encrypted during query Summary: Always encrypted Protect data at rest and in motion, on-premises & cloud Capability ADO.Net client library provides transparent client-side encryption, while SQL Server executes T-SQL queries on encrypted data Benefits Apps TCE-enabled ADO .NET library SQL ServerEncrypted query Columnar key No app changes Master key
  • 21. Row-Level Security SQL Server 2016 Azure SQL Database
  • 22. Fine-grained access control over specific rows in a database table Help prevent unauthorized access when multiple users share the same tables, or to implement connection filtering in multitenant applications Administer via SQL Server Management Studio or SQL Server Data Tools Enforcement logic inside the database and schema bound to the table. Protect data privacy by ensuring the right access across rows SQL Database Customer 1 Customer 2 Customer 3 Row-level security
  • 23. Fine-grained access control Keeping multi-tenant databases secure by limiting access by other users who share the same tables. Application transparency RLS works transparently at query time, no app changes needed. Compatible with RLS in other leading products. Centralized security logic Enforcement logic resides inside database and is schema-bound to the table it protects providing greater security. Reduced application maintenance and complexity. Store data intended for many consumers in a single database/table while at the same time restricting row-level read & write access based on users’ execution context. Benefits of row-level security
  • 24. CREATE SECURITY POLICY mySecurityPolicy ADD FILTER PREDICATE dbo.fn_securitypredicate(wing, startTime, endTime) ON dbo.patients Predicate function User-defined inline table-valued function (iTVF) implementing security logic Can be arbitrarily complicated, containing joins with other tables Security predicate Applies a predicate function to a particular table (SEMIJOIN APPLY) Two types: filter predicates and blocking predicates Security policy Collection of security predicates for managing security across multiple tables Row Level Security Concepts
  • 25. CREATE FUNCTION dbo.fn_securitypredicate(@wing int) RETURNS TABLE WITH SCHEMABINDING AS return SELECT 1 as [fn_securitypredicate_result] FROM StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND @wing = d.Wing; CREATE SECURITY POLICY dbo.SecPol ADD FILTER PREDICATE dbo.fn_securitypredicate(Wing) ON Patients WITH (STATE = ON) Fine-grained access control over rows in a table based on one or more pre-defined filtering criteria, e.g., user’s role or clearance level in organization. Concepts: Predicate function Security policy Example
  • 26. Two App user (e.g., nurse) selects from Patients table Three Security Policy transparently rewrites query to apply filter predicate Database Policy Manager CREATE FUNCTION dbo.fn_securitypredicate(@wing int) RETURNS TABLE WITH SCHEMABINDING AS return SELECT 1 as [fn_securitypredicate_result] FROM StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND @wing = d.Wing; CREATE SECURITY POLICY dbo.SecPol ADD FILTER PREDICATE dbo.fn_securitypredicate(Wing) ON Patients WITH (STATE = ON) Filter Predicate: INNER JOIN… Security Policy Application Patients One Policy manager creates filter predicate and security policy in T-SQL, binding the predicate to the Patients table Nurse SELECT * FROM Patients SELECT * FROM Patients SEMIJOIN APPLY dbo.fn_securitypredicate(patients.Wing); SELECT Patients.* FROM Patients, StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND Patients.wing = d.Wing; RLS in Three Steps
  • 27. Creates a security policy for row level security. The following examples demonstrate the use of the CREATE SECURITY POLICY syntax. For an example of a complete security policy scenario, see Row Level Security. Create Security Policy -- The following syntax creates a security policy with a filter predicate for the Customer table, and leaves the security policy disabled CREATE SECURITY POLICY [FederatedSecurityPolicy] ADD FILTER PREDICATE [rls].[fn_securitypredicate]([CustomerId]) ON [dbo].[Customer]; -- Create a new schema and predicate function, which will use the application user ID stored in CONTEXT_INFO to filter rows. CREATE FUNCTION rls.fn_securitypredicate (@AppUserId int) RETURNS TABLE WITH SCHEMABINDING AS RETURN ( SELECT 1 AS fn_securitypredicate_result WHERE DATABASE_PRINCIPAL_ID() = DATABASE_PRINCIPAL_ID('dbo') -- application context AND CONTEXT_INFO() = CONVERT(VARBINARY(128), @AppUserId); GO
  • 28. Dynamic Data Masking SQL Server 2016 Azure SQL Database
  • 29. Configuration made easy in the new Azure portal Policy-driven at the table and column level, for a defined set of users Data masking applied in real-time to query results based on policy Multiple masking functions available (e.g. full, partial) for various sensitive data categories (e.g. Credit Card Numbers, SSN, etc.) Azure SQL Database SQL Server 2016 CTP2+ Table.CreditCardNo 4465-6571-7868-5796 4468-7746-3848-1978 4484-5434-6858-6550 Real-time data masking; partial masking Dynamic Data Masking Prevent the abuse of sensitive data by hiding it from users
  • 30. Audit success/failure of database operations Enhanced auditing for OLTP with ability to track history of record changes Transparent Data Encryption support for storage of In- memory OLTP Tables Backup encryption now supported with compression Other security enhancements
  • 31. gMSA support Group Managed Service Accounts (gMSA) Automatically set domain scope for Managed Service Accounts Automatic password rotation Much more secure than regular domain accounts Enables cross-system security context Why would I want a gMSA? No need to manually change passwords on all AlwaysOn instances How does it work? Passwords are managed by domain What versions will it be supported in? Supported in SQL Server 2014 and SQL Server 2016
  • 32. Domain-independent Availability Groups Environments supported: Cross domains (with trust) Cross domains (no trust) No domain at all Cluster management via PowerShell only SQL management as normal Use of certificate-secured endpoints like DBM What versions will it be supported in? SQL Server 2016 SQL 2017: Cross-Windows-and-Linux Availability Groups
  • 33. SQL 2017 new Security Features .NET CLR (common language runtime) CLR uses Code Access Security (CAS) in the .NET Framework, which is no longer supported as a security boundary. (Safe might no longer be safe!) sp_configure option called clr strict security is introduced to enhance the security of CLR assemblies. New Permissions DATABASE SCOPED CREDENTIAL is now a class of securable, supporting CONTROL, ALTER, REFERENCES, TAKE OWNERSHIP, and VIEW DEFINITION permissions. ADMINISTER DATABASE BULK OPERATIONS, which is restricted to SQL Database, is now visible in sys.fn_builtin_permissions.
  • 34. SQL 2019 CTP 2.3 new Security Features Certificate management is now integrated into the SQL Server Configuration Manager, simplifying common tasks such as: • Viewing and validating certificates installed in a SQL Server instance. • Viewing certificates close to expiration. • Deploy certificates across machines participating in Always On Availability Groups (from the node holding the primary replica). • Deploy certificates across machines participating in a failover cluster instance (from the active node).
  • 35. SQL Server Security Center https://docs.microsoft.com/en-us/sql/relational-databases/security/security- center-for-sql-server-database-engine-and-azure-sql-database SQL Server Security Documentation (2016) (Change number for version) https://docs.microsoft.com/en-us/sql/database-engine/whats-new-in-sql-server- 2016#Security SQL Server 2017 New Features https://docs.microsoft.com/en-us/sql/database-engine/whats-new-in-sql-server- 2017 SQL Injection Resources https://docs.microsoft.com/en-us/sql/relational-databases/security/sql- injection Security resources
  • 36. End-to-end mobile BI on any device Choice of platform and language Most secure over the last 7 years 0 20 40 60 80 100 120 140 160 180 200 1 2 3 4 5 6 Vulnerabilities(2010-2016) A fraction of the cost Self-serviceBIperuser Only commercial DB with AI built-in Microsoft Tableau Oracle $120 $480 $2,230 Industry-leading performance 1/10 Most consistent data platform #1 TPC-H performance 1TB, 10TB, 30TB #1 TPC-E performance #1 price/performance T-SQL Java C/C++ C#/VB.NET PHP Node.js Python Ruby R R and Python + in-memory at massive scale Native T-SQL scoring SQL SERVER 2017 INDUSTRY-LEADING PERFORMANCE AND SECURIT Y NOW ON LINUX AND DOCKER Private cloud Public cloud In-memory across all workloads 1/10th the cost of Oracle
  • 37. Thank you! george.walters@microsoft.com @geo_walters on twitter Blog: https://georgewalters.wordpress.com/ Resources: SQL Server Blog: https://cloudblogs.microsoft.com/sqlserver/ Microsoft Documentation (Pretty good nowadays!) https://docs.microsoft.com/en-us/ Learning via docs: https://docs.microsoft.com/en-us/learn/ Hands-on labs: https://www.microsoft.com/handsonlabs In-Person events: https://events.microsoft.com/ SQL Saturday (Centered around Microsoft data platform): http://www.sqlsaturday.com Microsoft virtual academy: https://mva.microsoft.com/ EdX has tons of material: https://www.edx.org/course?search_query=microsoft