Do you think that your data is not secured in the cloud? Is that one of the reasons for you to not migrate at least some workloads there? Things changed in the last few months in terms of Azure security. In this session we will take a closer look at what the features Row Level Security(RLS) and Dynamic Data Masking can do for your business and how they can help you secure your databases.

1. April 25
Boris Hristov, SQL Server MVP
Securing
SQL Azure DB?

2. Thanks to our Sponsors:
Global Sponsor:
Platinum Sponsors:
Swag Sponsors: Media Partners:
With the support of:

3. So who am I?
@BorisHristov

4. That’s not a marketing talk!
Disclaimer:

5. time
coolness
Session’s Timeline
Dynamic Data Masking Row Level Security

6. Dynamic Data
Masking

7. “Have you ever…”

8. SELECT * FROM
dbo.Customers
custid FirstNam
e
LastName PhoneNumber EmailAddress CreditcardNumber
1 Boris Hristov +359889000000 brshristov@live.com 1111-1111-1111-1111
2 Ivan Donev +359889000000 idonev@live.com 2222-2222-2222-2222
3 Stanislav Zhelyaskov +359889000000 szhelyaskov@live.com 3333-3333-3333-3333
4 Ivan Minchev +359889000000 iminchev@live.com 4444-4444-4444-4444

9. custid FirstNam
e
LastName PhoneNumbe
r
EmailAddress CreditcardNumber
1 Boris Hristov +359889000000 bxx@xxxx.com xxxx-xxxx-xxxx-1111
2 Ivan Donev +359889000000 ixxx@xxxx.com xxxx-xxxx-xxxx-2222
3 Stanislav Zhelyaskov +359889000000 sxx@xxxx.com xxxx-xxxx-xxxx-3333
4 Ivan Minchev +359889000000 ixx@live.com xxxx-xxxx-xxxx-4444
SELECT * FROM
dbo.Customers

10. Dynamic Data
Masking

11. DEMO
Dynamic Data Masking

12. Row Level
Security

13. “Have you ever…”

14. SELECT * FROM dbo.Orders
orderid custid orderdate shipdate shipcountry
1 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
2 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Norway
3 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Norway
4 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
5 3 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria

15. SELECT * FROM dbo.Orders
orderid custid orderdate shipdate shipcountry
1 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
4 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
5 3 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria

16. How is that
possible?

17. “Ту партс!”

18. -- user defined function
CREATE FUNCTION Security.fn_securitypredicate (@SalesRep AS sysname)
RETURNS TABLE
WITH SCHEMABINDING
AS
RETURN SELECT 1 AS fn_securitypredicate_result
WHERE @SalesRep = USER_NAME()
OR USER_NAME() = 'Manager';
-- security policy
CREATE SECURITY POLICY SalesFilter
ADD FILTER PREDICATE Security.fn_securitypredicate(SalesRep)
ON dbo.Sales WITH (STATE = ON);
No GUI, folks 

19. DEMO
Row Level Security

20. Cool, huh?

21. Not that fast…

22. time
coolness
Session’s Timeline
Dynamic Data Masking Row Level Security

23. DEMO
Row Level Security Issues

24. So is that a
security feature
then?

25. Or is that a
programmability
feature?

26. Summary
There’s a lot going on in SQL Azure DB
Easily mask sensitive data with Dynamic Data Masking
Limit the rows users can see with Row Level Security
Be aware of the current issues of RLS

27. Upcoming events
SQLSaturday #384 on May 30th in Varna!
http://www.sqlsaturday.com/384/

28. Thank you!
Contacts:
brshristov@live.com
www.borishristov.com
@BorisHristov