Securing your data with Azure SQL DB

•Download as PPTX, PDF•

1 like•168 views

The document discusses best practices for securing data in Azure SQL DB, including: 1. Setting firewall rules for virtual networks to restrict server access. 2. Using transparent data encryption to encrypt data at the cell, column, or row level. 3. Enabling auditing and threat detection to monitor vulnerabilities and detect threats. 4. Implementing dynamic data masking to hide sensitive data from unauthorized users.

Technology

Securing your data with
Azure SQL DB
Eng Soon Cheah

‘ ’ OR ‘1’ =‘1’;
SELECT id FROM customer data WHERE
username=‘ ‘ AND password=‘ ‘ OR
‘1’=‘1’;
SQLSaturday#893 – Singapore

SELECT id From customer_data WHERE
username=‘ ‘ AND password=‘ ‘ OR
username=‘jsmith’;
SQLSaturday#893 – Singapore

Agenda
Misconfigured Azure SQL?
Best Practices for Secure Databases
• Firewall Rule for Virtual Networks
• Transparent Data Encryption
• Auditing & Threat Detection
• Dynamic Data Masking

Risks to misconfigured Azure
SQL?
• Restricted Server Access
• Data Encryption
• Resource Locks
• Auto Failover Groups
• Database Auditing
• Audit Retention
SQLSaturday#893 – Singapore

(a)Set Server Firewall for Azure
SQL Databases
SQLSaturday#893 – Singapore

(b) Service Endpoints on Virtual
Network
SQLSaturday#893 – Singapore

3 ways to encrypt
• Cell-level encryption
• Always Encrypted
• Row-Level Security
SQLSaturday#893 – Singapore

Configuring TDE at the Database
level
SQLSaturday#893 – Singapore

Configuring to use your own Key
with TDE
SQLSaturday#893 – Singapore

Best Practices for database
threat protection
• Discover, classify, and label the
sensitive data in your databases.
• Track database vulnerabilities so you
can proactively improve your
database security.
• Enable threat detection.
SQLSaturday#893 – Singapore

Configurations
SQLSaturday#893 – Singapore

Enabling at Database level vs
Server level
SQLSaturday#893 – Singapore

Feature Basics
SQLSaturday#893 – Singapore

Adding Masking Rules
SQLSaturday#893 – Singapore

References
Twitter : @CheahEngSoon
YouTube :
youtube.com/c/engsooncheah
Blog:
Dev.to/cheahengsoon
SQLSaturday#893 – Singapore

Video: http://youtu.be/B-bTPSwhsDY Abstract Patrick McFadin (@PatrickMcFadin), Chief Evangelist for Apache Cassandra at DataStax, will be presenting an introduction to Cassandra as a key player in database technologies. Both large and small companies alike chose Apache Cassandra as their database solution and Patrick will be presenting on why they made that choice. Patrick will also be discussing Cassandra's architecture, including: data modeling, time-series storage and replication strategies, providing a holistic overview of how Cassandra works and the best way to get started. About Patrick McFadin Prior to working for DataStax, Patrick was the Chief Architect at Hobsons, an education services company. His responsibilities included ensuring product availability and scaling for all higher education products. Prior to this position, he was the Director of Engineering at Hobsons which he came to after they acquired his company, Link-11 Systems, a software services company. While at Link-11 Systems, he built the first widely popular CRM system for universities, Connect. He obtained a BS in Computer Engineering from Cal Poly, San Luis Obispo and holds the distinction of being the only recipient of a medal (asanyone can find out) for hacking while serving in the US Navy.

SQL azure database for DBA

Isabelle Van Campenhoudt

The document discusses a SQL Server event organized by GUSS in France. It includes an agenda for presentations on SQL Database and Azure data and storage services. Key topics covered include: - Getting started with SQL Database on Azure and differences from SQL Server on VMs. - SQL Database service tiers (basic, standard, premium) and their performance and storage capabilities. - Elastic pools and tools for scaling databases. - Monitoring database performance and tuning indexes. - Security features including configuring firewalls, authentication, and auditing databases. - Backup, migration and disaster recovery options like geo-replication.

Journey to cloud openstack nexus ipma 2013

Colin McNamara

Azure key vault - Brisbane User Group

Rahul Nath

This document provides an overview of Azure Key Vault, a cloud service for securely storing and accessing secrets. It discusses how Key Vault can be used to store encryption keys, passwords, and certificates. Key Vault uses hardware security modules to cryptographically protect secrets and can be accessed via REST APIs. The document demonstrates how to create a Key Vault, add a secret, and consume that secret from an application using either a service principal or managed service identity.

Cassandra Adoption on Cisco UCS & Open stack

DataStax Academy

Cisco has a large global IT infrastructure supporting many applications, databases, and employees. The document discusses Cisco's existing customer service and commerce systems (CSCC/SMS3) and some of the performance, scalability, and user experience issues. It then presents a proposed new architecture using modern technologies like Elasticsearch, Cassandra, and microservices to address these issues and improve agility, performance, scalability, uptime, and the user interface.

Scylla Cloud on Display: Functionality, Performance and Demos

ScyllaDB

Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault

Tom Kerkhove

AWS Cost Control: Cloud Custodian

OlinData

This document outlines strategies for optimizing AWS costs based on the lessons learned from Scrooge McDuck. It discusses using the right instance types, reserved instances, spot instances, monitoring usage, redesigning architecture, and removing idle and unnecessary resources. It provides examples of policies for automatically stopping and starting test environments outside of business hours to save on costs. Specifically, it shows policies for suspending auto scaling groups, stopping EC2 instances and RDS databases in test environments during off hours, and resuming them during on hours.

This document discusses monitoring real-life Azure applications. It provides an overview of the Azure monitoring tools and services including Application Insights, Log Analytics, Azure Monitor, Activity Logs, and Azure Security Center. It explains how these tools can be used to monitor applications, hosts, infrastructure, and platforms. The document also discusses collecting and analyzing Azure logs and metrics across multiple subscriptions and accounts for security monitoring in an enterprise environment.

Using Vault for your Nodejs Secrets

Taswar Bhatti

IT Camp 19: Top Azure security fails and how to avoid them

Karl Ots

Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...

Nagios

TechDays Finland 2020: Best practices of securing web applications running on...

Karl Ots

The multitude of security controls and guidelines for both Kubernetes and Azure can be overwhelming. Based on real-life experiences from securing web applications running on Azure Kubernetes Service, Karl has compiled a list of best practices that bring them together. In this session, you will learn how to build, operate and develop secure web applications on top of Azure Kubernetes Service. After this session, you will know which security controls are available, how effective they are and what will be the cost of implementing them.

Philipp Krenn - Host your database in the cloud, they said... - NoSQL matters...

NoSQLmatters

More than two years ago we faced the decision whether to run our MongoDB database on Amazon's EC2 ourselves or to rely on a Database as a Service provider. Common wisdom told us that a well known provider, focusing all its knowledge and energy on running MongoDB, would be a better choice than us trying it on the side. Well, this talk describes what can go wrong, since we have seen a lot of interesting minor and major hiccups — including stopped instances, broken backups, a major security incident, and more broken backups. Additionally, we discuss some reasons why a hosted solution is not always the better choice and which new challenges arise from it.

Geo Searches for Health Care Pricing Data with MongoDB

Robert Stewart

BSides Portland - Attacking Azure Environments with PowerShell

Karl Fosaaen

For a multitude of reasons, many organizations are moving their operations to the cloud. Along with this, many organizations are introducing old vulnerabilities in new ways. As one of the top cloud providers, Microsoft Azure has had significant adoption and continues to grow in market share. As part of this increase in adoption, there has also been an increase in demand for security testing of Azure environments. Given the blended nature of hosted services, PAAS, and virtual infrastructure, it can be difficult to get a handle on how to properly secure these environments. Reviewing Azure environments can also be time consuming given the lack of automated tools for dumping configuration information. MicroBurst is a set of PowerShell tools that helps automate the processes of dumping and reviewing Microsoft Azure configurations. This talk will go over the ways that pen testers and defenders can use MicroBurst to dump out the configuration information for an Azure environment, and identify common configuration issues. Security testers will benefit from the speed of dumping environment credentials for pivoting, listing out publicly available services and files, and enumerating additional targets for phishing and password guessing attacks. As an added bonus, defenders can also use these tools to audit their environment for weak spots.

Overview of secret management solutions and architecture

Yuechuan (Mike) Chen

The document provides an overview of secret management solutions and architectures. It discusses what secrets are and why secret management is important. Some key points: - Secrets include authentication credentials, API keys, passwords, and certificates that need access control. As services increase, so do secrets. - An ideal secret management solution provides security, encryption, access control, auditing, ease of use, and integration with other tools. - Version control systems and orchestration tools like Kubernetes can be used for secrets but have limitations compared to dedicated secret management solutions. - AWS offers Parameter Store, Secrets Manager, and KMS for secret management. Parameter Store is generally recommended, while Secrets Manager is better for database

Developing on SQL Azure

Ike Ellis

1) The document provides an overview of 5 key things developers should know about SQL Azure, including how to set up a connection string, issues of throttling and errors, tools for migration and management, and performance tuning tips. 2) Throttling occurs when a session acquires too many locks or resources and causes errors like 40501, and developers need retry logic to handle errors and disconnects. 3) Tools for SQL Azure include the SQL Azure Database Manager, SSMS 2008 R2, and the migration wizard. 4) Performance can be improved by addressing indexing, minimizing round trips, using connection pooling, and caching/batching data access.

Deep Dive DMG (september update)

Jean-Pierre Riehl

--session donnée lors du SQL Saturday Torino 2015-- http://www.sqlsaturday.com/454/EventHome.aspx Data Management Gateway (classic, personal, AS connector) is what make modern Microsoft BI stack hybrid. Power BI (v1 and v2) and Azure Data Factory use that component to interact with On-Prem Data assets. That session is a Deep dive into the DMG and the hybrid architecture involved by Power BI and ADF. How does it work ? Security, Firewall, Certificates, Multiple gateways, Admin delegation, Scale out, Disaster Recovery…. All that topics will be covered during that technical session.

Top 13 best security practices for Azure

Radu Vunvulea

2014.11.22 Azure for Sql Server Developer - SQLSAT355 Parma

Marco Parenzan

This document contains information from a presentation by Marco Parenzan on using Azure for SQL Server development. The presentation covers using Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) options on Azure for handling relational data. It discusses using virtual machines, Azure SQL Database, features like automatic scaling and backups, and demonstrates functionality like creating SQL backups to Azure storage. The agenda also includes operations, development, and business intelligence experiences on Azure.

Practical SQL Azure: Moving into the cloud

Timothy Corey

This document provides an overview and demonstration of moving a database into Microsoft Azure SQL. It begins with an introduction and roadmap of topics to be covered, which include an overview of SQL Azure, migrating a local database to the cloud, and best practices. The presentation then demonstrates how to set up a SQL database in Azure, configure database settings, fix incompatibilities when migrating a database, package a database using BACPAC files, and directly deploy a database to Azure SQL. It concludes with a section on SQL Azure best practices related to data security, safety and availability.

Chef as a One-Stop Solution on Microsoft Azure

Karsten Müller

Auckland SQL Saturday - Azure Data Lake

Sergio Zenatti Filho

This document discusses harnessing the power of big data using Azure Data Lake. It provides an overview of Azure Data Lake Store for unlimited storage of data in its native format, Azure Data Lake Analytics for running analytics jobs on big data, and U-SQL for writing queries. It includes a demo of Data Lake Store and Analytics. The document aims to explain what a data lake is and how the Azure Data Lake services can be used to ingest, store, analyze and query big data.

Secure Azure Deployment Patterns

kieranjacobsen

Microsoft has provided an almost unlimited number of ways for you to securely deploy Azure resources; but people continue to make simple mistakes. In 2017 many organisations had breaches due to poor cloud deployment practices. In this session, you’ll learn how to use Azure Resource Manager (ARM) templates to deploy resources in a secure manner. This session will look at Azure Storage, App Services, SQL, Virtual Machines and Virtual Networks. I'll discuss the costs, benefits and trade-offs of different design patterns and how you can secure your deployment pipelines.

いそがしいひとのための Microsoft Ignite 2018 + 最新情報 Data & AI 編

Miho Yamamoto

This document summarizes announcements from Microsoft Ignite 2018 related to data and AI. Some of the key announcements include general availability of Azure Cosmos DB multi-master and Cassandra API, preview of Azure SQL Database Hyperscale, flexible restore points for Azure SQL Data Warehouse, and preview of Azure Data Explorer for real-time analytics of large datasets. It also discusses updates to services like Azure Machine Learning, Azure Databricks, and HDInsight and previews of new capabilities for databases on Azure.

MongoDB World 2018: Enterprise Security in the Cloud

MongoDB

This document discusses enterprise security in the cloud. It covers identity and access controls, auditing, and encryption. For identity and access, it describes secure access controls like multi-factor authentication, role-based access controls, and dedicated virtual private clouds (VPCs). For auditing, it outlines activity logs, monitoring and alerts, and a real-time activity panel. For encryption, it discusses key management, different encryption service levels, and key service differences between AWS, GCP and Azure.

MongoDB World 2018: Enterprise Cloud Security

MongoDB

Sql Azure - St. Louis Day of .NET

Aaron King

The document discusses SQL Azure, a scalable cloud-based data storage and query processing service built on Microsoft SQL Server and Windows Server technologies. It provides the benefits of SQL Azure including robust SQL support, ease of application development, scalability, availability, security, and a strong service level agreement. The document also covers features of SQL Azure like unlimited storage, pay-as-you-go pricing, and compares it to on-premise SQL Server. It concludes with demos and taking questions.

Cassandra's Odyssey @ Netflix

Roopa Tangirala

This talk will walk through the journey of Cassandra at Netflix. It will go into 3-4 specific use cases where Cassandra stands out than the rest of the data-stores and is being used in Netflix, bringing great viewing experience to all customers globally. Roopa will go into the specifics of the data model being used and where Cassandra stands out with its strengths and which places where they learnt the hard way. Roopa will then share some of the best practices and self service platform being used for Cassandra to cater to their developer needs.

What's hot

FAUG Jyväskylä 28.5.2019 - Azure Monitoring

Karl Ots

Using Vault for your Nodejs Secrets

Taswar Bhatti

IT Camp 19: Top Azure security fails and how to avoid them

Karl Ots

Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...

Nagios

TechDays Finland 2020: Best practices of securing web applications running on...

Karl Ots

Philipp Krenn - Host your database in the cloud, they said... - NoSQL matters...

NoSQLmatters

Geo Searches for Health Care Pricing Data with MongoDB

Robert Stewart

BSides Portland - Attacking Azure Environments with PowerShell

Karl Fosaaen

Overview of secret management solutions and architecture

Yuechuan (Mike) Chen

What's hot (9)

FAUG Jyväskylä 28.5.2019 - Azure Monitoring

Using Vault for your Nodejs Secrets

IT Camp 19: Top Azure security fails and how to avoid them

Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...

TechDays Finland 2020: Best practices of securing web applications running on...

Philipp Krenn - Host your database in the cloud, they said... - NoSQL matters...

Geo Searches for Health Care Pricing Data with MongoDB

BSides Portland - Attacking Azure Environments with PowerShell

Overview of secret management solutions and architecture

Similar to Securing your data with Azure SQL DB

Developing on SQL Azure

Ike Ellis

Deep Dive DMG (september update)

Jean-Pierre Riehl

Top 13 best security practices for Azure

Radu Vunvulea

2014.11.22 Azure for Sql Server Developer - SQLSAT355 Parma

Marco Parenzan

Practical SQL Azure: Moving into the cloud

Timothy Corey

Chef as a One-Stop Solution on Microsoft Azure

Karsten Müller

Auckland SQL Saturday - Azure Data Lake

Sergio Zenatti Filho

Secure Azure Deployment Patterns

kieranjacobsen

いそがしいひとのための Microsoft Ignite 2018 + 最新情報 Data & AI 編

Miho Yamamoto

MongoDB World 2018: Enterprise Security in the Cloud

MongoDB

MongoDB World 2018: Enterprise Cloud Security

MongoDB

Sql Azure - St. Louis Day of .NET

Aaron King

Cassandra's Odyssey @ Netflix

Roopa Tangirala

Data weekender4.2 azure purview erwin de kreuk

Erwin de Kreuk

This document provides information about Azure Purview and its capabilities for unified data governance. It discusses: - Azure Purview allows for automated discovery of data across on-premises, multicloud and SaaS sources through its data map. It enables classification, lineage tracking and compliance. - The data catalog provides semantic search and browse capabilities along with a business glossary and data lineage visualizations. - Insights features provide reporting on assets, scans, the business glossary, classifications and labeling to give visibility into data usage across the organization. - The document demonstrates registering and scanning a Power BI tenant to discover data with Azure Purview.

SQL Server 2016 New Security Features

Gianluca Sartori

This document provides an overview and summary of new security features in SQL Server 2016, including Always Encrypted for encrypting sensitive data at the column level, Dynamic Data Masking for masking sensitive data rather than encrypting it, and Row Level Security for fine-grained access control at the row level. Always Encrypted allows queries on encrypted data and provides application transparency. Dynamic Data Masking masks sensitive data on the result set without requiring application changes. Row Level Security uses security predicates and policies to centrally define and apply row-level access control logic within the database.

Enterprise-class security with PostgreSQL - 1

Ashnikbiz

Azure Data Lake and Azure Data Lake Analytics

Waqas Idrees

This document provides an overview and introduction to Azure Data Lake Analytics. It begins with defining big data and its characteristics. It then discusses the history and origins of Azure Data Lake in addressing massive data needs. Key components of Azure Data Lake are introduced, including Azure Data Lake Store for storing vast amounts of data and Azure Data Lake Analytics for performing analytics. U-SQL is covered as the query language for Azure Data Lake Analytics. The document also touches on related Azure services like Azure Data Factory for data movement. Overall it aims to give attendees an understanding of Azure Data Lake and how it can be used to store and analyze large, diverse datasets.

Cloud First: Be Prepared

Alan Eardley

The document discusses moving workloads to the cloud using Microsoft Azure. It defines Azure as a set of cloud services that allow building, managing and deploying applications. It provides considerations for different cloud models like SaaS, IaaS and PaaS. It also outlines potential hurdles in moving to the cloud like network topologies, identity management and security. Finally, it discusses planning the migration and provides Azure resources for architecture guidance.

Gateways to Power BI, Connect PowerBI.com to your On-Prem Data

Jean-Pierre Riehl

--session donnée lors du SQLSaturday Madrid 2016-- PowerBI.com is a cloud-based BI platform, enabling from personal to corporate BI. But often, your data lives on-premises, on your desktop, on a shared folder or in your enterprise datawarehouse. Microsoft team built gateways to deal with that. In this session, we will see how to connect, lively or scheduled, your dahsboards to your on-prem data. You'll learn about Personal Gateway and Enterprise Gateway. How does it work. How to configure it. How to maintain it.

Encryption and key management in AWS (SEC304) | AWS re:Invent 2013

Amazon Web Services

This session will discuss the options available for encrypting data at rest and key management in AWS. It will focus on two primary scenarios: (1) AWS manages encryption keys on behalf of the customer to provide automated server-side encryption; (2) the customer manages their own encryption keys using partner solutions and/or AWS CloudHSM. Real-world customer examples will be presented to demonstrate adoption drivers of specific encryption technologies in AWS. Netflix Jason Chan will provide an overview of how NetFlix uses CloudHSM for secure key storage.

Similar to Securing your data with Azure SQL DB (20)

Developing on SQL Azure

Deep Dive DMG (september update)

Top 13 best security practices for Azure

2014.11.22 Azure for Sql Server Developer - SQLSAT355 Parma

Practical SQL Azure: Moving into the cloud

Chef as a One-Stop Solution on Microsoft Azure

Auckland SQL Saturday - Azure Data Lake

Secure Azure Deployment Patterns

いそがしいひとのための Microsoft Ignite 2018 + 最新情報 Data & AI 編

MongoDB World 2018: Enterprise Security in the Cloud

MongoDB World 2018: Enterprise Cloud Security

Sql Azure - St. Louis Day of .NET

Cassandra's Odyssey @ Netflix

Data weekender4.2 azure purview erwin de kreuk

SQL Server 2016 New Security Features

Enterprise-class security with PostgreSQL - 1

Azure Data Lake and Azure Data Lake Analytics

Cloud First: Be Prepared

Gateways to Power BI, Connect PowerBI.com to your On-Prem Data

Encryption and key management in AWS (SEC304) | AWS re:Invent 2013

More from Cheah Eng Soon

Microsoft Defender for Endpoint

Securing your data with Azure SQL DB

Recommended

Recommended

More Related Content

What's hot

What's hot (9)

Similar to Securing your data with Azure SQL DB

Similar to Securing your data with Azure SQL DB (20)

More from Cheah Eng Soon

More from Cheah Eng Soon (20)

Recently uploaded

Recently uploaded (20)

Securing your data with Azure SQL DB

Editor's Notes