SlideShare a Scribd company logo

SQL Server 2016 New Security Features

Download as PPTX, PDF
Gianluca Sartori
Gianluca Sartori

This document provides an overview and summary of new security features in SQL Server 2016, including Always Encrypted for encrypting sensitive data at the column level, Dynamic Data Masking for masking sensitive data rather than encrypting it, and Row Level Security for fine-grained access control at the row level. Always Encrypted allows queries on encrypted data and provides application transparency. Dynamic Data Masking masks sensitive data on the result set without requiring application changes. Row Level Security uses security predicates and policies to centrally define and apply row-level access control logic within the database.

Technology
1 of 40
#SQLSAT454 SQL Server 2016 New Security Features Gianluca Sartori @spaghettidba
#SQLSAT454 Sponsors
#SQLSAT454 Gianluca Sartori  Independent SQL Server consultant  SQL Server MVP, MCTS, MCITP, MCT  Works with SQL Server since version 7  DBA @ Scuderia Ferrari  Blog: spaghettidba.com  Twitter: @spaghettidba
#SQLSAT454 Agenda  Security Boundaries  Always Encrypted  Row Level Security  Dynamic Data Masking
#SQLSAT454 Why New Security Features?  SQL Server has plenty security features  TDE  Protects database files and backups at rest  Cell-Level Encryption  Encrypts single values in database tables  SSL  Protects data on the network
#SQLSAT454 Security Boundaries – Open Apps SSMS Database Developer DBA Manager User Software Vendor Unauthorized Users
#SQLSAT454 Security Boundaries – Non Sensitive Apps SSMS Database Developer DBA Manager User Software Vendor Unauthorized Users Copy Copy
#SQLSAT454 Security Boundaries – Sensitive Apps SSMS Database Developer DBA Manager User Software Vendor Unauthorized Users Copy Copy
#SQLSAT454 ALWAYS ENCRYPTED
#SQLSAT454 Always Encrypted – Key Features Prevents Data Disclosure End-to-end encryption of individual columns in a table with keys that are never given to the database system. Queries on Encrypted Data Support for equality comparison, incl. join, group by and distinct operators. Application Transparency Minimal application changes via server and client library enhancements.
#SQLSAT454 Always Encrypted  Sensitive data is encrypted at column level  Data is protected from high-privileged users  DBAs  System Admins  Hackers  Data is stored securely outside security boundaries  The database never sees unencrypted data  Cloud providers  Third-parties
#SQLSAT454 Always Encrypted – How it works App SELECT Name FROM Patients WHERE SSN=@SSN @SSN='198-33-0987' Column Encryption Key Jane Doe Name 1x7fg655se2 e SSN USA Country Jim Gray 0x7ff654ae6d USA John Smith 0y8fj754ea2c USA dbo.Patients Result Set Jim Gray Name Query Application - Trusted SQL Server - Untrusted SELECT Name FROM Patients WHERE SSN=@SSN @SSN=0x7ff654ae6d Enhanced ADO.NET Library SQL Server Native Client .NET 4.6 Column Master Key
#SQLSAT454 Encryption Types  Deterministic Encryption Same plaintext value  Same encrypted value Supports indexing, equality comparison, JOINs, DISTINCT  Randomized Encryption Same plaintext value  Different encrypted value Supports retrieval of encrypted data No SQL operations supported
#SQLSAT454 DEMO Working with Always Encrypted
#SQLSAT454 TDE vs Always Encrypted Always Encrypted TDE Column level Database level Client encryption Server encryption Server doesn’t know encryption keys Server knows encryption keys Data in memory is encrypted Data in memory is in plaintext Data travels the network encrypted Data travels the network in plaintext
#SQLSAT454 Custom encryption vs Always Encrypted Always Encrypted Custom Encryption Slight application changes Needs obtrusive changes Disallows saving plaintext data Plaintext data can be saved by accident Allows indexing of cyphertext * Allows indexing of cyphertext * * depending on encryption algorithm
#SQLSAT454 Always Encrypted - Limitations  Deterministic encryption needs _BIN2 collation  Not all datatypes supported  Partial support for triggers  Unsupported features:  Full-text search  Replication  Change Data Capture  In-Memory OLTP  Stretch Database
#SQLSAT454 What changes for Applications?  ConnectionString must include new key: Column Encryption Setting=enabled;  Ad-hoc queries not supported SELECT SomeColumn FROM SomeTable WHERE EncrypedColumn = 'SomeValue';  Needs correctly parameterized queries SELECT SomeColumn FROM SomeTable WHERE EncrypedColumn = @param;
#SQLSAT454 Always Encrypted for Existing Data  Existing columns must be encrypted client side  Easiest way: Import / Export wizard Ad-hoc wizard In SSMS 2016?
#SQLSAT454 Performance Impact
#SQLSAT454 Space Usage Impact
#SQLSAT454 Q&A Questions?
#SQLSAT454 DYNAMIC DATA MASKING
#SQLSAT454 Dynamic Data Masking – Key Features Limits Sensitive Data Exposure Sensitive data is masked. Administrators designate how much of the sensitive data to reveal. Useful for Compliance Helps adhering to privacy standards imposed by regulation authorities. Application Transparency No application changes. Existing queries keep working.
#SQLSAT454 Dynamic Data Masking Database Non-Privileged User Privileged User Unmasked Data DATA Jane Doe Name 062-56-4651 SSN 2.500 Salary Jim Gray 915-12-9845 2.350 John Smith 354-21-9184 1.500 dbo.Employees 062-56-4651 SSN Masked Data XXX-XX-XXXX SSN
#SQLSAT454 Dynamic Data Masking  Obfuscates data using 3 masking functions  Default: depends on data type  Email: aXXX.XXXX.com  Partial: prefixXXXXXXsuffix  Data is stored unmasked  Masking happens on resultset formation  GRANT UNMASK to disclose data  Works in Azure SQL Database (preview)
#SQLSAT454 Dynamic Data Masking - Limitations  Not all datatypes supported  Not intended as a complete protection feature for sensitive data  Ad-Hoc queries disclose data. Ex: WHERE Salary > 2000  INSERT…SELECT does not preserve masking  Some quirks  Not suitable for handing out copies of the database to software vendors or third-parties
#SQLSAT454 DEMO Working with Dynamic Data Masking
#SQLSAT454 Q&A Questions?
#SQLSAT454 ROW-LEVEL SECURITY
#SQLSAT454 Row Level Security – Key Features Fine-grained access control In multi-tenant databases, limits access by other users who share the same tables. Centralized Security Logic Predicate-based access control logic resides inside the database and is schema-bound to the tables it protects. Application Transparency No application changes. Existing queries keep working.
#SQLSAT454 Row-Level Security LATAM Salesperson EMEA Salesperson Evil Inc. Name EMEA Area 2.500 Budget Wealthy Corp. LATAM 2.350 Greedy Corp. APAC 1.500 dbo.Customer Manager APAC Salesperson
#SQLSAT454 Row-Level Security - Concepts  Predicate function User-defined inline iTVF implementing access control logic. Can be arbitrarily complicated  Security predicate Applies a predicate function to a particular table (APPLY) Two types: filter predicates and blocking predicates  Security policy Collection of security predicates Manages security across multiple tables
#SQLSAT454 Row-Level Security – How it works EMEA Salesperson Evil Inc. Name EMEA Area 2.500 Budget Wealthy Corp. LATAM 2.350 Greedy Corp. APAC 1.500 dbo.Customer DBA Security Policy SELECT * FROM Customer SELECT * FROM Customer APPLY itvf_securityPredicate()
#SQLSAT454 DEMO Working with Row-Level Security
#SQLSAT454 Row-Level Security - Limitations  SCHEMABINDING: all tables in the predicate function must reside in the database  Performance impact: queries are rewritten  When authenticating the application, CONTEXT_INFO() can be used to filter on real user  Not really secure if users can run ad-hoc queries  Don’t lock out the DBA!
#SQLSAT454 Q&A Questions?
#SQLSAT454 Resources Always Encrypted on MSDN Getting Started With Always Encrypted Performance impact of Always Encrypted Dynamic Data Masking on MSDN Using Dynamic Data Masking Row-Level Security on MSDN Introduction to Row-Level Security Row-Level Security Limitations
#SQLSAT454 Evaluations  Don’t forget to compile evaluations form here  http://speakerscore.com/sqlsat454
#SQLSAT454 THANKS! #sqlsat454

Recommended

Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013sqlserver.co.il
 
2021 March Pravega Community Meeting
2021 March Pravega Community Meeting2021 March Pravega Community Meeting
2021 March Pravega Community Meeting
Derek Moore
 
2019 - OOW - Database Migration Methods from On-Premise to Cloud
2019 - OOW - Database Migration Methods from On-Premise to Cloud2019 - OOW - Database Migration Methods from On-Premise to Cloud
2019 - OOW - Database Migration Methods from On-Premise to Cloud
Marcus Vinicius Miguel Pedro
 
Percona, software libre y bases de datos
Percona, software libre y bases de datosPercona, software libre y bases de datos
Percona, software libre y bases de datos
LibreCon
 
Azure database services for PostgreSQL and MySQL
Azure database services for PostgreSQL and MySQLAzure database services for PostgreSQL and MySQL
Azure database services for PostgreSQL and MySQL
Amit Banerjee
 
Highlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack SummitHighlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack Summit
Cloud Standards Customer Council
 
Cloud Design Patterns
Cloud Design PatternsCloud Design Patterns
Cloud Design Patterns
Taswar Bhatti
 
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For Scala
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For ScalaScala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For Scala
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For Scala
Lightbend
 

Recommended

Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013sqlserver.co.il
 
2021 March Pravega Community Meeting
2021 March Pravega Community Meeting2021 March Pravega Community Meeting
2021 March Pravega Community Meeting
Derek Moore
 
2019 - OOW - Database Migration Methods from On-Premise to Cloud
2019 - OOW - Database Migration Methods from On-Premise to Cloud2019 - OOW - Database Migration Methods from On-Premise to Cloud
2019 - OOW - Database Migration Methods from On-Premise to Cloud
Marcus Vinicius Miguel Pedro
 
Percona, software libre y bases de datos
Percona, software libre y bases de datosPercona, software libre y bases de datos
Percona, software libre y bases de datos
LibreCon
 
Azure database services for PostgreSQL and MySQL
Azure database services for PostgreSQL and MySQLAzure database services for PostgreSQL and MySQL
Azure database services for PostgreSQL and MySQL
Amit Banerjee
 
Highlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack SummitHighlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack Summit
Cloud Standards Customer Council
 
Cloud Design Patterns
Cloud Design PatternsCloud Design Patterns
Cloud Design Patterns
Taswar Bhatti
 
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For Scala
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For ScalaScala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For Scala
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For Scala
Lightbend
 
SQL Explore 2012 - Meir Dudai: DAC
SQL Explore 2012 - Meir Dudai: DACSQL Explore 2012 - Meir Dudai: DAC
SQL Explore 2012 - Meir Dudai: DACsqlserver.co.il
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
Trivadis
 
Upgrade your SQL Server like a Ninja
Upgrade your SQL Server like a NinjaUpgrade your SQL Server like a Ninja
Upgrade your SQL Server like a Ninja
Amit Banerjee
 
Database Modernization
Database ModernizationDatabase Modernization
Database Modernization
Trivadis
 
Migration to Alibaba Cloud
Migration to Alibaba CloudMigration to Alibaba Cloud
Migration to Alibaba Cloud
Alibaba Cloud
 
MySQL Alta Disponibilidade com Replicação
MySQL Alta Disponibilidade com Replicação MySQL Alta Disponibilidade com Replicação
MySQL Alta Disponibilidade com Replicação
MySQL Brasil
 
How to Set Up ApsaraDB for RDS on Alibaba Cloud
How to Set Up ApsaraDB for RDS on Alibaba CloudHow to Set Up ApsaraDB for RDS on Alibaba Cloud
How to Set Up ApsaraDB for RDS on Alibaba Cloud
Alibaba Cloud
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy
 
Azure Data platform
Azure Data platformAzure Data platform
Azure Data platform
Mostafa
 
Choosing the right Cloud Database
Choosing the right Cloud DatabaseChoosing the right Cloud Database
Choosing the right Cloud Database
Janakiram MSV
 
Jax Cloud 2016 Microsoft Ignite Recap
Jax Cloud 2016 Microsoft Ignite RecapJax Cloud 2016 Microsoft Ignite Recap
Jax Cloud 2016 Microsoft Ignite Recap
Ben Stegink
 
KoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginnersKoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginners
Tobias Koprowski
 
MySQL overview
MySQL overviewMySQL overview
MySQL overview
Mark Swarbrick
 
Trivadis - Microsoft Swiss Cloud Services
Trivadis - Microsoft Swiss Cloud ServicesTrivadis - Microsoft Swiss Cloud Services
Trivadis - Microsoft Swiss Cloud Services
Trivadis
 
5 Postgres DBA Tips
5 Postgres DBA Tips5 Postgres DBA Tips
5 Postgres DBA Tips
EDB
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition
Mark Swarbrick
 
Market Trends in Microsoft Azure
Market Trends in Microsoft AzureMarket Trends in Microsoft Azure
Market Trends in Microsoft Azure
GlobalLogic Ukraine
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. část
MarketingArrowECS_CZ
 
Oracle virtualbox basic to rac attack
Oracle virtualbox basic to rac attackOracle virtualbox basic to rac attack
Oracle virtualbox basic to rac attack
Bobby Curtis
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
MariaDB plc
 
Expert summit SQL Server 2016
Expert summit SQL Server 2016Expert summit SQL Server 2016
Expert summit SQL Server 2016
Łukasz Grala
 
SQL Server 2016 novelties
SQL Server 2016 noveltiesSQL Server 2016 novelties
SQL Server 2016 novelties
MSDEVMTL
 

More Related Content

What's hot

SQL Explore 2012 - Meir Dudai: DAC
SQL Explore 2012 - Meir Dudai: DACSQL Explore 2012 - Meir Dudai: DAC
SQL Explore 2012 - Meir Dudai: DACsqlserver.co.il
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
Trivadis
 
Upgrade your SQL Server like a Ninja
Upgrade your SQL Server like a NinjaUpgrade your SQL Server like a Ninja
Upgrade your SQL Server like a Ninja
Amit Banerjee
 
Database Modernization
Database ModernizationDatabase Modernization
Database Modernization
Trivadis
 
Migration to Alibaba Cloud
Migration to Alibaba CloudMigration to Alibaba Cloud
Migration to Alibaba Cloud
Alibaba Cloud
 
MySQL Alta Disponibilidade com Replicação
MySQL Alta Disponibilidade com Replicação MySQL Alta Disponibilidade com Replicação
MySQL Alta Disponibilidade com Replicação
MySQL Brasil
 
How to Set Up ApsaraDB for RDS on Alibaba Cloud
How to Set Up ApsaraDB for RDS on Alibaba CloudHow to Set Up ApsaraDB for RDS on Alibaba Cloud
How to Set Up ApsaraDB for RDS on Alibaba Cloud
Alibaba Cloud
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy
 
Azure Data platform
Azure Data platformAzure Data platform
Azure Data platform
Mostafa
 
Choosing the right Cloud Database
Choosing the right Cloud DatabaseChoosing the right Cloud Database
Choosing the right Cloud Database
Janakiram MSV
 
Jax Cloud 2016 Microsoft Ignite Recap
Jax Cloud 2016 Microsoft Ignite RecapJax Cloud 2016 Microsoft Ignite Recap
Jax Cloud 2016 Microsoft Ignite Recap
Ben Stegink
 
KoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginnersKoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginners
Tobias Koprowski
 
MySQL overview
MySQL overviewMySQL overview
MySQL overview
Mark Swarbrick
 
Trivadis - Microsoft Swiss Cloud Services
Trivadis - Microsoft Swiss Cloud ServicesTrivadis - Microsoft Swiss Cloud Services
Trivadis - Microsoft Swiss Cloud Services
Trivadis
 
5 Postgres DBA Tips
5 Postgres DBA Tips5 Postgres DBA Tips
5 Postgres DBA Tips
EDB
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition
Mark Swarbrick
 
Market Trends in Microsoft Azure
Market Trends in Microsoft AzureMarket Trends in Microsoft Azure
Market Trends in Microsoft Azure
GlobalLogic Ukraine
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. část
MarketingArrowECS_CZ
 
Oracle virtualbox basic to rac attack
Oracle virtualbox basic to rac attackOracle virtualbox basic to rac attack
Oracle virtualbox basic to rac attack
Bobby Curtis
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
MariaDB plc
 

What's hot (20)

SQL Explore 2012 - Meir Dudai: DAC
SQL Explore 2012 - Meir Dudai: DACSQL Explore 2012 - Meir Dudai: DAC
SQL Explore 2012 - Meir Dudai: DAC
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
 
Upgrade your SQL Server like a Ninja
Upgrade your SQL Server like a NinjaUpgrade your SQL Server like a Ninja
Upgrade your SQL Server like a Ninja
 
Database Modernization
Database ModernizationDatabase Modernization
Database Modernization
 
Migration to Alibaba Cloud
Migration to Alibaba CloudMigration to Alibaba Cloud
Migration to Alibaba Cloud
 
MySQL Alta Disponibilidade com Replicação
MySQL Alta Disponibilidade com Replicação MySQL Alta Disponibilidade com Replicação
MySQL Alta Disponibilidade com Replicação
 
How to Set Up ApsaraDB for RDS on Alibaba Cloud
How to Set Up ApsaraDB for RDS on Alibaba CloudHow to Set Up ApsaraDB for RDS on Alibaba Cloud
How to Set Up ApsaraDB for RDS on Alibaba Cloud
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
 
Azure Data platform
Azure Data platformAzure Data platform
Azure Data platform
 
Choosing the right Cloud Database
Choosing the right Cloud DatabaseChoosing the right Cloud Database
Choosing the right Cloud Database
 
Jax Cloud 2016 Microsoft Ignite Recap
Jax Cloud 2016 Microsoft Ignite RecapJax Cloud 2016 Microsoft Ignite Recap
Jax Cloud 2016 Microsoft Ignite Recap
 
KoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginnersKoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginners
 
MySQL overview
MySQL overviewMySQL overview
MySQL overview
 
Trivadis - Microsoft Swiss Cloud Services
Trivadis - Microsoft Swiss Cloud ServicesTrivadis - Microsoft Swiss Cloud Services
Trivadis - Microsoft Swiss Cloud Services
 
5 Postgres DBA Tips
5 Postgres DBA Tips5 Postgres DBA Tips
5 Postgres DBA Tips
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition
 
Market Trends in Microsoft Azure
Market Trends in Microsoft AzureMarket Trends in Microsoft Azure
Market Trends in Microsoft Azure
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. část
 
Oracle virtualbox basic to rac attack
Oracle virtualbox basic to rac attackOracle virtualbox basic to rac attack
Oracle virtualbox basic to rac attack
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
 

Viewers also liked

Expert summit SQL Server 2016
Expert summit SQL Server 2016Expert summit SQL Server 2016
Expert summit SQL Server 2016
Łukasz Grala
 
SQL Server 2016 novelties
SQL Server 2016 noveltiesSQL Server 2016 novelties
SQL Server 2016 novelties
MSDEVMTL
 
What's New in SQL Server 2016 for BI
What's New in SQL Server 2016 for BIWhat's New in SQL Server 2016 for BI
What's New in SQL Server 2016 for BITeo Lachev
 
Accelerating Business Intelligence Solutions with Microsoft Azure pass
Accelerating Business Intelligence Solutions with Microsoft Azure passAccelerating Business Intelligence Solutions with Microsoft Azure pass
Accelerating Business Intelligence Solutions with Microsoft Azure pass
Jason Strate
 
Georgia Azure Event - Scalable cloud games using Microsoft Azure
Georgia Azure Event - Scalable cloud games using Microsoft AzureGeorgia Azure Event - Scalable cloud games using Microsoft Azure
Georgia Azure Event - Scalable cloud games using Microsoft Azure
Microsoft
 
OpenPOWER Roadmap Toward CORAL
OpenPOWER Roadmap Toward CORALOpenPOWER Roadmap Toward CORAL
OpenPOWER Roadmap Toward CORAL
inside-BigData.com
 
The State of Linux Containers
The State of Linux ContainersThe State of Linux Containers
The State of Linux Containers
inside-BigData.com
 
OpenPOWER Update
OpenPOWER UpdateOpenPOWER Update
OpenPOWER Update
inside-BigData.com
 
IBM POWER8 as an HPC platform
IBM POWER8 as an HPC platformIBM POWER8 as an HPC platform
IBM POWER8 as an HPC platform
Alexander Pozdneev
 
Presentacin webinar move_up_to_power8_with_scale_out_servers_final
Presentacin webinar move_up_to_power8_with_scale_out_servers_finalPresentacin webinar move_up_to_power8_with_scale_out_servers_final
Presentacin webinar move_up_to_power8_with_scale_out_servers_final
Diego Alberto Tamayo
 
Blockchain
BlockchainBlockchain
Blockchain
Benjamin Fuentes
 
Bitcoin explained
Bitcoin explainedBitcoin explained
Bitcoin explained
Benjamin Fuentes
 
Oracle Solaris Software Integration
Oracle Solaris Software IntegrationOracle Solaris Software Integration
Oracle Solaris Software Integration
OTN Systems Hub
 
Open Innovation with Power Systems
Open Innovation with Power Systems Open Innovation with Power Systems
Open Innovation with Power Systems
IBM Power Systems
 
IBM Power8 announce
IBM Power8 announceIBM Power8 announce
IBM Power8 announce
Anna Landolfi
 
Puppet + Windows Nano Server
Puppet + Windows Nano ServerPuppet + Windows Nano Server
Puppet + Windows Nano Server
Alessandro Pilotti
 
Oracle Solaris Secure Cloud Infrastructure
Oracle Solaris Secure Cloud InfrastructureOracle Solaris Secure Cloud Infrastructure
Oracle Solaris Secure Cloud Infrastructure
OTN Systems Hub
 
IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...
IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...
IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...
Mark Rittman
 
Oracle Solaris Build and Run Applications Better on 11.3
Oracle Solaris Build and Run Applications Better on 11.3Oracle Solaris Build and Run Applications Better on 11.3
Oracle Solaris Build and Run Applications Better on 11.3
OTN Systems Hub
 
The Quantum Effect: HPC without FLOPS
The Quantum Effect: HPC without FLOPSThe Quantum Effect: HPC without FLOPS
The Quantum Effect: HPC without FLOPS
inside-BigData.com
 

Viewers also liked (20)

Expert summit SQL Server 2016
Expert summit SQL Server 2016Expert summit SQL Server 2016
Expert summit SQL Server 2016
 
SQL Server 2016 novelties
SQL Server 2016 noveltiesSQL Server 2016 novelties
SQL Server 2016 novelties
 
What's New in SQL Server 2016 for BI
What's New in SQL Server 2016 for BIWhat's New in SQL Server 2016 for BI
What's New in SQL Server 2016 for BI
 
Accelerating Business Intelligence Solutions with Microsoft Azure pass
Accelerating Business Intelligence Solutions with Microsoft Azure passAccelerating Business Intelligence Solutions with Microsoft Azure pass
Accelerating Business Intelligence Solutions with Microsoft Azure pass
 
Georgia Azure Event - Scalable cloud games using Microsoft Azure
Georgia Azure Event - Scalable cloud games using Microsoft AzureGeorgia Azure Event - Scalable cloud games using Microsoft Azure
Georgia Azure Event - Scalable cloud games using Microsoft Azure
 
OpenPOWER Roadmap Toward CORAL
OpenPOWER Roadmap Toward CORALOpenPOWER Roadmap Toward CORAL
OpenPOWER Roadmap Toward CORAL
 
The State of Linux Containers
The State of Linux ContainersThe State of Linux Containers
The State of Linux Containers
 
OpenPOWER Update
OpenPOWER UpdateOpenPOWER Update
OpenPOWER Update
 
IBM POWER8 as an HPC platform
IBM POWER8 as an HPC platformIBM POWER8 as an HPC platform
IBM POWER8 as an HPC platform
 
Presentacin webinar move_up_to_power8_with_scale_out_servers_final
Presentacin webinar move_up_to_power8_with_scale_out_servers_finalPresentacin webinar move_up_to_power8_with_scale_out_servers_final
Presentacin webinar move_up_to_power8_with_scale_out_servers_final
 
Blockchain
BlockchainBlockchain
Blockchain
 
Bitcoin explained
Bitcoin explainedBitcoin explained
Bitcoin explained
 
Oracle Solaris Software Integration
Oracle Solaris Software IntegrationOracle Solaris Software Integration
Oracle Solaris Software Integration
 
Open Innovation with Power Systems
Open Innovation with Power Systems Open Innovation with Power Systems
Open Innovation with Power Systems
 
IBM Power8 announce
IBM Power8 announceIBM Power8 announce
IBM Power8 announce
 
Puppet + Windows Nano Server
Puppet + Windows Nano ServerPuppet + Windows Nano Server
Puppet + Windows Nano Server
 
Oracle Solaris Secure Cloud Infrastructure
Oracle Solaris Secure Cloud InfrastructureOracle Solaris Secure Cloud Infrastructure
Oracle Solaris Secure Cloud Infrastructure
 
IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...
IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...
IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...
 
Oracle Solaris Build and Run Applications Better on 11.3
Oracle Solaris Build and Run Applications Better on 11.3Oracle Solaris Build and Run Applications Better on 11.3
Oracle Solaris Build and Run Applications Better on 11.3
 
The Quantum Effect: HPC without FLOPS
The Quantum Effect: HPC without FLOPSThe Quantum Effect: HPC without FLOPS
The Quantum Effect: HPC without FLOPS
 

Similar to SQL Server 2016 New Security Features

Sql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedSql Server 2016 Always Encrypted
Sql Server 2016 Always Encrypted
Duncan Greaves PhD
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure world
Gianluca Sartori
 
Securing your data with Azure SQL DB
Securing your data with Azure SQL DBSecuring your data with Azure SQL DB
Securing your data with Azure SQL DB
Microsoft Tech Community
 
Always encrypted overview
Always encrypted overviewAlways encrypted overview
Always encrypted overview
SolidQ
 
Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016
George Walters
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
DLT Solutions
 
Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017
Maximiliano Accotto
 
Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017
Maximiliano Accotto
 
SQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi CohnSQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi Cohnsqlserver.co.il
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingAntonios Chatzipavlis
 
SQL Server 2008 Security Overview
SQL Server 2008 Security OverviewSQL Server 2008 Security Overview
SQL Server 2008 Security Overviewukdpe
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite Things
Hostway|HOSTING
 
Understanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always EncryptedUnderstanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always Encrypted
Ed Leighton-Dick
 
SQLCAT - Data and Admin Security
SQLCAT - Data and Admin SecuritySQLCAT - Data and Admin Security
SQLCAT - Data and Admin Security
Denny Lee
 
SQL INJECTION ATTACKS.pptx
SQL INJECTION ATTACKS.pptxSQL INJECTION ATTACKS.pptx
SQL INJECTION ATTACKS.pptx
REMEGIUSPRAVEENSAHAY
 
Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQL
Vittorio Cioe
 
Pillars of great Azure Architecture
Pillars of great Azure ArchitecturePillars of great Azure Architecture
Pillars of great Azure Architecture
Karthikeyan VK
 
Database security2 adebiaye
Database security2 adebiayeDatabase security2 adebiaye
Database security2 adebiaye
DR RICHMOND ADEBIAYE
 
Database security
Database securityDatabase security
Database security
Arpana shree
 
Enhancing the Security of Data at Rest with SAP ASE 16
Enhancing the Security of Data at Rest with SAP ASE 16Enhancing the Security of Data at Rest with SAP ASE 16
Enhancing the Security of Data at Rest with SAP ASE 16
SAP Technology
 

Similar to SQL Server 2016 New Security Features (20)

Sql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedSql Server 2016 Always Encrypted
Sql Server 2016 Always Encrypted
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure world
 
Securing your data with Azure SQL DB
Securing your data with Azure SQL DBSecuring your data with Azure SQL DB
Securing your data with Azure SQL DB
 
Always encrypted overview
Always encrypted overviewAlways encrypted overview
Always encrypted overview
 
Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
 
Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017
 
Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017
 
SQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi CohnSQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi Cohn
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
 
SQL Server 2008 Security Overview
SQL Server 2008 Security OverviewSQL Server 2008 Security Overview
SQL Server 2008 Security Overview
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite Things
 
Understanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always EncryptedUnderstanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always Encrypted
 
SQLCAT - Data and Admin Security
SQLCAT - Data and Admin SecuritySQLCAT - Data and Admin Security
SQLCAT - Data and Admin Security
 
SQL INJECTION ATTACKS.pptx
SQL INJECTION ATTACKS.pptxSQL INJECTION ATTACKS.pptx
SQL INJECTION ATTACKS.pptx
 
Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQL
 
Pillars of great Azure Architecture
Pillars of great Azure ArchitecturePillars of great Azure Architecture
Pillars of great Azure Architecture
 
Database security2 adebiaye
Database security2 adebiayeDatabase security2 adebiaye
Database security2 adebiaye
 
Database security
Database securityDatabase security
Database security
 
Enhancing the Security of Data at Rest with SAP ASE 16
Enhancing the Security of Data at Rest with SAP ASE 16Enhancing the Security of Data at Rest with SAP ASE 16
Enhancing the Security of Data at Rest with SAP ASE 16
 

More from Gianluca Sartori

Benchmarking like a pro
Benchmarking like a proBenchmarking like a pro
Benchmarking like a pro
Gianluca Sartori
 
Sql server infernals
Sql server infernalsSql server infernals
Sql server infernals
Gianluca Sartori
 
Responding to extended events in near real time
Responding to extended events in near real timeResponding to extended events in near real time
Responding to extended events in near real time
Gianluca Sartori
 
SQL Server Worst Practices - EN
SQL Server Worst Practices - ENSQL Server Worst Practices - EN
SQL Server Worst Practices - EN
Gianluca Sartori
 
TSQL Advanced Query Techniques
TSQL Advanced Query TechniquesTSQL Advanced Query Techniques
TSQL Advanced Query Techniques
Gianluca Sartori
 
My Query is slow, now what?
My Query is slow, now what?My Query is slow, now what?
My Query is slow, now what?
Gianluca Sartori
 
SQL Server Benchmarking, Baselining and Workload Analysis
SQL Server Benchmarking, Baselining and Workload AnalysisSQL Server Benchmarking, Baselining and Workload Analysis
SQL Server Benchmarking, Baselining and Workload Analysis
Gianluca Sartori
 
A performance tuning methodology
A performance tuning methodologyA performance tuning methodology
A performance tuning methodology
Gianluca Sartori
 
SQL Server Worst Practices
SQL Server Worst PracticesSQL Server Worst Practices
SQL Server Worst Practices
Gianluca Sartori
 

More from Gianluca Sartori (9)

Benchmarking like a pro
Benchmarking like a proBenchmarking like a pro
Benchmarking like a pro
 
Sql server infernals
Sql server infernalsSql server infernals
Sql server infernals
 
Responding to extended events in near real time
Responding to extended events in near real timeResponding to extended events in near real time
Responding to extended events in near real time
 
SQL Server Worst Practices - EN
SQL Server Worst Practices - ENSQL Server Worst Practices - EN
SQL Server Worst Practices - EN
 
TSQL Advanced Query Techniques
TSQL Advanced Query TechniquesTSQL Advanced Query Techniques
TSQL Advanced Query Techniques
 
My Query is slow, now what?
My Query is slow, now what?My Query is slow, now what?
My Query is slow, now what?
 
SQL Server Benchmarking, Baselining and Workload Analysis
SQL Server Benchmarking, Baselining and Workload AnalysisSQL Server Benchmarking, Baselining and Workload Analysis
SQL Server Benchmarking, Baselining and Workload Analysis
 
A performance tuning methodology
A performance tuning methodologyA performance tuning methodology
A performance tuning methodology
 
SQL Server Worst Practices
SQL Server Worst PracticesSQL Server Worst Practices
SQL Server Worst Practices
 

Recently uploaded

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 

Recently uploaded (20)

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 

SQL Server 2016 New Security Features

  • 1. #SQLSAT454 SQL Server 2016 New Security Features Gianluca Sartori @spaghettidba
  • 3. #SQLSAT454 Gianluca Sartori  Independent SQL Server consultant  SQL Server MVP, MCTS, MCITP, MCT  Works with SQL Server since version 7  DBA @ Scuderia Ferrari  Blog: spaghettidba.com  Twitter: @spaghettidba
  • 4. #SQLSAT454 Agenda  Security Boundaries  Always Encrypted  Row Level Security  Dynamic Data Masking
  • 5. #SQLSAT454 Why New Security Features?  SQL Server has plenty security features  TDE  Protects database files and backups at rest  Cell-Level Encryption  Encrypts single values in database tables  SSL  Protects data on the network
  • 6. #SQLSAT454 Security Boundaries – Open Apps SSMS Database Developer DBA Manager User Software Vendor Unauthorized Users
  • 7. #SQLSAT454 Security Boundaries – Non Sensitive Apps SSMS Database Developer DBA Manager User Software Vendor Unauthorized Users Copy Copy
  • 8. #SQLSAT454 Security Boundaries – Sensitive Apps SSMS Database Developer DBA Manager User Software Vendor Unauthorized Users Copy Copy
  • 10. #SQLSAT454 Always Encrypted – Key Features Prevents Data Disclosure End-to-end encryption of individual columns in a table with keys that are never given to the database system. Queries on Encrypted Data Support for equality comparison, incl. join, group by and distinct operators. Application Transparency Minimal application changes via server and client library enhancements.
  • 11. #SQLSAT454 Always Encrypted  Sensitive data is encrypted at column level  Data is protected from high-privileged users  DBAs  System Admins  Hackers  Data is stored securely outside security boundaries  The database never sees unencrypted data  Cloud providers  Third-parties
  • 12. #SQLSAT454 Always Encrypted – How it works App SELECT Name FROM Patients WHERE SSN=@SSN @SSN='198-33-0987' Column Encryption Key Jane Doe Name 1x7fg655se2 e SSN USA Country Jim Gray 0x7ff654ae6d USA John Smith 0y8fj754ea2c USA dbo.Patients Result Set Jim Gray Name Query Application - Trusted SQL Server - Untrusted SELECT Name FROM Patients WHERE SSN=@SSN @SSN=0x7ff654ae6d Enhanced ADO.NET Library SQL Server Native Client .NET 4.6 Column Master Key
  • 13. #SQLSAT454 Encryption Types  Deterministic Encryption Same plaintext value  Same encrypted value Supports indexing, equality comparison, JOINs, DISTINCT  Randomized Encryption Same plaintext value  Different encrypted value Supports retrieval of encrypted data No SQL operations supported
  • 15. #SQLSAT454 TDE vs Always Encrypted Always Encrypted TDE Column level Database level Client encryption Server encryption Server doesn’t know encryption keys Server knows encryption keys Data in memory is encrypted Data in memory is in plaintext Data travels the network encrypted Data travels the network in plaintext
  • 16. #SQLSAT454 Custom encryption vs Always Encrypted Always Encrypted Custom Encryption Slight application changes Needs obtrusive changes Disallows saving plaintext data Plaintext data can be saved by accident Allows indexing of cyphertext * Allows indexing of cyphertext * * depending on encryption algorithm
  • 17. #SQLSAT454 Always Encrypted - Limitations  Deterministic encryption needs _BIN2 collation  Not all datatypes supported  Partial support for triggers  Unsupported features:  Full-text search  Replication  Change Data Capture  In-Memory OLTP  Stretch Database
  • 18. #SQLSAT454 What changes for Applications?  ConnectionString must include new key: Column Encryption Setting=enabled;  Ad-hoc queries not supported SELECT SomeColumn FROM SomeTable WHERE EncrypedColumn = 'SomeValue';  Needs correctly parameterized queries SELECT SomeColumn FROM SomeTable WHERE EncrypedColumn = @param;
  • 19. #SQLSAT454 Always Encrypted for Existing Data  Existing columns must be encrypted client side  Easiest way: Import / Export wizard Ad-hoc wizard In SSMS 2016?
  • 24. #SQLSAT454 Dynamic Data Masking – Key Features Limits Sensitive Data Exposure Sensitive data is masked. Administrators designate how much of the sensitive data to reveal. Useful for Compliance Helps adhering to privacy standards imposed by regulation authorities. Application Transparency No application changes. Existing queries keep working.
  • 25. #SQLSAT454 Dynamic Data Masking Database Non-Privileged User Privileged User Unmasked Data DATA Jane Doe Name 062-56-4651 SSN 2.500 Salary Jim Gray 915-12-9845 2.350 John Smith 354-21-9184 1.500 dbo.Employees 062-56-4651 SSN Masked Data XXX-XX-XXXX SSN
  • 26. #SQLSAT454 Dynamic Data Masking  Obfuscates data using 3 masking functions  Default: depends on data type  Email: aXXX.XXXX.com  Partial: prefixXXXXXXsuffix  Data is stored unmasked  Masking happens on resultset formation  GRANT UNMASK to disclose data  Works in Azure SQL Database (preview)
  • 27. #SQLSAT454 Dynamic Data Masking - Limitations  Not all datatypes supported  Not intended as a complete protection feature for sensitive data  Ad-Hoc queries disclose data. Ex: WHERE Salary > 2000  INSERT…SELECT does not preserve masking  Some quirks  Not suitable for handing out copies of the database to software vendors or third-parties
  • 31. #SQLSAT454 Row Level Security – Key Features Fine-grained access control In multi-tenant databases, limits access by other users who share the same tables. Centralized Security Logic Predicate-based access control logic resides inside the database and is schema-bound to the tables it protects. Application Transparency No application changes. Existing queries keep working.
  • 32. #SQLSAT454 Row-Level Security LATAM Salesperson EMEA Salesperson Evil Inc. Name EMEA Area 2.500 Budget Wealthy Corp. LATAM 2.350 Greedy Corp. APAC 1.500 dbo.Customer Manager APAC Salesperson
  • 33. #SQLSAT454 Row-Level Security - Concepts  Predicate function User-defined inline iTVF implementing access control logic. Can be arbitrarily complicated  Security predicate Applies a predicate function to a particular table (APPLY) Two types: filter predicates and blocking predicates  Security policy Collection of security predicates Manages security across multiple tables
  • 34. #SQLSAT454 Row-Level Security – How it works EMEA Salesperson Evil Inc. Name EMEA Area 2.500 Budget Wealthy Corp. LATAM 2.350 Greedy Corp. APAC 1.500 dbo.Customer DBA Security Policy SELECT * FROM Customer SELECT * FROM Customer APPLY itvf_securityPredicate()
  • 36. #SQLSAT454 Row-Level Security - Limitations  SCHEMABINDING: all tables in the predicate function must reside in the database  Performance impact: queries are rewritten  When authenticating the application, CONTEXT_INFO() can be used to filter on real user  Not really secure if users can run ad-hoc queries  Don’t lock out the DBA!
  • 38. #SQLSAT454 Resources Always Encrypted on MSDN Getting Started With Always Encrypted Performance impact of Always Encrypted Dynamic Data Masking on MSDN Using Dynamic Data Masking Row-Level Security on MSDN Introduction to Row-Level Security Row-Level Security Limitations
  • 39. #SQLSAT454 Evaluations  Don’t forget to compile evaluations form here  http://speakerscore.com/sqlsat454