SlideShare ist ein Scribd-Unternehmen logo

SQL Server 2016 New Security Features

Als PPTX, PDF herunterladen
Gianluca Sartori
Gianluca Sartori

SQL Server 2016 New Security Features

Technologie
1 von 40
#SQLSAT454 SQL Server 2016 New Security Features Gianluca Sartori @spaghettidba
#SQLSAT454 Sponsors
#SQLSAT454 Gianluca Sartori  Independent SQL Server consultant  SQL Server MVP, MCTS, MCITP, MCT  Works with SQL Server since version 7  DBA @ Scuderia Ferrari  Blog: spaghettidba.com  Twitter: @spaghettidba
#SQLSAT454 Agenda  Security Boundaries  Always Encrypted  Row Level Security  Dynamic Data Masking
#SQLSAT454 Why New Security Features?  SQL Server has plenty security features  TDE  Protects database files and backups at rest  Cell-Level Encryption  Encrypts single values in database tables  SSL  Protects data on the network
#SQLSAT454 Security Boundaries – Open Apps SSMS Database Developer DBA Manager User Software Vendor Unauthorized Users
#SQLSAT454 Security Boundaries – Non Sensitive Apps SSMS Database Developer DBA Manager User Software Vendor Unauthorized Users Copy Copy
#SQLSAT454 Security Boundaries – Sensitive Apps SSMS Database Developer DBA Manager User Software Vendor Unauthorized Users Copy Copy
#SQLSAT454 ALWAYS ENCRYPTED
#SQLSAT454 Always Encrypted – Key Features Prevents Data Disclosure End-to-end encryption of individual columns in a table with keys that are never given to the database system. Queries on Encrypted Data Support for equality comparison, incl. join, group by and distinct operators. Application Transparency Minimal application changes via server and client library enhancements.
#SQLSAT454 Always Encrypted  Sensitive data is encrypted at column level  Data is protected from high-privileged users  DBAs  System Admins  Hackers  Data is stored securely outside security boundaries  The database never sees unencrypted data  Cloud providers  Third-parties
#SQLSAT454 Always Encrypted – How it works App SELECT Name FROM Patients WHERE SSN=@SSN @SSN='198-33-0987' Column Encryption Key Jane Doe Name 1x7fg655se2 e SSN USA Country Jim Gray 0x7ff654ae6d USA John Smith 0y8fj754ea2c USA dbo.Patients Result Set Jim Gray Name Query Application - Trusted SQL Server - Untrusted SELECT Name FROM Patients WHERE SSN=@SSN @SSN=0x7ff654ae6d Enhanced ADO.NET Library SQL Server Native Client .NET 4.6 Column Master Key
#SQLSAT454 Encryption Types  Deterministic Encryption Same plaintext value  Same encrypted value Supports indexing, equality comparison, JOINs, DISTINCT  Randomized Encryption Same plaintext value  Different encrypted value Supports retrieval of encrypted data No SQL operations supported
#SQLSAT454 DEMO Working with Always Encrypted
#SQLSAT454 TDE vs Always Encrypted Always Encrypted TDE Column level Database level Client encryption Server encryption Server doesn’t know encryption keys Server knows encryption keys Data in memory is encrypted Data in memory is in plaintext Data travels the network encrypted Data travels the network in plaintext
#SQLSAT454 Custom encryption vs Always Encrypted Always Encrypted Custom Encryption Slight application changes Needs obtrusive changes Disallows saving plaintext data Plaintext data can be saved by accident Allows indexing of cyphertext * Allows indexing of cyphertext * * depending on encryption algorithm
#SQLSAT454 Always Encrypted - Limitations  Deterministic encryption needs _BIN2 collation  Not all datatypes supported  Partial support for triggers  Unsupported features:  Full-text search  Replication  Change Data Capture  In-Memory OLTP  Stretch Database
#SQLSAT454 What changes for Applications?  ConnectionString must include new key: Column Encryption Setting=enabled;  Ad-hoc queries not supported SELECT SomeColumn FROM SomeTable WHERE EncrypedColumn = 'SomeValue';  Needs correctly parameterized queries SELECT SomeColumn FROM SomeTable WHERE EncrypedColumn = @param;
#SQLSAT454 Always Encrypted for Existing Data  Existing columns must be encrypted client side  Easiest way: Import / Export wizard Ad-hoc wizard In SSMS 2016?
#SQLSAT454 Performance Impact
#SQLSAT454 Space Usage Impact
#SQLSAT454 Q&A Questions?
#SQLSAT454 DYNAMIC DATA MASKING
#SQLSAT454 Dynamic Data Masking – Key Features Limits Sensitive Data Exposure Sensitive data is masked. Administrators designate how much of the sensitive data to reveal. Useful for Compliance Helps adhering to privacy standards imposed by regulation authorities. Application Transparency No application changes. Existing queries keep working.
#SQLSAT454 Dynamic Data Masking Database Non-Privileged User Privileged User Unmasked Data DATA Jane Doe Name 062-56-4651 SSN 2.500 Salary Jim Gray 915-12-9845 2.350 John Smith 354-21-9184 1.500 dbo.Employees 062-56-4651 SSN Masked Data XXX-XX-XXXX SSN
#SQLSAT454 Dynamic Data Masking  Obfuscates data using 3 masking functions  Default: depends on data type  Email: aXXX.XXXX.com  Partial: prefixXXXXXXsuffix  Data is stored unmasked  Masking happens on resultset formation  GRANT UNMASK to disclose data  Works in Azure SQL Database (preview)
#SQLSAT454 Dynamic Data Masking - Limitations  Not all datatypes supported  Not intended as a complete protection feature for sensitive data  Ad-Hoc queries disclose data. Ex: WHERE Salary > 2000  INSERT…SELECT does not preserve masking  Some quirks  Not suitable for handing out copies of the database to software vendors or third-parties
#SQLSAT454 DEMO Working with Dynamic Data Masking
#SQLSAT454 Q&A Questions?
#SQLSAT454 ROW-LEVEL SECURITY
#SQLSAT454 Row Level Security – Key Features Fine-grained access control In multi-tenant databases, limits access by other users who share the same tables. Centralized Security Logic Predicate-based access control logic resides inside the database and is schema-bound to the tables it protects. Application Transparency No application changes. Existing queries keep working.
#SQLSAT454 Row-Level Security LATAM Salesperson EMEA Salesperson Evil Inc. Name EMEA Area 2.500 Budget Wealthy Corp. LATAM 2.350 Greedy Corp. APAC 1.500 dbo.Customer Manager APAC Salesperson
#SQLSAT454 Row-Level Security - Concepts  Predicate function User-defined inline iTVF implementing access control logic. Can be arbitrarily complicated  Security predicate Applies a predicate function to a particular table (APPLY) Two types: filter predicates and blocking predicates  Security policy Collection of security predicates Manages security across multiple tables
#SQLSAT454 Row-Level Security – How it works EMEA Salesperson Evil Inc. Name EMEA Area 2.500 Budget Wealthy Corp. LATAM 2.350 Greedy Corp. APAC 1.500 dbo.Customer DBA Security Policy SELECT * FROM Customer SELECT * FROM Customer APPLY itvf_securityPredicate()
#SQLSAT454 DEMO Working with Row-Level Security
#SQLSAT454 Row-Level Security - Limitations  SCHEMABINDING: all tables in the predicate function must reside in the database  Performance impact: queries are rewritten  When authenticating the application, CONTEXT_INFO() can be used to filter on real user  Not really secure if users can run ad-hoc queries  Don’t lock out the DBA!
#SQLSAT454 Q&A Questions?
#SQLSAT454 Resources Always Encrypted on MSDN Getting Started With Always Encrypted Performance impact of Always Encrypted Dynamic Data Masking on MSDN Using Dynamic Data Masking Row-Level Security on MSDN Introduction to Row-Level Security Row-Level Security Limitations
#SQLSAT454 Evaluations  Don’t forget to compile evaluations form here  http://speakerscore.com/sqlsat454
#SQLSAT454 THANKS! #sqlsat454

Empfohlen

Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013sqlserver.co.il
 
2021 March Pravega Community Meeting
2021 March Pravega Community Meeting2021 March Pravega Community Meeting
2021 March Pravega Community MeetingDerek Moore
 
2019 - OOW - Database Migration Methods from On-Premise to Cloud
2019 - OOW - Database Migration Methods from On-Premise to Cloud2019 - OOW - Database Migration Methods from On-Premise to Cloud
2019 - OOW - Database Migration Methods from On-Premise to CloudMarcus Vinicius Miguel Pedro
 
Percona, software libre y bases de datos
Percona, software libre y bases de datosPercona, software libre y bases de datos
Percona, software libre y bases de datosLibreCon
 
Azure database services for PostgreSQL and MySQL
Azure database services for PostgreSQL and MySQLAzure database services for PostgreSQL and MySQL
Azure database services for PostgreSQL and MySQLAmit Banerjee
 
Highlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack SummitHighlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack SummitCloud Standards Customer Council
 
Cloud Design Patterns
Cloud Design PatternsCloud Design Patterns
Cloud Design PatternsTaswar Bhatti
 
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For Scala
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For ScalaScala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For Scala
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For ScalaLightbend
 

Empfohlen

Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013sqlserver.co.il
 
2021 March Pravega Community Meeting
2021 March Pravega Community Meeting2021 March Pravega Community Meeting
2021 March Pravega Community MeetingDerek Moore
 
2019 - OOW - Database Migration Methods from On-Premise to Cloud
2019 - OOW - Database Migration Methods from On-Premise to Cloud2019 - OOW - Database Migration Methods from On-Premise to Cloud
2019 - OOW - Database Migration Methods from On-Premise to CloudMarcus Vinicius Miguel Pedro
 
Percona, software libre y bases de datos
Percona, software libre y bases de datosPercona, software libre y bases de datos
Percona, software libre y bases de datosLibreCon
 
Azure database services for PostgreSQL and MySQL
Azure database services for PostgreSQL and MySQLAzure database services for PostgreSQL and MySQL
Azure database services for PostgreSQL and MySQLAmit Banerjee
 
Highlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack SummitHighlights of OpenStack Mitaka and the OpenStack Summit
Highlights of OpenStack Mitaka and the OpenStack SummitCloud Standards Customer Council
 
Cloud Design Patterns
Cloud Design PatternsCloud Design Patterns
Cloud Design PatternsTaswar Bhatti
 
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For Scala
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For ScalaScala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For Scala
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For ScalaLightbend
 
SQL Explore 2012 - Meir Dudai: DAC
SQL Explore 2012 - Meir Dudai: DACSQL Explore 2012 - Meir Dudai: DAC
SQL Explore 2012 - Meir Dudai: DACsqlserver.co.il
 
Mastering the move
Mastering the moveMastering the move
Mastering the moveTrivadis
 
Upgrade your SQL Server like a Ninja
Upgrade your SQL Server like a NinjaUpgrade your SQL Server like a Ninja
Upgrade your SQL Server like a NinjaAmit Banerjee
 
Database Modernization
Database ModernizationDatabase Modernization
Database ModernizationTrivadis
 
Migration to Alibaba Cloud
Migration to Alibaba CloudMigration to Alibaba Cloud
Migration to Alibaba CloudAlibaba Cloud
 
MySQL Alta Disponibilidade com Replicação
MySQL Alta Disponibilidade com Replicação MySQL Alta Disponibilidade com Replicação
MySQL Alta Disponibilidade com ReplicaçãoMySQL Brasil
 
How to Set Up ApsaraDB for RDS on Alibaba Cloud
How to Set Up ApsaraDB for RDS on Alibaba CloudHow to Set Up ApsaraDB for RDS on Alibaba Cloud
How to Set Up ApsaraDB for RDS on Alibaba CloudAlibaba Cloud
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy
 
Azure Data platform
Azure Data platformAzure Data platform
Azure Data platformMostafa
 
Choosing the right Cloud Database
Choosing the right Cloud DatabaseChoosing the right Cloud Database
Choosing the right Cloud DatabaseJanakiram MSV
 
Jax Cloud 2016 Microsoft Ignite Recap
Jax Cloud 2016 Microsoft Ignite RecapJax Cloud 2016 Microsoft Ignite Recap
Jax Cloud 2016 Microsoft Ignite RecapBen Stegink
 
KoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginnersKoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginnersTobias Koprowski
 
MySQL overview
MySQL overviewMySQL overview
MySQL overviewMark Swarbrick
 
Trivadis - Microsoft Swiss Cloud Services
Trivadis - Microsoft Swiss Cloud ServicesTrivadis - Microsoft Swiss Cloud Services
Trivadis - Microsoft Swiss Cloud ServicesTrivadis
 
5 Postgres DBA Tips
5 Postgres DBA Tips5 Postgres DBA Tips
5 Postgres DBA TipsEDB
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition Mark Swarbrick
 
Market Trends in Microsoft Azure
Market Trends in Microsoft AzureMarket Trends in Microsoft Azure
Market Trends in Microsoft AzureGlobalLogic Ukraine
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. částMarketingArrowECS_CZ
 
Oracle virtualbox basic to rac attack
Oracle virtualbox basic to rac attackOracle virtualbox basic to rac attack
Oracle virtualbox basic to rac attackBobby Curtis
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
Expert summit SQL Server 2016
Expert summit SQL Server 2016Expert summit SQL Server 2016
Expert summit SQL Server 2016Łukasz Grala
 
SQL Server 2016 novelties
SQL Server 2016 noveltiesSQL Server 2016 novelties
SQL Server 2016 noveltiesMSDEVMTL
 

Weitere ähnliche Inhalte

Was ist angesagt?

SQL Explore 2012 - Meir Dudai: DAC
SQL Explore 2012 - Meir Dudai: DACSQL Explore 2012 - Meir Dudai: DAC
SQL Explore 2012 - Meir Dudai: DACsqlserver.co.il
 
Mastering the move
Mastering the moveMastering the move
Mastering the moveTrivadis
 
Upgrade your SQL Server like a Ninja
Upgrade your SQL Server like a NinjaUpgrade your SQL Server like a Ninja
Upgrade your SQL Server like a NinjaAmit Banerjee
 
Database Modernization
Database ModernizationDatabase Modernization
Database ModernizationTrivadis
 
Migration to Alibaba Cloud
Migration to Alibaba CloudMigration to Alibaba Cloud
Migration to Alibaba CloudAlibaba Cloud
 
MySQL Alta Disponibilidade com Replicação
MySQL Alta Disponibilidade com Replicação MySQL Alta Disponibilidade com Replicação
MySQL Alta Disponibilidade com ReplicaçãoMySQL Brasil
 
How to Set Up ApsaraDB for RDS on Alibaba Cloud
How to Set Up ApsaraDB for RDS on Alibaba CloudHow to Set Up ApsaraDB for RDS on Alibaba Cloud
How to Set Up ApsaraDB for RDS on Alibaba CloudAlibaba Cloud
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy
 
Azure Data platform
Azure Data platformAzure Data platform
Azure Data platformMostafa
 
Choosing the right Cloud Database
Choosing the right Cloud DatabaseChoosing the right Cloud Database
Choosing the right Cloud DatabaseJanakiram MSV
 
Jax Cloud 2016 Microsoft Ignite Recap
Jax Cloud 2016 Microsoft Ignite RecapJax Cloud 2016 Microsoft Ignite Recap
Jax Cloud 2016 Microsoft Ignite RecapBen Stegink
 
KoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginnersKoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginnersTobias Koprowski
 
Trivadis - Microsoft Swiss Cloud Services
Trivadis - Microsoft Swiss Cloud ServicesTrivadis - Microsoft Swiss Cloud Services
Trivadis - Microsoft Swiss Cloud ServicesTrivadis
 
5 Postgres DBA Tips
5 Postgres DBA Tips5 Postgres DBA Tips
5 Postgres DBA TipsEDB
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition Mark Swarbrick
 
Market Trends in Microsoft Azure
Market Trends in Microsoft AzureMarket Trends in Microsoft Azure
Market Trends in Microsoft AzureGlobalLogic Ukraine
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. částMarketingArrowECS_CZ
 
Oracle virtualbox basic to rac attack
Oracle virtualbox basic to rac attackOracle virtualbox basic to rac attack
Oracle virtualbox basic to rac attackBobby Curtis
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 

Was ist angesagt? (20)

SQL Explore 2012 - Meir Dudai: DAC
SQL Explore 2012 - Meir Dudai: DACSQL Explore 2012 - Meir Dudai: DAC
SQL Explore 2012 - Meir Dudai: DAC
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
 
Upgrade your SQL Server like a Ninja
Upgrade your SQL Server like a NinjaUpgrade your SQL Server like a Ninja
Upgrade your SQL Server like a Ninja
 
Database Modernization
Database ModernizationDatabase Modernization
Database Modernization
 
Migration to Alibaba Cloud
Migration to Alibaba CloudMigration to Alibaba Cloud
Migration to Alibaba Cloud
 
MySQL Alta Disponibilidade com Replicação
MySQL Alta Disponibilidade com Replicação MySQL Alta Disponibilidade com Replicação
MySQL Alta Disponibilidade com Replicação
 
How to Set Up ApsaraDB for RDS on Alibaba Cloud
How to Set Up ApsaraDB for RDS on Alibaba CloudHow to Set Up ApsaraDB for RDS on Alibaba Cloud
How to Set Up ApsaraDB for RDS on Alibaba Cloud
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
 
Azure Data platform
Azure Data platformAzure Data platform
Azure Data platform
 
Choosing the right Cloud Database
Choosing the right Cloud DatabaseChoosing the right Cloud Database
Choosing the right Cloud Database
 
Jax Cloud 2016 Microsoft Ignite Recap
Jax Cloud 2016 Microsoft Ignite RecapJax Cloud 2016 Microsoft Ignite Recap
Jax Cloud 2016 Microsoft Ignite Recap
 
KoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginnersKoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginners
 
MySQL overview
MySQL overviewMySQL overview
MySQL overview
 
Trivadis - Microsoft Swiss Cloud Services
Trivadis - Microsoft Swiss Cloud ServicesTrivadis - Microsoft Swiss Cloud Services
Trivadis - Microsoft Swiss Cloud Services
 
5 Postgres DBA Tips
5 Postgres DBA Tips5 Postgres DBA Tips
5 Postgres DBA Tips
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition
 
Market Trends in Microsoft Azure
Market Trends in Microsoft AzureMarket Trends in Microsoft Azure
Market Trends in Microsoft Azure
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. část
 
Oracle virtualbox basic to rac attack
Oracle virtualbox basic to rac attackOracle virtualbox basic to rac attack
Oracle virtualbox basic to rac attack
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
 

Andere mochten auch

Expert summit SQL Server 2016
Expert summit SQL Server 2016Expert summit SQL Server 2016
Expert summit SQL Server 2016Łukasz Grala
 
SQL Server 2016 novelties
SQL Server 2016 noveltiesSQL Server 2016 novelties
SQL Server 2016 noveltiesMSDEVMTL
 
What's New in SQL Server 2016 for BI
What's New in SQL Server 2016 for BIWhat's New in SQL Server 2016 for BI
What's New in SQL Server 2016 for BITeo Lachev
 
Accelerating Business Intelligence Solutions with Microsoft Azure pass
Accelerating Business Intelligence Solutions with Microsoft Azure passAccelerating Business Intelligence Solutions with Microsoft Azure pass
Accelerating Business Intelligence Solutions with Microsoft Azure passJason Strate
 
Georgia Azure Event - Scalable cloud games using Microsoft Azure
Georgia Azure Event - Scalable cloud games using Microsoft AzureGeorgia Azure Event - Scalable cloud games using Microsoft Azure
Georgia Azure Event - Scalable cloud games using Microsoft AzureMicrosoft
 
OpenPOWER Roadmap Toward CORAL
OpenPOWER Roadmap Toward CORALOpenPOWER Roadmap Toward CORAL
OpenPOWER Roadmap Toward CORALinside-BigData.com
 
Presentacin webinar move_up_to_power8_with_scale_out_servers_final
Presentacin webinar move_up_to_power8_with_scale_out_servers_finalPresentacin webinar move_up_to_power8_with_scale_out_servers_final
Presentacin webinar move_up_to_power8_with_scale_out_servers_finalDiego Alberto Tamayo
 
Oracle Solaris Software Integration
Oracle Solaris Software IntegrationOracle Solaris Software Integration
Oracle Solaris Software IntegrationOTN Systems Hub
 
Open Innovation with Power Systems
Open Innovation with Power Systems Open Innovation with Power Systems
Open Innovation with Power Systems IBM Power Systems
 
Oracle Solaris Secure Cloud Infrastructure
Oracle Solaris Secure Cloud InfrastructureOracle Solaris Secure Cloud Infrastructure
Oracle Solaris Secure Cloud InfrastructureOTN Systems Hub
 
IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...
IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...
IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...Mark Rittman
 
Oracle Solaris Build and Run Applications Better on 11.3
Oracle Solaris Build and Run Applications Better on 11.3Oracle Solaris Build and Run Applications Better on 11.3
Oracle Solaris Build and Run Applications Better on 11.3OTN Systems Hub
 
The Quantum Effect: HPC without FLOPS
The Quantum Effect: HPC without FLOPSThe Quantum Effect: HPC without FLOPS
The Quantum Effect: HPC without FLOPSinside-BigData.com
 

Andere mochten auch (20)

Expert summit SQL Server 2016
Expert summit SQL Server 2016Expert summit SQL Server 2016
Expert summit SQL Server 2016
 
SQL Server 2016 novelties
SQL Server 2016 noveltiesSQL Server 2016 novelties
SQL Server 2016 novelties
 
What's New in SQL Server 2016 for BI
What's New in SQL Server 2016 for BIWhat's New in SQL Server 2016 for BI
What's New in SQL Server 2016 for BI
 
Accelerating Business Intelligence Solutions with Microsoft Azure pass
Accelerating Business Intelligence Solutions with Microsoft Azure passAccelerating Business Intelligence Solutions with Microsoft Azure pass
Accelerating Business Intelligence Solutions with Microsoft Azure pass
 
Georgia Azure Event - Scalable cloud games using Microsoft Azure
Georgia Azure Event - Scalable cloud games using Microsoft AzureGeorgia Azure Event - Scalable cloud games using Microsoft Azure
Georgia Azure Event - Scalable cloud games using Microsoft Azure
 
OpenPOWER Roadmap Toward CORAL
OpenPOWER Roadmap Toward CORALOpenPOWER Roadmap Toward CORAL
OpenPOWER Roadmap Toward CORAL
 
The State of Linux Containers
The State of Linux ContainersThe State of Linux Containers
The State of Linux Containers
 
OpenPOWER Update
OpenPOWER UpdateOpenPOWER Update
OpenPOWER Update
 
IBM POWER8 as an HPC platform
IBM POWER8 as an HPC platformIBM POWER8 as an HPC platform
IBM POWER8 as an HPC platform
 
Presentacin webinar move_up_to_power8_with_scale_out_servers_final
Presentacin webinar move_up_to_power8_with_scale_out_servers_finalPresentacin webinar move_up_to_power8_with_scale_out_servers_final
Presentacin webinar move_up_to_power8_with_scale_out_servers_final
 
Blockchain
BlockchainBlockchain
Blockchain
 
Bitcoin explained
Bitcoin explainedBitcoin explained
Bitcoin explained
 
Oracle Solaris Software Integration
Oracle Solaris Software IntegrationOracle Solaris Software Integration
Oracle Solaris Software Integration
 
Open Innovation with Power Systems
Open Innovation with Power Systems Open Innovation with Power Systems
Open Innovation with Power Systems
 
IBM Power8 announce
IBM Power8 announceIBM Power8 announce
IBM Power8 announce
 
Puppet + Windows Nano Server
Puppet + Windows Nano ServerPuppet + Windows Nano Server
Puppet + Windows Nano Server
 
Oracle Solaris Secure Cloud Infrastructure
Oracle Solaris Secure Cloud InfrastructureOracle Solaris Secure Cloud Infrastructure
Oracle Solaris Secure Cloud Infrastructure
 
IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...
IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...
IlOUG Tech Days 2016 - Big Data for Oracle Developers - Towards Spark, Real-T...
 
Oracle Solaris Build and Run Applications Better on 11.3
Oracle Solaris Build and Run Applications Better on 11.3Oracle Solaris Build and Run Applications Better on 11.3
Oracle Solaris Build and Run Applications Better on 11.3
 
The Quantum Effect: HPC without FLOPS
The Quantum Effect: HPC without FLOPSThe Quantum Effect: HPC without FLOPS
The Quantum Effect: HPC without FLOPS
 

Ähnlich wie SQL Server 2016 New Security Features

Sql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedSql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedDuncan Greaves PhD
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure worldGianluca Sartori
 
Always encrypted overview
Always encrypted overviewAlways encrypted overview
Always encrypted overviewSolidQ
 
Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016George Walters
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingDLT Solutions
 
Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Maximiliano Accotto
 
Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Maximiliano Accotto
 
SQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi CohnSQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi Cohnsqlserver.co.il
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingAntonios Chatzipavlis
 
SQL Server 2008 Security Overview
SQL Server 2008 Security OverviewSQL Server 2008 Security Overview
SQL Server 2008 Security Overviewukdpe
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsHostway|HOSTING
 
Understanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always EncryptedUnderstanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always EncryptedEd Leighton-Dick
 
SQLCAT - Data and Admin Security
SQLCAT - Data and Admin SecuritySQLCAT - Data and Admin Security
SQLCAT - Data and Admin SecurityDenny Lee
 
Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQLVittorio Cioe
 
Pillars of great Azure Architecture
Pillars of great Azure ArchitecturePillars of great Azure Architecture
Pillars of great Azure ArchitectureKarthikeyan VK
 
Enhancing the Security of Data at Rest with SAP ASE 16
Enhancing the Security of Data at Rest with SAP ASE 16Enhancing the Security of Data at Rest with SAP ASE 16
Enhancing the Security of Data at Rest with SAP ASE 16SAP Technology
 

Ähnlich wie SQL Server 2016 New Security Features (20)

Sql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedSql Server 2016 Always Encrypted
Sql Server 2016 Always Encrypted
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure world
 
Securing your data with Azure SQL DB
Securing your data with Azure SQL DBSecuring your data with Azure SQL DB
Securing your data with Azure SQL DB
 
Always encrypted overview
Always encrypted overviewAlways encrypted overview
Always encrypted overview
 
Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
 
Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017
 
Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017
 
SQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi CohnSQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi Cohn
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
 
SQL Server 2008 Security Overview
SQL Server 2008 Security OverviewSQL Server 2008 Security Overview
SQL Server 2008 Security Overview
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite Things
 
Understanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always EncryptedUnderstanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always Encrypted
 
SQLCAT - Data and Admin Security
SQLCAT - Data and Admin SecuritySQLCAT - Data and Admin Security
SQLCAT - Data and Admin Security
 
SQL INJECTION ATTACKS.pptx
SQL INJECTION ATTACKS.pptxSQL INJECTION ATTACKS.pptx
SQL INJECTION ATTACKS.pptx
 
Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQL
 
Pillars of great Azure Architecture
Pillars of great Azure ArchitecturePillars of great Azure Architecture
Pillars of great Azure Architecture
 
Database security2 adebiaye
Database security2 adebiayeDatabase security2 adebiaye
Database security2 adebiaye
 
Database security
Database securityDatabase security
Database security
 
Enhancing the Security of Data at Rest with SAP ASE 16
Enhancing the Security of Data at Rest with SAP ASE 16Enhancing the Security of Data at Rest with SAP ASE 16
Enhancing the Security of Data at Rest with SAP ASE 16
 

Mehr von Gianluca Sartori

Responding to extended events in near real time
Responding to extended events in near real timeResponding to extended events in near real time
Responding to extended events in near real timeGianluca Sartori
 
SQL Server Worst Practices - EN
SQL Server Worst Practices - ENSQL Server Worst Practices - EN
SQL Server Worst Practices - ENGianluca Sartori
 
TSQL Advanced Query Techniques
TSQL Advanced Query TechniquesTSQL Advanced Query Techniques
TSQL Advanced Query TechniquesGianluca Sartori
 
My Query is slow, now what?
My Query is slow, now what?My Query is slow, now what?
My Query is slow, now what?Gianluca Sartori
 
SQL Server Benchmarking, Baselining and Workload Analysis
SQL Server Benchmarking, Baselining and Workload AnalysisSQL Server Benchmarking, Baselining and Workload Analysis
SQL Server Benchmarking, Baselining and Workload AnalysisGianluca Sartori
 
A performance tuning methodology
A performance tuning methodologyA performance tuning methodology
A performance tuning methodologyGianluca Sartori
 
SQL Server Worst Practices
SQL Server Worst PracticesSQL Server Worst Practices
SQL Server Worst PracticesGianluca Sartori
 

Mehr von Gianluca Sartori (9)

Benchmarking like a pro
Benchmarking like a proBenchmarking like a pro
Benchmarking like a pro
 
Sql server infernals
Sql server infernalsSql server infernals
Sql server infernals
 
Responding to extended events in near real time
Responding to extended events in near real timeResponding to extended events in near real time
Responding to extended events in near real time
 
SQL Server Worst Practices - EN
SQL Server Worst Practices - ENSQL Server Worst Practices - EN
SQL Server Worst Practices - EN
 
TSQL Advanced Query Techniques
TSQL Advanced Query TechniquesTSQL Advanced Query Techniques
TSQL Advanced Query Techniques
 
My Query is slow, now what?
My Query is slow, now what?My Query is slow, now what?
My Query is slow, now what?
 
SQL Server Benchmarking, Baselining and Workload Analysis
SQL Server Benchmarking, Baselining and Workload AnalysisSQL Server Benchmarking, Baselining and Workload Analysis
SQL Server Benchmarking, Baselining and Workload Analysis
 
A performance tuning methodology
A performance tuning methodologyA performance tuning methodology
A performance tuning methodology
 
SQL Server Worst Practices
SQL Server Worst PracticesSQL Server Worst Practices
SQL Server Worst Practices
 

Kürzlich hochgeladen

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 

Kürzlich hochgeladen (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

SQL Server 2016 New Security Features

  • 1. #SQLSAT454 SQL Server 2016 New Security Features Gianluca Sartori @spaghettidba
  • 3. #SQLSAT454 Gianluca Sartori  Independent SQL Server consultant  SQL Server MVP, MCTS, MCITP, MCT  Works with SQL Server since version 7  DBA @ Scuderia Ferrari  Blog: spaghettidba.com  Twitter: @spaghettidba
  • 4. #SQLSAT454 Agenda  Security Boundaries  Always Encrypted  Row Level Security  Dynamic Data Masking
  • 5. #SQLSAT454 Why New Security Features?  SQL Server has plenty security features  TDE  Protects database files and backups at rest  Cell-Level Encryption  Encrypts single values in database tables  SSL  Protects data on the network
  • 6. #SQLSAT454 Security Boundaries – Open Apps SSMS Database Developer DBA Manager User Software Vendor Unauthorized Users
  • 7. #SQLSAT454 Security Boundaries – Non Sensitive Apps SSMS Database Developer DBA Manager User Software Vendor Unauthorized Users Copy Copy
  • 8. #SQLSAT454 Security Boundaries – Sensitive Apps SSMS Database Developer DBA Manager User Software Vendor Unauthorized Users Copy Copy
  • 10. #SQLSAT454 Always Encrypted – Key Features Prevents Data Disclosure End-to-end encryption of individual columns in a table with keys that are never given to the database system. Queries on Encrypted Data Support for equality comparison, incl. join, group by and distinct operators. Application Transparency Minimal application changes via server and client library enhancements.
  • 11. #SQLSAT454 Always Encrypted  Sensitive data is encrypted at column level  Data is protected from high-privileged users  DBAs  System Admins  Hackers  Data is stored securely outside security boundaries  The database never sees unencrypted data  Cloud providers  Third-parties
  • 12. #SQLSAT454 Always Encrypted – How it works App SELECT Name FROM Patients WHERE SSN=@SSN @SSN='198-33-0987' Column Encryption Key Jane Doe Name 1x7fg655se2 e SSN USA Country Jim Gray 0x7ff654ae6d USA John Smith 0y8fj754ea2c USA dbo.Patients Result Set Jim Gray Name Query Application - Trusted SQL Server - Untrusted SELECT Name FROM Patients WHERE SSN=@SSN @SSN=0x7ff654ae6d Enhanced ADO.NET Library SQL Server Native Client .NET 4.6 Column Master Key
  • 13. #SQLSAT454 Encryption Types  Deterministic Encryption Same plaintext value  Same encrypted value Supports indexing, equality comparison, JOINs, DISTINCT  Randomized Encryption Same plaintext value  Different encrypted value Supports retrieval of encrypted data No SQL operations supported
  • 15. #SQLSAT454 TDE vs Always Encrypted Always Encrypted TDE Column level Database level Client encryption Server encryption Server doesn’t know encryption keys Server knows encryption keys Data in memory is encrypted Data in memory is in plaintext Data travels the network encrypted Data travels the network in plaintext
  • 16. #SQLSAT454 Custom encryption vs Always Encrypted Always Encrypted Custom Encryption Slight application changes Needs obtrusive changes Disallows saving plaintext data Plaintext data can be saved by accident Allows indexing of cyphertext * Allows indexing of cyphertext * * depending on encryption algorithm
  • 17. #SQLSAT454 Always Encrypted - Limitations  Deterministic encryption needs _BIN2 collation  Not all datatypes supported  Partial support for triggers  Unsupported features:  Full-text search  Replication  Change Data Capture  In-Memory OLTP  Stretch Database
  • 18. #SQLSAT454 What changes for Applications?  ConnectionString must include new key: Column Encryption Setting=enabled;  Ad-hoc queries not supported SELECT SomeColumn FROM SomeTable WHERE EncrypedColumn = 'SomeValue';  Needs correctly parameterized queries SELECT SomeColumn FROM SomeTable WHERE EncrypedColumn = @param;
  • 19. #SQLSAT454 Always Encrypted for Existing Data  Existing columns must be encrypted client side  Easiest way: Import / Export wizard Ad-hoc wizard In SSMS 2016?
  • 24. #SQLSAT454 Dynamic Data Masking – Key Features Limits Sensitive Data Exposure Sensitive data is masked. Administrators designate how much of the sensitive data to reveal. Useful for Compliance Helps adhering to privacy standards imposed by regulation authorities. Application Transparency No application changes. Existing queries keep working.
  • 25. #SQLSAT454 Dynamic Data Masking Database Non-Privileged User Privileged User Unmasked Data DATA Jane Doe Name 062-56-4651 SSN 2.500 Salary Jim Gray 915-12-9845 2.350 John Smith 354-21-9184 1.500 dbo.Employees 062-56-4651 SSN Masked Data XXX-XX-XXXX SSN
  • 26. #SQLSAT454 Dynamic Data Masking  Obfuscates data using 3 masking functions  Default: depends on data type  Email: aXXX.XXXX.com  Partial: prefixXXXXXXsuffix  Data is stored unmasked  Masking happens on resultset formation  GRANT UNMASK to disclose data  Works in Azure SQL Database (preview)
  • 27. #SQLSAT454 Dynamic Data Masking - Limitations  Not all datatypes supported  Not intended as a complete protection feature for sensitive data  Ad-Hoc queries disclose data. Ex: WHERE Salary > 2000  INSERT…SELECT does not preserve masking  Some quirks  Not suitable for handing out copies of the database to software vendors or third-parties
  • 31. #SQLSAT454 Row Level Security – Key Features Fine-grained access control In multi-tenant databases, limits access by other users who share the same tables. Centralized Security Logic Predicate-based access control logic resides inside the database and is schema-bound to the tables it protects. Application Transparency No application changes. Existing queries keep working.
  • 32. #SQLSAT454 Row-Level Security LATAM Salesperson EMEA Salesperson Evil Inc. Name EMEA Area 2.500 Budget Wealthy Corp. LATAM 2.350 Greedy Corp. APAC 1.500 dbo.Customer Manager APAC Salesperson
  • 33. #SQLSAT454 Row-Level Security - Concepts  Predicate function User-defined inline iTVF implementing access control logic. Can be arbitrarily complicated  Security predicate Applies a predicate function to a particular table (APPLY) Two types: filter predicates and blocking predicates  Security policy Collection of security predicates Manages security across multiple tables
  • 34. #SQLSAT454 Row-Level Security – How it works EMEA Salesperson Evil Inc. Name EMEA Area 2.500 Budget Wealthy Corp. LATAM 2.350 Greedy Corp. APAC 1.500 dbo.Customer DBA Security Policy SELECT * FROM Customer SELECT * FROM Customer APPLY itvf_securityPredicate()
  • 36. #SQLSAT454 Row-Level Security - Limitations  SCHEMABINDING: all tables in the predicate function must reside in the database  Performance impact: queries are rewritten  When authenticating the application, CONTEXT_INFO() can be used to filter on real user  Not really secure if users can run ad-hoc queries  Don’t lock out the DBA!
  • 38. #SQLSAT454 Resources Always Encrypted on MSDN Getting Started With Always Encrypted Performance impact of Always Encrypted Dynamic Data Masking on MSDN Using Dynamic Data Masking Row-Level Security on MSDN Introduction to Row-Level Security Row-Level Security Limitations
  • 39. #SQLSAT454 Evaluations  Don’t forget to compile evaluations form here  http://speakerscore.com/sqlsat454