Encrypting Data within SQL Server

Slides:



Advertisements
Similar presentations
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Advertisements

Overview and Roadmap for Microsoft SQL Server Security
Creating a SharePoint App with Microsoft Access Services
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
How a little code can help with support.. Chris Barba – Developer at Cimarex Energy Blog:
Additional Security Tools Lesson 15. Skills Matrix.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
A Brief Documentation.  Provides basic information about connection, server, and client.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
#SQLSAT454 SQL Server 2016 New Security Features Gianluca
SQL SATURDAY #444 – Kansas City, MO. A LOOK AT ALWAYS ENCRYPTED SQL SATURDAY #444 – KANSAS CITY, MO DAVE WALDEN PRINCIPAL SOLUTIONS ARCHITECT DB BEST.
Inspirirani ljudima. Ugasite mobitele. Hvala.. Paolo Pialorsi Senior Consultant PiaSys ( Publishing apps for SharePoint 2013 on Microsoft.
Secure SQL Database with TDE Thomas Chan SQL Saturday Raleigh.
End to End Always Encrypted in SQL Server 2016 Steve Jones SQLServerCentral Redgate Software.
SQL Server High Availability Introduction to SQL Server high availability solutions.
SQL Server 2016 Security Features Marek Chmel Microsoft MVP: Data Platform Microsoft MCT: Regional Lead MCSE: Data Platform Certified Ethical Hacker.
SQL Server Encryption Ben Miller Blog:
Defense In Depth: Minimizing the Risk of SQL Injection
Data Security with Power BI, SSAS, SQL Server 2016 and Active Directory June 10, 2017.
Mile Hi Power BI User Group
SQL Database Management
ArcGIS for Server Security: Advanced
Azure SQL Database Updates
Securing Your Data With SQL 2016 (An overview of Always Encrypted)
SQL Server on Linux CTP 1.1 Florian
Securing SQL Server Processes with Certificates
Data Virtualization Demoette… ODBC Clients
Hiding Data from Prying eyes: Using SQL Server 2016 Always Encrypted
Securing Data with SQL Server 2016
Nicho Joins Microsoft Azure Certified Program to Transform Brand Engagement, Boost Customer Acquisition and Conversions with Scalable Ease MICROSOFT AZURE.
Data Virtualization Demoette… ADO.NET Client
6/16/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Who am I Hector Villafuerte
Encryption in SQL Server
Deploying and Configuring SSIS Packages
MySQL Cloud Service 1Z0-320 VCE
SQL Server 2016 Security Features
Always Encrypted in the Real World
2018 Microsoft Exam - Get Microsoft PDF With Actual Questions Answers
Download Exam - Valid Question Answers - Dumps4download.us
Security enhancements in SQL Server 2016
Solving ETL Bottlenecks with SSIS Scale Out
How to survive without a GUI
Discovering SSRS 2016 in Azure: Dataset to Deployment
Multi-Farm, Cross-Continent SharePoint Architecture
Populating a Data Warehouse
Dynamic data masking deep dive
Populating a Data Warehouse
Cardinality Estimator 2014/2016
Encryption Not just for the NSA anymore
Beginners 101 Guide To Always Encrypted
Security Enhancements in SQL Server 2016
Populating a Data Warehouse
Populating a Data Warehouse
Azure Machine Learning Studio: Four Tips from the Pros
End to End Security and Encryption in SQL Server
Secure/Encrypt SQL Server Database With TDE
SQL Server 2016 Security Features
Top 5 TIPS TO KEEP Always on AGs humming and users happy
Governing Your Enterprise with Policy-Based Management
SQL Server Query Design and Optimization Recommendations
SSIS Data Integration Data Warehouse Acceleration
Erin Dempster SQL Server 2019 Sneak Peek.
Michelle Haarhues Keeping up with SSMS.
Boston Code Camp – April 2019 Jason Haley
Stefano Tempesta Secure Machine Learning with SQL Server Always Encrypted with Secure Enclaves.
Advanced Database Topics
We Need To Talk Security
Presentation transcript:

Encrypting Data within SQL Server Tom Norman Encrypting Data within SQL Server

Tom Norman Data Architect – KPA Raleigh, North Carolina Microsoft Certified Professional PASS Virtualization Virtual Group Leader SQL Saturday Speaker Raleigh, Denver, Houston, Baltimore, Colorado Springs, Albuquerque, Chicago, Charlotte, Atlanta, Spartanburg, Jacksonville, Tampa, Boston, Columbus GA

Sponsors A quick comment about sponsors. SQL Saturdays cannot take place without the funding provided by sponsors. The speakers are not paid. The organizers and other folks running around making sure this event runs smoothly are all volunteers. However, his facility, the food, and other expenses that go into putting on an event of this magnitude requires money. Sponsors provide that money. So, show your appreciation by saying hi and thank you when you stop by the sponsor tables to stuff your raffle ticket into the box. You might even take a couple of minutes to ask about their product and services. You may learn something valuable that you can bring back to your work, or that might become a career opportunity. It's all part of the very important networking you should be doing while you are here.

Agenda Company Data Breaches Government Regulations Data Protection Types Encryption in SQL Server Always Encrypted SSIS with Always Encrypted

Company Data Breaches

Company Data Breaches Aadhaar – 1.1 Billion, 2018 Exactis - 340 Million, 2018 Under Armour - 150 Million, 2018 MyHeritage - 92 Million, 2018 Facebook - 87 Million, 2018 Panera Bread - 37 Million, 2018 Ticketfly - 27 Million, 2018 Sacramento Bee - 19.5 Million, 2018 PumpUp – 6 Million, 2018 Saks, Lord & Taylor – 5 Million, 2018 Source: https://blog.barkly.com/biggest-data-breaches-2018-so-far

Government Regulations

Government Regulations PII - Personal Identifiable Information (US) GDPR – General Data Protection Regulation (EU) PCI - Payment Card Industry (US) HIPAA – Health Information Privacy (US) California Consumer Privacy Act of 2018

Data Protection Types

Transparent Data Encryption Cell Level Encryption Always Encrypted Types of Encryption Transparent Data Encryption Cell Level Encryption Always Encrypted

Encryption in SQL Server

Encryption in SQL Server - TDE No Application Change Selects – See Data SSL - Configure Enterprise Edition Data At Rest Data Files Log Files Backups

Encryption in SQL Server – Cell Level Application Change Enterprise Edition Selects – See Data with Decryption function

Encryption in SQL Server – Always Encrypted Client Side .Net 4.6 Enterprise Edition (RTM) Standard Edition (SP1)

Always Encrypted

Types of Always Encrypted Data Randomized - a method that encrypts data in a less predictable manner. Randomized encryption is more secure, but prevents equality searches, grouping, indexing, and joining on encrypted columns. Deterministic - method which always generates the same encrypted value for any given plain text value. Using deterministic encryption allows grouping, filtering by equality, and joining tables based on encrypted values, but can also allow unauthorized users to guess information about encrypted values

Securing Always Encrypted Column Master Key Protects column encryption keys. Stored in a trusted key store. System catalog views. View in SSMS

Securing Always Encrypted Column Encryption Key Protected by Column Master Key. Encrypts sensitive column data. Column encrypted with single column encryption key. System catalog views. Backup keys.

Column Master Key Windows Certificate Store Azure Key Vault Current User Local Machine Azure Key Vault Key Storage Provider

Always Encrypted SSL Encrypted Data Encrypted in Memory No DML without permissions Missing .Net 4.6 returns varbinary field type Correct setup returns field type

Always Encrypted See data in SSMS Yes, Access to Column Master Key No, no access to Column Master Key Connection string parameter Column Encryption Setting = Enabled Query Option Parameterization for Always Encrypted

Always Encrypted Limitations - 2016 Not Allowed Order By Cast / Convert Temp Tables .Net Core CLR SQL Provider

Always Encrypted Limitations - 2016 Not Allowed Like Range Indexes Check Constraints

Always Encrypted Issues - 2016 Field Type vs Parameter Type SSMS Wizard Slow SSDT convert existing fields SSDT publish profile

Always Encrypted - 2019 Secure Enclave Windows Server 2019 / Windows 10 Build 1809 .Net Framework 4.7.2 .Net Framework Data Provider for SQL Server Configure Host Guardian Service in environment Register service hosting SQL Server

Always Encrypted - 2019

Always Encrypted - 2019 Operation Column is NOT enclave-enabled Column is enclave-enabled Randomized encryption Deterministic encryption In-place encryption Not Supported Supported Equality comparison Supported outside of the enclave Supported (inside the enclave) Comparison operators beyond equality LIKE

SSIS with Always Encrypted

SSIS Use ADO Net connection strings Connection Manager Properties Enable Column Encryption Setting

BCP ALTER USER Bob WITH ALLOW_ENCRYPTED_VALUE_MODIFICATIONS = ON;

References https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-2017#feature-details https://blogs.msdn.microsoft.com/sqlsecurity/2016/12/13/parameterization-for-always-encrypted-using-ssms-to-insert-into-update-and-filter-by-encrypted-columns/ https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-enclaves?view=sqlallproducts-allversions

? Questions

@ Consistent Releases Tom Norman Email: ArmorDba@gmail.com Twitter: @ArmorDba LinkedIn: www.linkedin.com/in/armordba Blog: http://armordba.wordpress.com/

Demo

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.