Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hiding your data with SQL Server 2016/17

Published byPhilippa Williamson Modified over 6 years ago

Similar presentations

Presentation on theme: "Hiding your data with SQL Server 2016/17"— Presentation transcript:

1 Hiding your data with SQL Server 2016/17
Ivan Campos Data Platform MVP 09/2017 – SQL Saturday Cambridge #632

2 SAY THANK YOU TO OUR SPONSORS!

3 Sponsor Raffle!!! Each sponsor stamp will opt you into their raffle prize and mailings Collect 9+ sponsor stamps on your Badge to be eligible for the Xbox Hand entire Badge/ ribbon back into registration desk at end of day We will draw Badges for prizes at 5pm in Cromwell (if you are drawn and do not have the pre-requisite stamp/s….. You lose!) SQLCloud: XBox One-S with Forza Horizon 3 Bundle; Amazon Fire TV with 4K Ultra HD; Raspberry Pi 3 Starter Kit; dbWatch: Apple iPad Mini; Skybow: Marshall Speaker; Coeo: A free place on any Coeo training course, RRP £600; Edison365: Helicopter ride (lunchtime session prize) and a Fire TV Stick; Pyramid Analytics: Amazon Echo; Quest: Samsung Gear S2 Smartwatch; DBPro/ SQLGovernor: Splash-proof JBL bluetooth speaker; Redgate: SQL Monitor License - with 12 months support and upgrades; Axioworks: Amazon Echo Dot; Idera: $100 Amazon card; Lightning Tools: Lego Technics Race Car; SQL Sentry: SQL Sentry license and 1 year of support (worth $2994); Locke Data: R for Data Science: Import, Tidy, Transform, Visualize, and Model Data; SharePoint Unite /BMM Media: A free pass to SharePoint Unite 2017 conference in Haarlem, Netherlands, on the 25th & 26th October. worth €699. travel and hotel not included; PASS: Recording (download) of all sessions from PASS Summit 2016

4 Social Make sure you tweet on #spscambridge or #sqlsatcambridge
During the event we have Giant Jenga, Sack races and Conker Fights! After event, join us for a post event SharePint/ SQLPint from our bar Don’t forget to thank Sponsors, Volunteers and Speakers! The event will close at 6.30pm

5 My Session Proposal Always Encrypted Q.A End About me
SQL Server Security Features Overview Dynamic Data Masking Introduction to DDM Demo On perm & Azure Restrictions Row Level Security Introduction to RLS Restriction's Always Encrypted Introduction to AE Demo On Perm Restriction’s Q.A End

6 About ME Ivan Campos SQL Server Architect @
Microsoft Data Platform Most Valuable Professional & Certified Professional Porto.Data Founder -> PASS Chapter SQL Saturday Organizer Contacts: @WizardDba Besides all of this but much more important, I’m a father of three beautiful kids

7 SQL Server Security Features Overview
AE; TDE RLS; Dynamic Data Masking Encryption Secure App Development Auditing Auditing using PowerBI

8 Introduction to Dynamic data masking
The purpose of dynamic data masking is to limit exposure of sensitive data, preventing users who should not have access to the data from viewing it. Dynamic data masking does not aim to prevent database users from connecting directly to the database and running exhaustive queries that expose pieces of the sensitive data. Dynamic data masking is complementary to other SQL Server security features

9 Introduction to Dynamic data masking
MASKED WITH (FUNCTION = 'default()') NULL MASKED WITH (FUNCTION = ' ()') NULL Exposes the first letter of an address and the constant suffix (.com) For string data types - XXXX (char, nchar,varchar, nvarchar, text, ntext) 0 for numeric data types (bigint, bit, decimal, int, money, numeric,  smallint, smallmoney, tinyint, float, real) Date/time (date, datetime2, datetime, datetimeoffset,  smalldatetime, time) Binary data value 0 (binary, varbinary, image) MASKED WITH (FUNCTION = 'random([start range], [end range])' A random masking function for use on any numeric  MASKED WITH (FUNCTION = 'partial(prefix,[padding],suffix)') NULL Masking method which exposes the first and last letters and adds a custom padding string in the middle

10 Dynamic data masking Restrictions
Encrypted columns (AE) FILESTREAM COLUMN_SET / Sparse column that is part of a column set. A mask cannot be configured on a computed column, but if the computed column depends on a column with a MASK, then the computed column will return masked data. A column with data masking cannot be a key for a FULLTEXT index.

11 Introduction to Row-Level Security
Fine – Grained access control Keeping multi-tenant databases secure by limiting access by other users who share the same tables. Application transparency RLS works transparentely, apps don’t need to change. Centralized security logic Logic resides inside Database Reduce app maintenance and complexity

12 Introduction to Row-Level Security
Predicate function User-defined inline table-valued function (iTVF) with your logic Flexible, you can use join logic with other tables Security Predicate Applies a predicate function to a particular table (Semijoin (APPLY) operation) Types: Filter Predicates - Filter the rows available to read operations SELECT, UPDATE, and DELETE Blocking Predicates -  explicitly block write operations AFTER INSERT, AFTER UPDATE, BEFORE UPDATE, BEFORE DELETE. BEFORE predicates are useful when you want to prevent data modifications AFTER predicates help to block operations when the values violate the predicate for some rows Security policy Collection of security predicates (multi-tables)

13 Row-Level security Restrictions/Limitations
Filestream Polybase Indexed Views Partitioned Views (Just for block predicates) Caveats DBCC SHOW_STATISTICS reports statistics on unfiltered data, leak information. In Memory OLTP – Must use WITH NATIVE_COMPILATION CDC, Change Tracking, temporal Full-Text Search, A performance hit is expected Columnstore Indexes, A performance hit is expected

14 Always Encrypted

15 Encrypted Columns/data
Always Encrypted Trusted Key Store CMK SQL Server Database Encrypted Data Driver Encrypted CEK Encrypted Columns/data APP Decrypted Data When SQL Server sends encrypted data back to such applications, it attaches an encrypted CEK and the location of the CMK to the result set. The client driver communicates with the key store and gets the CMK, which is used to decrypt the CEK and column data. A similar process happens with parameterized queries. The driver collaborates with SQL Server in determining what parameters should be encrypted. It obtains the CEK and the location of the CMK from SQL Server, gets the CMK from the key store, and encrypts the parameter values before sending a query to SQL Server. All encryption and decryption is done transparently to the client applications, and data is never transmitted over the wire unencrypted. It is also worth noting that the driver uses the local cache to store decrypted column encryption keys so as to reduce the number of round trips made to the key store. Encrypted CEK CMK Client

16 Always Encrypted Limitations
Just see with your eyes us/sql/relational- databases/security/encryption/alwa ys-encrypted-database-engine

17 Q.A See you next year !!! Thanks for being present BYE

Download ppt "Hiding your data with SQL Server 2016/17"

Similar presentations

Big Data Working with Terabytes in SQL Server Andrew Novick www.NovickSoftware.com.

Big Data Working with Terabytes in SQL Server Andrew Novick
Project Management Database and SQL Server Katmai New Features Qingsong Yao

Project Management Database and SQL Server Katmai New Features Qingsong Yao
Overview and Roadmap for Microsoft SQL Server Security

Overview and Roadmap for Microsoft SQL Server Security
Creating a SharePoint App with Microsoft Access Services

Creating a SharePoint App with Microsoft Access Services
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
2 An Overview of SQL Server 2008 New Features Jeremy Boyd Mindscape MSDN Regional Director & MVP – SQL Server DAT302.

2 An Overview of SQL Server 2008 New Features Jeremy Boyd Mindscape MSDN Regional Director & MVP – SQL Server DAT302.
SQL Data Definition Language (DDL) Using Microsoft SQL Server 1SDL Data Definition Language (DDL)

SQL Data Definition Language (DDL) Using Microsoft SQL Server 1SDL Data Definition Language (DDL)
Kristina Rumpff Securing Data on your Terms DAT33 1.

Kristina Rumpff Securing Data on your Terms DAT33 1.
SQLintersection Session: Tuesday, 12:00-1:00pm NEW SECURITY FEATURES IN SQL SERVER 2016 & AZURE SQL DB Aaron Bertrand

SQLintersection Session: Tuesday, 12:00-1:00pm NEW SECURITY FEATURES IN SQL SERVER 2016 & AZURE SQL DB Aaron Bertrand
SQL SATURDAY #444 – Kansas City, MO. A LOOK AT ALWAYS ENCRYPTED SQL SATURDAY #444 – KANSAS CITY, MO DAVE WALDEN PRINCIPAL SOLUTIONS ARCHITECT DB BEST.

SQL SATURDAY #444 – Kansas City, MO. A LOOK AT ALWAYS ENCRYPTED SQL SATURDAY #444 – KANSAS CITY, MO DAVE WALDEN PRINCIPAL SOLUTIONS ARCHITECT DB BEST.
Securing Data on your Terms Kristina Rumpff SQL Saturday #464, Melbourne 20 th February 2016.

Securing Data on your Terms Kristina Rumpff SQL Saturday #464, Melbourne 20 th February 2016.
End to End Always Encrypted in SQL Server 2016 Steve Jones SQLServerCentral Redgate Software.

End to End Always Encrypted in SQL Server 2016 Steve Jones SQLServerCentral Redgate Software.
SQL Server 2016 Security Features Marek Chmel Microsoft MVP: Data Platform Microsoft MCT: Regional Lead MCSE: Data Platform Certified Ethical Hacker.

SQL Server 2016 Security Features Marek Chmel Microsoft MVP: Data Platform Microsoft MCT: Regional Lead MCSE: Data Platform Certified Ethical Hacker.
Session Name Pelin ATICI SQL Premier Field Engineer.

Session Name Pelin ATICI SQL Premier Field Engineer.
Data Security with Power BI, SSAS, SQL Server 2016 and Active Directory June 10, 2017.

Data Security with Power BI, SSAS, SQL Server 2016 and Active Directory June 10, 2017.
Azure SQL Database Updates

Azure SQL Database Updates
Securing Your Data With SQL 2016 (An overview of Always Encrypted)

Securing Your Data With SQL 2016 (An overview of Always Encrypted)
Aga Private computer Institute Prepared by: Srwa Mohammad

Aga Private computer Institute Prepared by: Srwa Mohammad
Creating Database Objects

Creating Database Objects
Make Your Life Easier with Microsoft Flow

Make Your Life Easier with Microsoft Flow

Similar presentations

Ads by Google