Presentation is loading. Please wait.

Presentation is loading. Please wait.

Encrypting Data within SQL Server

Published byΣατανᾶς Μπότσαρης Modified over 6 years ago

Similar presentations

Presentation on theme: "Encrypting Data within SQL Server"— Presentation transcript:

1 Encrypting Data within SQL Server
Tom Norman Encrypting Data within SQL Server

2 Tom Norman Data Architect – KPA Raleigh, North Carolina
Microsoft Certified Professional PASS Virtualization Virtual Group Leader SQL Saturday Speaker Raleigh, Denver, Houston, Baltimore, Colorado Springs, Albuquerque, Chicago, Charlotte, Atlanta, Spartanburg, Jacksonville, Tampa, Boston, Columbus GA

3 Sponsors A quick comment about sponsors. SQL Saturdays cannot take place without the funding provided by sponsors. The speakers are not paid. The organizers and other folks running around making sure this event runs smoothly are all volunteers. However, his facility, the food, and other expenses that go into putting on an event of this magnitude requires money. Sponsors provide that money. So, show your appreciation by saying hi and thank you when you stop by the sponsor tables to stuff your raffle ticket into the box. You might even take a couple of minutes to ask about their product and services. You may learn something valuable that you can bring back to your work, or that might become a career opportunity. It's all part of the very important networking you should be doing while you are here.

4 Agenda Company Data Breaches Government Regulations
Data Protection Types Encryption in SQL Server Always Encrypted SSIS with Always Encrypted

5 Company Data Breaches

6 Company Data Breaches Aadhaar – 1.1 Billion, 2018
Exactis Million, 2018 Under Armour Million, 2018 MyHeritage - 92 Million, 2018 Facebook - 87 Million, 2018 Panera Bread - 37 Million, 2018 Ticketfly - 27 Million, 2018 Sacramento Bee Million, 2018 PumpUp – 6 Million, 2018 Saks, Lord & Taylor – 5 Million, 2018 Source:

7 Government Regulations

8 Government Regulations
PII - Personal Identifiable Information (US) GDPR – General Data Protection Regulation (EU) PCI - Payment Card Industry (US) HIPAA – Health Information Privacy (US) California Consumer Privacy Act of 2018

9 Data Protection Types

10 Transparent Data Encryption Cell Level Encryption Always Encrypted
Types of Encryption Transparent Data Encryption Cell Level Encryption Always Encrypted

11 Encryption in SQL Server

12 Encryption in SQL Server - TDE
No Application Change Selects – See Data SSL - Configure Enterprise Edition Data At Rest Data Files Log Files Backups

13 Encryption in SQL Server – Cell Level
Application Change Enterprise Edition Selects – See Data with Decryption function

14 Encryption in SQL Server – Always Encrypted
Client Side .Net 4.6 Enterprise Edition (RTM) Standard Edition (SP1)

15 Always Encrypted

16 Types of Always Encrypted Data
Randomized - a method that encrypts data in a less predictable manner. Randomized encryption is more secure, but prevents equality searches, grouping, indexing, and joining on encrypted columns. Deterministic - method which always generates the same encrypted value for any given plain text value. Using deterministic encryption allows grouping, filtering by equality, and joining tables based on encrypted values, but can also allow unauthorized users to guess information about encrypted values

17 Securing Always Encrypted
Column Master Key Protects column encryption keys. Stored in a trusted key store. System catalog views. View in SSMS

18 Securing Always Encrypted
Column Encryption Key Protected by Column Master Key. Encrypts sensitive column data. Column encrypted with single column encryption key. System catalog views. Backup keys.

19 Column Master Key Windows Certificate Store Azure Key Vault
Current User Local Machine Azure Key Vault Key Storage Provider

20

21 Always Encrypted SSL Encrypted Data Encrypted in Memory
No DML without permissions Missing .Net 4.6 returns varbinary field type Correct setup returns field type

22 Always Encrypted See data in SSMS Yes, Access to Column Master Key
No, no access to Column Master Key Connection string parameter Column Encryption Setting = Enabled Query Option Parameterization for Always Encrypted

23 Always Encrypted Limitations - 2016
Not Allowed Order By Cast / Convert Temp Tables .Net Core CLR SQL Provider

24 Always Encrypted Limitations - 2016
Not Allowed Like Range Indexes Check Constraints

25 Always Encrypted Issues - 2016
Field Type vs Parameter Type SSMS Wizard Slow SSDT convert existing fields SSDT publish profile

26 Always Encrypted - 2019 Secure Enclave
Windows Server 2019 / Windows 10 Build 1809 .Net Framework 4.7.2 .Net Framework Data Provider for SQL Server Configure Host Guardian Service in environment Register service hosting SQL Server

27 Always Encrypted

28 Always Encrypted - 2019 Operation Column is NOT enclave-enabled
Column is enclave-enabled Randomized encryption Deterministic encryption In-place encryption Not Supported Supported Equality comparison Supported outside of the enclave Supported (inside the enclave) Comparison operators beyond equality LIKE

29 SSIS with Always Encrypted

30 SSIS Use ADO Net connection strings Connection Manager Properties Enable Column Encryption Setting

31 BCP ALTER USER Bob WITH ALLOW_ENCRYPTED_VALUE_MODIFICATIONS = ON;

32 References

33 ? Questions

34 @ Consistent Releases Tom Norman Email:
Twitter: @ArmorDba LinkedIn: Blog:

35 Demo

Download ppt "Encrypting Data within SQL Server"

Similar presentations

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Overview and Roadmap for Microsoft SQL Server Security

Overview and Roadmap for Microsoft SQL Server Security
Creating a SharePoint App with Microsoft Access Services

Creating a SharePoint App with Microsoft Access Services
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
How a little code can help with support.. Chris Barba – Developer at Cimarex Energy Blog:

How a little code can help with support.. Chris Barba – Developer at Cimarex Energy Blog:
Additional Security Tools Lesson 15. Skills Matrix.

Additional Security Tools Lesson 15. Skills Matrix.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.

1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
A Brief Documentation.  Provides basic information about connection, server, and client.

A Brief Documentation.  Provides basic information about connection, server, and client.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
#SQLSAT454 SQL Server 2016 New Security Features Gianluca

#SQLSAT454 SQL Server 2016 New Security Features Gianluca
SQL SATURDAY #444 – Kansas City, MO. A LOOK AT ALWAYS ENCRYPTED SQL SATURDAY #444 – KANSAS CITY, MO DAVE WALDEN PRINCIPAL SOLUTIONS ARCHITECT DB BEST.

SQL SATURDAY #444 – Kansas City, MO. A LOOK AT ALWAYS ENCRYPTED SQL SATURDAY #444 – KANSAS CITY, MO DAVE WALDEN PRINCIPAL SOLUTIONS ARCHITECT DB BEST.
Inspirirani ljudima. Ugasite mobitele. Hvala.. Paolo Pialorsi Senior Consultant PiaSys (www.pialorsi.com) Publishing apps for SharePoint 2013 on Microsoft.

Inspirirani ljudima. Ugasite mobitele. Hvala.. Paolo Pialorsi Senior Consultant PiaSys ( Publishing apps for SharePoint 2013 on Microsoft.
Secure SQL Database with TDE Thomas Chan SQL Saturday 445 - Raleigh.

Secure SQL Database with TDE Thomas Chan SQL Saturday Raleigh.
End to End Always Encrypted in SQL Server 2016 Steve Jones SQLServerCentral Redgate Software.

End to End Always Encrypted in SQL Server 2016 Steve Jones SQLServerCentral Redgate Software.
SQL Server High Availability Introduction to SQL Server high availability solutions.

SQL Server High Availability Introduction to SQL Server high availability solutions.
SQL Server 2016 Security Features Marek Chmel Microsoft MVP: Data Platform Microsoft MCT: Regional Lead MCSE: Data Platform Certified Ethical Hacker.

SQL Server 2016 Security Features Marek Chmel Microsoft MVP: Data Platform Microsoft MCT: Regional Lead MCSE: Data Platform Certified Ethical Hacker.
SQL Server Encryption Ben Miller Blog:

SQL Server Encryption Ben Miller Blog:
Defense In Depth: Minimizing the Risk of SQL Injection

Defense In Depth: Minimizing the Risk of SQL Injection
Data Security with Power BI, SSAS, SQL Server 2016 and Active Directory June 10, 2017.

Data Security with Power BI, SSAS, SQL Server 2016 and Active Directory June 10, 2017.

Similar presentations

Ads by Google