Presentation is loading. Please wait.

Presentation is loading. Please wait.

Compliance Lessons from Operating SQL Server in Azure SQL DB.

Published byLeonard Hines Modified over 9 years ago

Similar presentations

Presentation on theme: "Compliance Lessons from Operating SQL Server in Azure SQL DB."— Presentation transcript:

1 Compliance Lessons from Operating SQL Server in Azure SQL DB

2 Audience How many have been through a Compliance Audit before? How many planning on going through one in the near future?

3 Azure Compliance – Continuous Audits http://azure.microsof t.com/en- us/support/trust- center/services/ ISO 27001/27002 SOC 1/SSAE 16/SAE 3402 and SOC 2 FedRAMP PCI DSS Level 1 United Kingdom G- Cloud HIPAA EU Model Clause Australian Government IRAP Singapore MTCS Standard FBI CJIS (Azure Government) SQL Database

4 Security Plan Review it and update it regularly Security Development Lifecycle Agile and Security Plan? Inventory Audit of inventory, patching of VMs, OS, SQL, etc. virus scanning

5 Access Control Isolate Production Environment Just In Time Access only by humans Multi-Factor Authentication – Azure Active Directory can make this easy Data kept in environment or filtered according agreements. Use RBAC Groups – review regularly Repeatable, signed, scanned builds of applications Audit ACLs, security settings of system

6 Security Auditing Continuous Auditing - offloaded from node ASAP to central repository Data Warehouse, HADOOP Cluster ETC. used to look for anomalous patterns of activity Alert based – volume of events makes regular reviews impractical for us. Many 3rd party products that will do threat detection and centralization of Audits APT's mean we need to look across enterprise

7 Availability AlwaysOn – Allows rapid deployment with continuous availability due to fault zones / upgrade zones. Exercise full failovers – we always discover things. Leverage new clusters as failover test

8 Secrets Centralize and have common reporting on expiring secrets (Certs, Passwords, Cryptographic Keys) Rotate ahead of schedule – if required 90 days before expiration, rotate at 120 days before to allow time to deal with failures. Prioritize Ability to rollback changes – keep keys in escrow EKM allows you to centralize Keys or at least Key Encryption Keys in a HSM or Network HSM for central managements

9 Pen Testing Red Team Blue Team

10 Questions? Your challenges? Certifications lacking? Previous talks?

Download ppt "Compliance Lessons from Operating SQL Server in Azure SQL DB."

Similar presentations

Driving Factors Security Risk Mgt Controls Compliance.

Driving Factors Security Risk Mgt Controls Compliance.
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.

Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
DCIM-B221

DCIM-B221
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Privileged Account Management Jason Fehrenbach, Product Manager.

Privileged Account Management Jason Fehrenbach, Product Manager.
MICROSOFT CONFIDENTIAL Page 1 A Secure Cloud-Computing Platform Azure Partner Architects| 4/11/2011 David McGhee | Windows Azure Platform Technical Specialist.

MICROSOFT CONFIDENTIAL Page 1 A Secure Cloud-Computing Platform Azure Partner Architects| 4/11/2011 David McGhee | Windows Azure Platform Technical Specialist.
Cloudy Weather: How Secure Is the Cloud? David Aiken Windows Azure Microsoft Corporation.

Cloudy Weather: How Secure Is the Cloud? David Aiken Windows Azure Microsoft Corporation.
ETrust End to End Security Management Bernd Dultinger Sales Manager South CEE & Turkey.

ETrust End to End Security Management Bernd Dultinger Sales Manager South CEE & Turkey.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Organized crime, nation states, activists, insiders Premera Blue Cross Anthem Sony Target NSA DoD RSA McDonnell Douglas Saudi Aramco J.P. Morgan.

Organized crime, nation states, activists, insiders Premera Blue Cross Anthem Sony Target NSA DoD RSA McDonnell Douglas Saudi Aramco J.P. Morgan.
Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Lower costs and improve predictability Automation Enable service owners to focus on work that adds business value Reduce error-prone manual activities.

Lower costs and improve predictability Automation Enable service owners to focus on work that adds business value Reduce error-prone manual activities.
Heterogeneity Open, broad, and flexible Integration On-premises AND cloud Enterprise needs Microsoft Azure fundamentals Operating systems Languages.

Heterogeneity Open, broad, and flexible Integration On-premises AND cloud Enterprise needs Microsoft Azure fundamentals Operating systems Languages.
Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.

Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.
Server 2003 Opportunity What end of support means Start planning your migration and transforming your datacenter todayDiscontinued support for many.

Server 2003 Opportunity What end of support means Start planning your migration and transforming your datacenter todayDiscontinued support for many.

Similar presentations

Ads by Google