SlideShare uma empresa Scribd logo

Tech-Spark: Microsoft SQL Platform & GDPR

R
Ralph Attard

The event, held on 21st April 2018, was part of the Global Azure Bootcamp and covered Microsoft's GDPR & SQL whitepaper, and the below new features: - SQL Information Protection - Vulnerability Assessment on SSMS & SQL Azure - Data Classification on SSMS & SQL Azure - Azure SQL Database Auditing - Azure SQL Threat Detection https://techspark.mt/global-azure-bootcamp-21st-april-2018/

Tecnologia
1 de 42
Baixar para ler offline
Microsoft SQL Platform & GDPR
Ralph: Who am I? • A Solutions Architect • at a gaming company • focus on Data Platforms • A Microsoft Certified Trainer • deliver MTA, MCSA, MCSE locally • covering Windows, SQL Server, C# • I’m here to describe how Microsoft SQL Platform can help you become compliant with the upcoming EU General Data Protection Regulation (GDPR) by introducing SQL Information Protection (SQL IP) as a means to discover, classify, monitor, and audit potentially sensitive data.
Ralph: But… …not a lawyer …not GDPR certified _________________________________________________________________ Get legal advice!
Live poll! How prepared is your organisation to comply with the GDPR? https://kahoot.it AppStore Google Play
Poll results from Tech-Spark audience Q1. How prepared is your organisation to comply with the GDPR? Q2. When is GDPR due to take effect? ▲ "Ready to comply" ♦ "Making preparations" ● "Won't be ready" ■ "What is GDPR?" 8 10 2 4 ▲ "25 Apr 2018" ♦ "15 May 2018" ● "25 May 2018" ■ "15 Jun 2018" 0 6 13 5
DataWorks Summit 2018 Berlin: Audience Live Poll
Introduction GDPR & implications
We have a responsibility to protect information
GDPR to the rescue • Over 190 known data breaches took place since 20101 • The EU’s General Data Protection Regulation (GDPR) • sets a new bar for privacy rights, security, and compliance. • is due to take effect on May 25, 2018. • Guide to enhancing privacy and addressing GDPR requirements with the Microsoft SQL platform whitepaper published on 24th May 20172 1 https://en.wikipedia.org/wiki/List_of_data_breaches 2 https://aka.ms/gdprsqlwhitepaper
GDPR to the rescue Article 25 Data protection by design and default Article 30 Records of processing activities Article 32 Security of processing Article 33 Notification of a personal data breach to the supervisory authority Article 35 Data protection impact assessment Control who is accessing data and how Maintain an audit record of processing activities on personal data Employ pseudonymization and encryption Detect breaches Describe processing operations, including their necessity and proportionality Minimize data being processed in terms of amount of data collected, extent of processing, storage period, and accessibility Monitor access to processing systems Restore availability and access in the event of an incident Assess impact on and identification of personal data records concerned Assess risks associated with processing Include safeguards for control management integrated into processing Provide a process for regularly testing and assessing effectiveness of security measures Describe measures to address breach Apply measures to address risks and protect personal data, and demonstrate compliance with the GDPR
Existing technological capabilities Microsoft SQL as a hub of private data and sensitive information
Discovering and classifying personal data and its access vectors • Query metadata to identify column names which potentially contain personal data such as Name, Birthdate, ID number, etc. • System catalog views: sys.columns • System stored procedures: sp_columns • Information Schemas: INFORMATION_SCHEMA.COLUMNS • Advanced discovery capabilities • Use Full-Text Search in Microsoft SQL to search for keywords located within freeform text • Tag sensitive data using Extended Properties to add sensitivity labels to relevant columns
Managing access and controlling how data is used and accessed • Authentication – only users with valid credentials can access the database • Windows Authentication (via Active Directory) • Azure AD • Authorisation – principle of least privildege • object-level permissions • role-based security • Azure SQL Database Firewall – built-in firewall enabled by default on the cloud • Data-protection principles • Dynamic Data Masking (DDM)3 – only view parts of the data, e.g. masked credit card details • Row-Level Security (RLS)3 – only view intended rows 3 http://tech-spark.com/2017/04/22/global-azure-bootcamp-22nd-april-2017/
Protecting personal data against security threats • Encryption • Transparent Layer Security (TLS) – encrypt data in transit to and from the database • Transparent Data Encryption (TDE) – encrypt data at rest • Always Encrypted – allows customers to encrypt sensitive data inside client applications and never reveal the encryption keys to the database engine • Auditing • Auditing for Azure SQL Database – track database activities • SQL Database Threat Detection – detect anomalous activities • SQL Server Audit – track activities on an on-premises database
Business continuity • SQL Server Always On • Always On Availability Groups4 • Always On Failover Cluster Instances4 • Azure SQL technologies • Point-in-Time Restore • Long-term retention • Active Geo-Replication 4 http://tech-spark.com/2017/03/12/high-availability-10th-march-2017/
Reporting on data protection policies and reviewing regularly • SQL Server Audit • Temporal Tables1 3 http://tech-spark.com/2017/04/22/global-azure-bootcamp-22nd-april-2017/
New technological capabilities SQL Information Protection (SQLIP)
Introducing SQL Information Protection • In public preview, SQL Information Protection (SQL IP) introduces advanced capabilities for discovering, classifying, labeling, and protecting the sensitive data in your databases. • This is built into Azure SQL Database and similar capabilities are also being introduced for on-premises SQL Server via SQL Server Management Studio (SSMS). • Additional features are being worked on and will be rolled-out over the coming months.
What is SQL Information Protection? • This new information protection paradigm in SQL is aimed at protecting the data, not just the database: • Discovery and recommendations – The classification engine scans your database and identifies columns containing potentially sensitive data. It then provides you an easy way to review and apply the appropriate classification recommendations. • Labeling – Sensitivity classification labels can be persistently tagged on columns. • Azure SQL DB stores this in new classification metadata attributes introduced into the SQL engine. This metadata can then be utilized for advanced sensitivity-based auditing and protection scenarios. • SQL Server stores this using extended properties on columns. • Monitoring/Auditing – Sensitivity of the query result set is calculated in real time and used for auditing access to sensitive data (currently in Azure SQL DB only). • Visibility - The database classification state can be viewed: • Azure SQL DB in a detailed dashboard in the portal. Additionally, you can download a report, in Excel format, to be used for compliance and auditing purposes, as well as other needs. • SSMS in a detailed report that can be printed/exported to be used for compliance & auditing purposes, as well as other needs.
SQL Server Management Studio • SSMS 17.4: Vulnerability Assessment. • SSMS 17.5: SQL Data Discovery and Classification.
SSMS: SQL Vulnerability Assessment
SSMS: Classification Recommendations
SSMS: Classification Addition
SSMS: Extended Properties
SSMS: Classification Overview
SSMS
Azure SQL: Vulnerability Assessment
Azure SQL: Classification Recommendations
Azure SQL: Classification Addition
Azure SQL: Classification Overview
Azure SQL Database Auditing • sys.fn_get_audit_file upgraded to display data sensitivity SELECT * FROM sys.fn_get_audit_file ('https://<Storage>.blob.core.windows.net/sqldbauditlogs/<Server>/<Database>/<Audit>/<CreationDate>/<File>.xel',default,default) WHERE data_sensitivity_information != ''
Azure SQL Threat Detection • Requires SQL Database Auditing • Supports 3 types of threats: • SQL injection • SQL injection vulnerability • Anomalous client login • Sends email alerts • Integrates with Security Center
Azure SQL Threat Detection: SQL injection • This is triggered when an active exploit is currently happening against an identified vulnerability. • Usually a random series of SQL statements to see what if data can be returned. • Build subsequent attacks based on previously returned information. • Ultimately goal obtain sensitive information, ransom (e.g. data encryption), or even disruption (e.g. data deletion).
Azure SQL Threat Detection: SQL injection vulnerability • Your application is vulnerable to a SQL injection attack: • A defect that generates faulty SQL statements • Un-sanitised user input • Building dynamic SQL without using parameters • Not using stored procedures
Azure SQL Threat Detection: Anomalous client login • This is based upon behavioural analytics and anomaly detection: • Login from an unusual location • A new user has logged in for the first time • Credentials brute force such as a high number of failed logins • Potentially harmful client application
Azure SQL Threat Detection: Email Alerts
Azure SQL Threat Detection: Audit Logs
Azure SQL Threat Detection: Security Alerts
Azure SQL Threat Detection: Potential SQL Injection
Azure SQL
Azure backend for a Mobile+ app 8th May 2018 Oliver Gomersall; Mobile Innovation Specialist (Azure) @ Microsoft Sergio Viana; Microsoft Solutions Lead @ Xpand IT
Contact Us Ralph Attard raland@raland.net Tech Spark http://www.tech-spark.com https://www.facebook.com/techsparkmalta

Recomendados

Tech-Spark: Exploring the Cosmos DB
Tech-Spark: Exploring the Cosmos DBTech-Spark: Exploring the Cosmos DB
Tech-Spark: Exploring the Cosmos DB
Ralph Attard
 
Tech-Spark: SQL Server on Linux
Tech-Spark: SQL Server on LinuxTech-Spark: SQL Server on Linux
Tech-Spark: SQL Server on Linux
Ralph Attard
 
Tech-Spark: Scaling Databases
Tech-Spark: Scaling DatabasesTech-Spark: Scaling Databases
Tech-Spark: Scaling Databases
Ralph Attard
 
Tech-Spark: Azure SQL Databases
Tech-Spark: Azure SQL DatabasesTech-Spark: Azure SQL Databases
Tech-Spark: Azure SQL Databases
Ralph Attard
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 

Recomendados

Tech-Spark: Exploring the Cosmos DB
Tech-Spark: Exploring the Cosmos DBTech-Spark: Exploring the Cosmos DB
Tech-Spark: Exploring the Cosmos DB
Ralph Attard
 
Tech-Spark: SQL Server on Linux
Tech-Spark: SQL Server on LinuxTech-Spark: SQL Server on Linux
Tech-Spark: SQL Server on Linux
Ralph Attard
 
Tech-Spark: Scaling Databases
Tech-Spark: Scaling DatabasesTech-Spark: Scaling Databases
Tech-Spark: Scaling Databases
Ralph Attard
 
Tech-Spark: Azure SQL Databases
Tech-Spark: Azure SQL DatabasesTech-Spark: Azure SQL Databases
Tech-Spark: Azure SQL Databases
Ralph Attard
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 

Mais conteúdo relacionado

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Último (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

Destaque

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 

Destaque (20)

AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 

Tech-Spark: Microsoft SQL Platform & GDPR

  • 2. Ralph: Who am I? • A Solutions Architect • at a gaming company • focus on Data Platforms • A Microsoft Certified Trainer • deliver MTA, MCSA, MCSE locally • covering Windows, SQL Server, C# • I’m here to describe how Microsoft SQL Platform can help you become compliant with the upcoming EU General Data Protection Regulation (GDPR) by introducing SQL Information Protection (SQL IP) as a means to discover, classify, monitor, and audit potentially sensitive data.
  • 3. Ralph: But… …not a lawyer …not GDPR certified _________________________________________________________________ Get legal advice!
  • 4. Live poll! How prepared is your organisation to comply with the GDPR? https://kahoot.it AppStore Google Play
  • 5. Poll results from Tech-Spark audience Q1. How prepared is your organisation to comply with the GDPR? Q2. When is GDPR due to take effect? ▲ "Ready to comply" ♦ "Making preparations" ● "Won't be ready" ■ "What is GDPR?" 8 10 2 4 ▲ "25 Apr 2018" ♦ "15 May 2018" ● "25 May 2018" ■ "15 Jun 2018" 0 6 13 5
  • 6. DataWorks Summit 2018 Berlin: Audience Live Poll
  • 8. We have a responsibility to protect information
  • 9. GDPR to the rescue • Over 190 known data breaches took place since 20101 • The EU’s General Data Protection Regulation (GDPR) • sets a new bar for privacy rights, security, and compliance. • is due to take effect on May 25, 2018. • Guide to enhancing privacy and addressing GDPR requirements with the Microsoft SQL platform whitepaper published on 24th May 20172 1 https://en.wikipedia.org/wiki/List_of_data_breaches 2 https://aka.ms/gdprsqlwhitepaper
  • 10. GDPR to the rescue Article 25 Data protection by design and default Article 30 Records of processing activities Article 32 Security of processing Article 33 Notification of a personal data breach to the supervisory authority Article 35 Data protection impact assessment Control who is accessing data and how Maintain an audit record of processing activities on personal data Employ pseudonymization and encryption Detect breaches Describe processing operations, including their necessity and proportionality Minimize data being processed in terms of amount of data collected, extent of processing, storage period, and accessibility Monitor access to processing systems Restore availability and access in the event of an incident Assess impact on and identification of personal data records concerned Assess risks associated with processing Include safeguards for control management integrated into processing Provide a process for regularly testing and assessing effectiveness of security measures Describe measures to address breach Apply measures to address risks and protect personal data, and demonstrate compliance with the GDPR
  • 11. Existing technological capabilities Microsoft SQL as a hub of private data and sensitive information
  • 12. Discovering and classifying personal data and its access vectors • Query metadata to identify column names which potentially contain personal data such as Name, Birthdate, ID number, etc. • System catalog views: sys.columns • System stored procedures: sp_columns • Information Schemas: INFORMATION_SCHEMA.COLUMNS • Advanced discovery capabilities • Use Full-Text Search in Microsoft SQL to search for keywords located within freeform text • Tag sensitive data using Extended Properties to add sensitivity labels to relevant columns
  • 13. Managing access and controlling how data is used and accessed • Authentication – only users with valid credentials can access the database • Windows Authentication (via Active Directory) • Azure AD • Authorisation – principle of least privildege • object-level permissions • role-based security • Azure SQL Database Firewall – built-in firewall enabled by default on the cloud • Data-protection principles • Dynamic Data Masking (DDM)3 – only view parts of the data, e.g. masked credit card details • Row-Level Security (RLS)3 – only view intended rows 3 http://tech-spark.com/2017/04/22/global-azure-bootcamp-22nd-april-2017/
  • 14. Protecting personal data against security threats • Encryption • Transparent Layer Security (TLS) – encrypt data in transit to and from the database • Transparent Data Encryption (TDE) – encrypt data at rest • Always Encrypted – allows customers to encrypt sensitive data inside client applications and never reveal the encryption keys to the database engine • Auditing • Auditing for Azure SQL Database – track database activities • SQL Database Threat Detection – detect anomalous activities • SQL Server Audit – track activities on an on-premises database
  • 15. Business continuity • SQL Server Always On • Always On Availability Groups4 • Always On Failover Cluster Instances4 • Azure SQL technologies • Point-in-Time Restore • Long-term retention • Active Geo-Replication 4 http://tech-spark.com/2017/03/12/high-availability-10th-march-2017/
  • 16. Reporting on data protection policies and reviewing regularly • SQL Server Audit • Temporal Tables1 3 http://tech-spark.com/2017/04/22/global-azure-bootcamp-22nd-april-2017/
  • 17. New technological capabilities SQL Information Protection (SQLIP)
  • 18. Introducing SQL Information Protection • In public preview, SQL Information Protection (SQL IP) introduces advanced capabilities for discovering, classifying, labeling, and protecting the sensitive data in your databases. • This is built into Azure SQL Database and similar capabilities are also being introduced for on-premises SQL Server via SQL Server Management Studio (SSMS). • Additional features are being worked on and will be rolled-out over the coming months.
  • 19. What is SQL Information Protection? • This new information protection paradigm in SQL is aimed at protecting the data, not just the database: • Discovery and recommendations – The classification engine scans your database and identifies columns containing potentially sensitive data. It then provides you an easy way to review and apply the appropriate classification recommendations. • Labeling – Sensitivity classification labels can be persistently tagged on columns. • Azure SQL DB stores this in new classification metadata attributes introduced into the SQL engine. This metadata can then be utilized for advanced sensitivity-based auditing and protection scenarios. • SQL Server stores this using extended properties on columns. • Monitoring/Auditing – Sensitivity of the query result set is calculated in real time and used for auditing access to sensitive data (currently in Azure SQL DB only). • Visibility - The database classification state can be viewed: • Azure SQL DB in a detailed dashboard in the portal. Additionally, you can download a report, in Excel format, to be used for compliance and auditing purposes, as well as other needs. • SSMS in a detailed report that can be printed/exported to be used for compliance & auditing purposes, as well as other needs.
  • 20. SQL Server Management Studio • SSMS 17.4: Vulnerability Assessment. • SSMS 17.5: SQL Data Discovery and Classification.
  • 26. SSMS
  • 28. Azure SQL: Classification Recommendations
  • 31. Azure SQL Database Auditing • sys.fn_get_audit_file upgraded to display data sensitivity SELECT * FROM sys.fn_get_audit_file ('https://<Storage>.blob.core.windows.net/sqldbauditlogs/<Server>/<Database>/<Audit>/<CreationDate>/<File>.xel',default,default) WHERE data_sensitivity_information != ''
  • 32. Azure SQL Threat Detection • Requires SQL Database Auditing • Supports 3 types of threats: • SQL injection • SQL injection vulnerability • Anomalous client login • Sends email alerts • Integrates with Security Center
  • 33. Azure SQL Threat Detection: SQL injection • This is triggered when an active exploit is currently happening against an identified vulnerability. • Usually a random series of SQL statements to see what if data can be returned. • Build subsequent attacks based on previously returned information. • Ultimately goal obtain sensitive information, ransom (e.g. data encryption), or even disruption (e.g. data deletion).
  • 34. Azure SQL Threat Detection: SQL injection vulnerability • Your application is vulnerable to a SQL injection attack: • A defect that generates faulty SQL statements • Un-sanitised user input • Building dynamic SQL without using parameters • Not using stored procedures
  • 35. Azure SQL Threat Detection: Anomalous client login • This is based upon behavioural analytics and anomaly detection: • Login from an unusual location • A new user has logged in for the first time • Credentials brute force such as a high number of failed logins • Potentially harmful client application
  • 36. Azure SQL Threat Detection: Email Alerts
  • 37. Azure SQL Threat Detection: Audit Logs
  • 38. Azure SQL Threat Detection: Security Alerts
  • 39. Azure SQL Threat Detection: Potential SQL Injection
  • 41. Azure backend for a Mobile+ app 8th May 2018 Oliver Gomersall; Mobile Innovation Specialist (Azure) @ Microsoft Sergio Viana; Microsoft Solutions Lead @ Xpand IT
  • 42. Contact Us Ralph Attard raland@raland.net Tech Spark http://www.tech-spark.com https://www.facebook.com/techsparkmalta