Upload File

securing sql azure db? how?

31
Boris Hristov, SQL Server MVP Securing SQL Azure DB?

Upload: boris-hristov

Post on 31-Jul-2015

333 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Securing SQL Azure DB? How?

Boris Hristov, SQL Server MVP

Securing SQL Azure DB?

Page 2: Securing SQL Azure DB? How?

Organizer

SQLSaturday Rheinland 201513.06.2015

Page 3: Securing SQL Azure DB? How?

Bronze Sponsor

SQLSaturday Rheinland 201513.06.2015

Page 4: Securing SQL Azure DB? How?

Silver Sponsor

SQLSaturday Rheinland 201513.06.2015

Page 5: Securing SQL Azure DB? How?

Gold Sponsor

SQLSaturday Rheinland 201513.06.2015

Page 6: Securing SQL Azure DB? How?

You rock!

SQLSaturday Rheinland 201513.06.2015

Page 7: Securing SQL Azure DB? How?

That’s not a marketing talk!DISCLAIMER:

Page 8: Securing SQL Azure DB? How?

So who is this guy Boris?

@BorisHristov

Page 9: Securing SQL Azure DB? How?

time

cool

ness Session’s Timeline

Dynamic Data Masking Row Level Security

Page 10: Securing SQL Azure DB? How?

Dynamic Data Masking

Page 11: Securing SQL Azure DB? How?

“Have you ever…”

Page 12: Securing SQL Azure DB? How?

SELECT * FROM dbo.Customers

custid FirstName LastName PhoneNumber EmailAddress CreditcardNumber

1 Boris Hristov +359889000000 [email protected] 1111-1111-1111-1111

2 Ivan Donev +359889000000 [email protected] 2222-2222-2222-2222

3 Stanislav Zhelyaskov +359889000000 [email protected]

3333-3333-3333-3333

4 Ivan Minchev +359889000000 [email protected] 4444-4444-4444-4444

Page 13: Securing SQL Azure DB? How?

custid FirstName LastName PhoneNumber EmailAddress CreditcardNumber

1 Boris Hristov +359889000000 [email protected] xxxx-xxxx-xxxx-1111

2 Ivan Donev +359889000000 [email protected] xxxx-xxxx-xxxx-2222

3 Stanislav Zhelyaskov +359889000000 [email protected] xxxx-xxxx-xxxx-3333

4 Ivan Minchev +359889000000 [email protected] xxxx-xxxx-xxxx-4444

SELECT * FROM dbo.Customers

Page 14: Securing SQL Azure DB? How?

Dynamic Data Masking

Page 15: Securing SQL Azure DB? How?

DEMODynamic Data Masking

Page 16: Securing SQL Azure DB? How?

Row Level Security

Page 17: Securing SQL Azure DB? How?

“Have you ever…”

Page 18: Securing SQL Azure DB? How?

orderid custid orderdate shipdate shipcountry

1 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria

2 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Germany

3 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Germany

4 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria

5 3 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria

SELECT * FROM dbo.Orders

Page 19: Securing SQL Azure DB? How?

orderid custid orderdate shipdate shipcountry

1 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria

4 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria

5 3 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria

SELECT * FROM dbo.Orders

Page 20: Securing SQL Azure DB? How?

How is that possible?

Page 21: Securing SQL Azure DB? How?

-- user defined functionCREATE FUNCTION Security.fn_securitypredicate (@SalesRep AS sysname) RETURNS TABLE WITH SCHEMABINDINGAS RETURN SELECT 1 AS fn_securitypredicate_result WHERE @SalesRep = USER_NAME() OR USER_NAME() = 'Manager';

-- security policyCREATE SECURITY POLICY SalesFilter ADD FILTER PREDICATE Security.fn_securitypredicate(SalesRep) ON dbo.Sales WITH (STATE = ON);

No GUI, folks

Page 22: Securing SQL Azure DB? How?

DEMORow Level Security

Page 23: Securing SQL Azure DB? How?

Cool, huh?

Page 24: Securing SQL Azure DB? How?

Not that fast…

Page 25: Securing SQL Azure DB? How?

time

cool

ness

Session’s Timeline

Dynamic Data Masking Row Level Security

Page 26: Securing SQL Azure DB? How?

DEMORow Level Security Issues

Page 27: Securing SQL Azure DB? How?

So is that a security feature

then?

Page 28: Securing SQL Azure DB? How?

Or is that a programmability

feature?

Page 29: Securing SQL Azure DB? How?

Summary

There’s a lot going on in SQL Azure DB

Easily mask sensitive data with Dynamic Data Masking

Limit the rows users can see with Row Level Security

Be aware of the current issues of RLS

Page 30: Securing SQL Azure DB? How?

Save the date!

13.06.2015 SQLSaturday Rheinland 2015

Page 31: Securing SQL Azure DB? How?

Thank you!

Contacts:[email protected]@BorisHristov

mailto:[email protected]
http://www.borishristov.com/
http://twitter.com/borishristov
http://twitter.com/borishristov

M02 - Micrisoft Azure DB - Azure Open Group

Azure Cosmos DB - NoSQL In the Microsoft Cloud

Securing Microsoft Azure with Qualys · Create application in Azure Active Directory and you can then note the application ID. 1) Log on to the Microsoft Azure console and press Azure

SQL Server on Azure - Best Practices für den DB Server in der Cloud

… Web Role … Azure Blob Azure DB ResultsMain Worker Role … …

Partnering in IoT - Microsoft... · 2018-12-28 · Azure Stream Analytics Azure Cosmos DB Azure Data Lake Azure Data Lake Analytics Azure HD Insight Spark, Storm, Kafka Azure Event

Azure SQL DB V12 at your service by Pieter Vanhove

Securing Office 365 and Microsoft Azure like a rock star

Schema-Agnostic Indexing with Azure Document DBcis.csuohio.edu/~sschung/CIS601/Chris Rowland Presentation2... · with Azure Document DB. Introduction Azure DocumentDBis Microsoft’s

Microsoft Cloud Switzerland - stevenbart.com · • Azure IaaS (compute/VMs, networking, storage, backup) and some PaaS (Azure SQL DB, Cosmos DB, Web Apps) to be launched in 2019

Securing your azure web app with asp.net core data protection

CAT: Azure SQL DB Premium Dive and Mythbuster Fairweather.pdf · CAT: Azure SQL DB Premium –Deep Dive and Mythbuster Ewan Fairweather ... -Azure Applications-Azure Data-Azure Analytics

Securing your infrastructure with Azure Multi-Factor ... · Securing your infrastructure with Azure Multi-Factor Authentication Prabhat Nigam –Golden Five LLC CTO and Architect

Securing an Azure Function REST API with Azure Active ... · Azure Active Directory B2C “Azure Active Directory (Azure AD) B2C is an identity management service that enables you

A digital Statoil - Computerworld · Azure SQL DB Azure MySQL Azure PostgreSQL Azure MariaDB Build new, globally-distributed, cloud-native applications New Globally Dist. Apps SQL

Microsoft Azure Cosmos DB Revealed - projanco.comprojanco.com/Library/Microsoft Azure Cosmos DB... · Introducing Write and Read Regions 27 ... Amazon implementing them and products

#Dean document db + express + angularjs + nodejs running on azure

SECURING THE ENTERPRISE’S CLOUD WORKLOADS ON MICROSOFT AZURE · 2017-11-22 · Securing the Enterprise’s Cloud Workloads on Microsoft Azure Enterprises and other organizations

Mongo db en azure para programadores de .net

Run your Business faster - AnalyticsCreator · 2019. 12. 5. · Data Lake Store Azure SQL DW o. Azure SQL DB Applications Azure Data Factory Business and custom apps (structured)

Deployment Guide: FortiGate Use Cases on Microsoft Azure · DEPLOYMENT GUIDE: FORTIGATE DEPLOYMENT USE CASES ON MICROSOFT AZURE 3 Securing Windows Azure IaaS Virtual Machines In order

Microsoft Azure Network Security · and network security for Azure Cloud Services (also known as Platform as a Service, or PaaS). 2 Guidelines for Securing Azure Virtual Machines

Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)

Securing Intellectual Property using Azure Rights Management Services

Securing Active Directory Administration · 2019-04-18 · Active Directory vs Azure AD •Azure AD is not Active Directory •No LDAP •No Kerberos/NTLM •No Group Policy •Azure

Knowit study group örnsköldsvik - introduction to microsoft azure document db

Securing Azure Windows Virtual Desktop Guidebook...5 DEPLOYMENT GUIDE Securing Azure Windows Virtual Desktop Guidebook Import LDAP Users c.nNext, import users from LDAP by navigating

Azure Document Db

DB Design and Tuning for Azure Synapse DBcoazure.azurewebsites.net/wp-content/uploads/2020/04/DB... · 2020. 4. 12. · DB Design and Tuning for Azure Synapse DB [email protected]

Azure doc db (slideshare)

Securing, Connecting, and Scaling in Windows Azure Name Title Microsoft Corporation

Mongo db on azure for developers

Kickstarting a charity with Serverless Technologies - Azure From … · Serverless Compute Azure Functions Logic Apps Data Factory. Storage Azure Storage (blob and table) Cosmos DB

Smart system of renewable energy storage based on ... · 8.1 Azure components 68 8.1.1 Azure SQL Databases 68 8.1.2 Azure Table Storage 68 8.1.3 Azure Cosmos DB 68 8.1.4 Azure Blob

SSL Securing Oracle DB