Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hiding Data from Prying eyes: Using SQL Server 2016 Always Encrypted

Published byIra Simmons Modified over 6 years ago

Similar presentations

Presentation on theme: "Hiding Data from Prying eyes: Using SQL Server 2016 Always Encrypted"— Presentation transcript:

1 Hiding Data from Prying eyes: Using SQL Server 2016 Always Encrypted
By Mel Lusk

2 About mel lusk SQL DBA Manager at GCR, Inc. since 2014
Working in IT for 20 years Started with SQL Server 7.0 Certifications/Education Microsoft MCSA, MCDBA, MCITP, MCP, MCTS Oracle 11g, MySQL 5.0 ITIL, ATMAE/NAIT B.S., Southeastern Louisiana University, 2001

3 Why encrypt? Security Regulatory Compliance
PII (Personally Identifiable Information)

4 Hiding PII About PII NIST Special Publication Credit Card Numbers Social Security Numbers Names, Address, Biometrics, etc. “People with the proper authority can view my data, but how do I keep the DBA from viewing it?”

5 SQL Server 2016 Can Make it Happen!
Today we’ll learn how…

6 Encryption? Network Encryption Transparent Data Encryption
Mutliprotocol/SSL Encryption Dates back to SQL Server 7.0 Only hides data being transferred between client/server Transparent Data Encryption Started with SQL Server 2008 Encrypts “Data-At-Rest” MDF/LDF Files Backups

7 Symmetric/Asymmetric Key Encryption
Available since SQL Server 2005 Encrypt entire database, rows, or columns BUT…. You have to code for it: OPEN SYMMETRIC KEY [MySSLCertificate] DECRYPTION BY CERTIFICATE [MySSLCertificate] SELECT FirstName, LastName, convert( NVARCHAR(100), decryptbykey( SSN )) as 'Social Security Number' FROM [dbo].[People]

8 Homegrown & Third-Party Solutions
Performance Encryption/Decryption performed by the SQL Server Engine Does not stop DBA .NET Encryption System.Security.Cryptography Homegrown & Third-Party Solutions

9 SQL Server 2016 Dynamic Data Masking AlwaysEncrypted
New with SQL Server 2016 Useful for App Development = XXX-XX-6789 Nice for displaying data….But still insecure The DBA or other privileged users can still see the data AlwaysEncrypted

10 Always encrypted Transparent to the application Performance
Works with existing T-SQL* Performance Encryption/Decryption performed by client/middle-tier

11 Always Encrypted Security Data can only be viewed with a certificate

12 Requirements SQL Server 2016 .NET 4.6 or Higher Certificate Store
Enterprise/Developer Editions only Azure .NET 4.6 or Higher Must use ADO.NET Certificate Store Used to store the Master Key String data must use binary2 collation Latin1_General_BIN2

13 Not supported Replication Distributed Queries (Linked Servers)
Transactional or Merge Distributed Queries (Linked Servers) Certain Datatypes XML, timestamp/rowversion, image, ntext, text, sql_variant, hierachyid, geography, geometry, alias, user-defined FOR XML, FOR JSON, Check Constraints Change Data Capture/Change Tracking SQL Server Data Tools (SSIS) A few others….

14 Types Randomized Deterministic
Same data values will have different encrypted values (225) = 0x (225) = 0x More secure Can’t allow comparisons (no JOINS) No Indexes Deterministic Same data values will have same encrypted values Less secure Allows comparisons (JOINS)

15 Demo

16 Questions?

17 Thank you! LinkedIn

18 Thanks for Attending SQL Saturday Baton Rouge 2016!
Speaker evaluations: Use the small square cards at the front of the classroom, give directly to speaker Speaker: Please give out 1 book ticket Book Ticket Winner: Bring your ticket to the user group booth in the main atrium to redeem (supplies limited)

19

Download ppt "Hiding Data from Prying eyes: Using SQL Server 2016 Always Encrypted"

Similar presentations

Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.

Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Jeremy Boyd Director – Mindscape MSDN Regional Director

Jeremy Boyd Director – Mindscape MSDN Regional Director
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
#SQLSAT454 SQL Server 2016 New Security Features Gianluca

#SQLSAT454 SQL Server 2016 New Security Features Gianluca
SQL SATURDAY #444 – Kansas City, MO. A LOOK AT ALWAYS ENCRYPTED SQL SATURDAY #444 – KANSAS CITY, MO DAVE WALDEN PRINCIPAL SOLUTIONS ARCHITECT DB BEST.

SQL SATURDAY #444 – Kansas City, MO. A LOOK AT ALWAYS ENCRYPTED SQL SATURDAY #444 – KANSAS CITY, MO DAVE WALDEN PRINCIPAL SOLUTIONS ARCHITECT DB BEST.
Putting Your Head in the Cloud Working with SQL Azure David Postlethwaite 19/09/2015David Postlethwaite.

Putting Your Head in the Cloud Working with SQL Azure David Postlethwaite 19/09/2015David Postlethwaite.
Secure SQL Database with TDE Thomas Chan SQL Saturday 445 - Raleigh.

Secure SQL Database with TDE Thomas Chan SQL Saturday Raleigh.
End to End Always Encrypted in SQL Server 2016 Steve Jones SQLServerCentral Redgate Software.

End to End Always Encrypted in SQL Server 2016 Steve Jones SQLServerCentral Redgate Software.
SQL Server 2016 Security Features Marek Chmel Microsoft MVP: Data Platform Microsoft MCT: Regional Lead MCSE: Data Platform Certified Ethical Hacker.

SQL Server 2016 Security Features Marek Chmel Microsoft MVP: Data Platform Microsoft MCT: Regional Lead MCSE: Data Platform Certified Ethical Hacker.
Putting Your Head in the Cloud Working with SQL Azure David Postlethwaite 18/06/2016David Postlethwaite.

Putting Your Head in the Cloud Working with SQL Azure David Postlethwaite 18/06/2016David Postlethwaite.
ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication.

ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication.
Course 2389B: Programming with Microsoft® ADO.NET

Course 2389B: Programming with Microsoft® ADO.NET
AUDIT & ACCOUNTING + CONSULTING + TAX SERVICES + TECHNOLOGY I Postlethwaite & Netterville, A Professional Accounting Corporation Organizing.

AUDIT & ACCOUNTING + CONSULTING + TAX SERVICES + TECHNOLOGY I Postlethwaite & Netterville, A Professional Accounting Corporation Organizing.
Azure SQL Database Updates

Azure SQL Database Updates
Securing Your Data With SQL 2016 (An overview of Always Encrypted)

Securing Your Data With SQL 2016 (An overview of Always Encrypted)
SQL Server on Linux CTP 1.1 Florian Mader @flomader.

SQL Server on Linux CTP 1.1 Florian
Recommended Practices & Fundamentals

Recommended Practices & Fundamentals
DevOps for Your Mobile App

DevOps for Your Mobile App
SQL Server 2016 Security and Privacy Features

SQL Server 2016 Security and Privacy Features

Similar presentations

Ads by Google