Presentation is loading. Please wait.

Presentation is loading. Please wait.

6/2/2018 8:46 AM BRK3130 Prepare for the GDPR and data privacy compliance with Microsoft SQL technologies Ronit Reger Senior Program Manager – Microsoft.

Published byLaurence Garey Butler Modified over 6 years ago

Similar presentations

Presentation on theme: "6/2/2018 8:46 AM BRK3130 Prepare for the GDPR and data privacy compliance with Microsoft SQL technologies Ronit Reger Senior Program Manager – Microsoft."— Presentation transcript:

1 6/2/2018 8:46 AM BRK3130 Prepare for the GDPR and data privacy compliance with Microsoft SQL technologies Ronit Reger Senior Program Manager – Microsoft SQL Product team © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Session goals 1. Data Privacy and regulations like the GDPR
6/2/2018 8:46 AM Session goals 1. Data Privacy and regulations like the GDPR What does it mean for you? Breaking it down into some clear requirements Proposing a step-by-step process 2. How Microsoft SQL technologies can help Making use of built-in capabilities to meet the requirements Introducing the newest innovations that can help! Sneak peak at some imminent developments… © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 TURBULENT TIMES 2 Billion records compromised in the last year
6/2/2018 8:46 AM TURBULENT TIMES 2 Billion records compromised in the last year 140+ DAYS between infiltration and detection $15 MILLION of cost/business impact per breach © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Data Privacy in today’s world
6/2/2018 8:46 AM Data Privacy in today’s world 5,286,896 data records breached each day 40% increase in data breaches from 2015 to 2016 91% of adults agree that consumers have lost control of how personal information is collected and used by companies. 64% of Americans have personally experienced a major data breach Sources: © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Data Privacy in today’s world
6/2/2018 8:46 AM Data Privacy in today’s world “Three quarters of us don’t trust businesses to do the right thing with our s, phone numbers, preferences and bank details. I find that shocking.” Elizabeth Denham, UK Information Commissioner, Jan. 2017 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 6/2/2018 8:46 AM Regulatory reaction US: 2017: At least 41 states have introduced more than 240 bills or resolutions related to cybersecurity China: May : New China Cybersecurity Law went into effect India: Sep. 2017: India vows to implement a new “data protection law that will set a global benchmark” EU: May 25, 2018: GDPR goes into effect.  “Game-changer” © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Providing clarity and consistency for the protection of personal data
6/2/2018 8:46 AM Providing clarity and consistency for the protection of personal data The General Data Protection Regulation (GDPR) imposes new rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where they are located. Enhanced personal privacy rights Increased duty for protecting data Mandatory breach reporting Significant penalties for non-compliance Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Ultimately, the GDPR is about protecting people’s personal data!

9 What are the key changes with the GDPR?
Microsoft Envision 2016 6/2/2018 8:46 AM What are the key changes with the GDPR? Personal privacy Controls and notifications Transparent policies IT and training Individuals have the right to: Access their personal data Correct errors in their personal data Erase their personal data Object to processing of their personal data Export personal data Organizations will need to: Protect personal data using appropriate security Notify authorities within 72 hours of breaches Obtain appropriate consents for processing data Keep records detailing data processing Organizations are required to: Provide clear notice of data collection Outline processing purposes and use cases Define data retention and deletion policies Organizations will need to: Train privacy personnel & employees Audit and update data policies Employ a Data Protection Officer (if required) Create & manage compliant vendor contracts © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Data privacy-related requirements of the GDPR
6/2/2018 8:46 AM Data privacy-related requirements of the GDPR GDPR Article 25—Data protection by design and by default Control access, Process minimal necessary data, Integrate safeguards GDPR Article 30—Records of processing activities Monitor access, Maintain audits GDPR Article 32—Security of processing Pseudonymization and Encryption, Ensure availability, Regular security testing GDPR Article 35—Data protection impact assessment Document risks and security measures GDPR Article 33—Notification of a personal data breach Detect breach, Assess impact, Measures to address © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Applicability to the data tier
6/2/2018 8:46 AM Applicability to the data tier The database stores much of the organization’s sensitive data © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 “Make no mistake, the GDPR sets a new and higher bar for privacy rights, for security, and for compliance. And while your journey to GDPR may seem challenging, Microsoft is here to help all of our customers around the world.” Brad Smith President & Chief Legal Officer Microsoft Corporation

13 Preparing for GDPR compliance
6/2/2018 8:46 AM Preparing for GDPR compliance Questions for leading your preparation: Do you know WHERE your data resides and who has ACCESS to that data? Do you CONTROL who has access to your data and how it is USED based on risk assessment in REAL-TIME? Can you CLASSIFY, PROTECT and apply POLICY-driven actions to your data, on devices, between apps, in any location, at rest and in transit? Can you automatically DETECT a data or identity breach? Are you able to RESPOND adequately to a breach? Do you continuously REVIEW and UPDATE your data protection POLICIES and PRACTICES? © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 How do I get started? Discover 1 Manage 2 Protect 3 Report 4
6/2/2018 8:46 AM How do I get started? Discover Identify what personal data you have and where it resides 1 Manage Govern how personal data is used and accessed 2 Protect Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches 3 Report Keep required documentation, manage data requests and breach notifications 4 © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Translated to SQL technologies...
6/2/2018 8:46 AM Translated to SQL technologies... Process Technology Discover Inventory personal data in database systems Review access model, understand the attack surface area Track data flows and map data lineage T-SQL Queries, Full Text search Data Classification Vulnerability Assessment 1 new! new! Manage Manage authentication and authorization mechanisms Properly configure database firewall Limit application access according to authorization principles Windows auth, Azure AD auth, role-base security, etc. Azure SQL Firewall DDM, RLS 2 Protect Encryption of data at rest, in motion, in use Maintain records and audits of all database activities Detect data breach and respond accordingly Ensure business continuity TLS, TDE, Always Encrypted Auditing Threat Detection Always On, Active Geo-Replication 3 Report Maintain audit records of database activities Continuously assess and analyze security measures Auditing, Temporal tables Vulnerability Assessment 4 new! © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Translated to SQL technologies...
6/2/2018 8:46 AM Translated to SQL technologies... Process Technology Discover Inventory personal data in database systems Review access model, understand the attack surface area Track data flows and map data lineage T-SQL Queries, Full Text search Data classification Vulnerability Assessment 1 new! new! © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Translated to SQL technologies...
6/2/2018 8:46 AM Translated to SQL technologies... Process Technology Manage Manage authentication and authorization mechanisms Properly configure database firewall Limit application access according to authorization principles Windows authentication, Azure AD auth, role-base security… Azure SQL Firewall Dynamic Data Masking, Row- Level Security 2 Azure Active Directory SQL Database ADO .NET 4.6 ADALSQL © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Translated to SQL technologies...
6/2/2018 8:46 AM Translated to SQL technologies... Process Technology Protect Encryption of data at rest, in motion, in use Maintain records and audits of all database activities Detect data breach and respond accordingly Ensure business continuity TLS, TDE, Always Encrypted Auditing, Threat Detection Always On, Active Geo-Replication 3 © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Translated to SQL technologies...
6/2/2018 8:46 AM Translated to SQL technologies... Process Technology Report Maintain audit records of database activities Continuously assess and analyze security measures Auditing, Temporal tables Vulnerability Assessment 4 new! © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 6/2/2018 8:46 AM Our commitment to you To simplify your path to compliance, we are committing to GDPR compliance across our cloud services when enforcement begins on May 25, 2018. We will share our experience in complying with complex regulations such as the GDPR. Together with our partners, we are prepared to help you meet your policy, people, process, and technology goals on your journey to GDPR. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Microsoft commitment  Innovations
6/2/2018 8:46 AM Microsoft commitment  Innovations Investments across the company to help customers with GDPR and data privacy; In SQL: Introducing new security features and tools that can help support data privacy efforts; SQL Vulnerability Assessment can help with the Discover-Manage-Protect-Report process © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 SQL Vulnerability Assessment
6/2/2018 8:46 AM Now in Public Preview… SQL Vulnerability Assessment Available TODAY for Azure SQL Database and SQL Server on-prem © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 SQL Vulnerability Assessment
6/2/2018 8:46 AM SQL Vulnerability Assessment A one-stop-shop to track and improve your SQL security state Get Visibility Discover sensitive data and potential security holes Remediate Actionable remediation and security hardening steps Customize Baseline policy tuned to your environment, so you focus on deviations Report Pass internal or external audits, facilitates compliance © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Examples of assessment benefits
Firewall configured properly Auditing is enabled Encryption at rest is enabled Separation of duties is applied Best practices for improved security Set a baseline for a valid set of database permissions and authorizations Identify drifts in these configurations over time Track permissions Automatic discovery and classification mechanism to identify sensitive data Recommendations for proactive protection measures Coming soon! a more sophisticated data inventorying and classification solution Identify and classify sensitive data

25 How does VA work? The VA Process Run a scan. 6. Detect deviations.
6/2/2018 8:46 AM How does VA work? Run a scan. Scanning Service built-in to Azure SQL DB The VA Process 6 1 6. Detect deviations. Subsequent scans will alert on deviations from your baseline 5. Set a BASELINE. Customize scan requirements based on your environment. 2. View a report. All-up assessment of security state 2 5 4. Remediate issues. Directly from within the report, e.g. run script that resolves the vulnerability 3. Drill-down to results. View detailed results and understand how it impacts your DB security 3 4 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Demo SQL Vulnerability Assessment – Azure Portal 6/2/2018 8:46 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Demo SQL Vulnerability Assessment –
6/2/2018 8:46 AM Demo SQL Vulnerability Assessment – Also for SQL Server and SQL on VM!! © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Remember the Discovery phase...?
6/2/2018 8:46 AM Remember the Discovery phase...? Process Technology Discover Inventory personal data in database systems Review access model, understand the attack surface area Track data flows and map data lineage T-SQL Queries, Full Text search Data classification Vulnerability Assessment 1 new! new! © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Demo SQL Vulnerability Assessment – Sensitive Data Discovery
6/2/2018 8:46 AM Demo SQL Vulnerability Assessment – Sensitive Data Discovery © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 SQL Data Classification
Limited Preview SQL Data Classification Secure the data, not just the database Auto discover sensitive data location in servers, databases and columns Data classification: enrichment of classification logic that obtains historical context Persistent tagging: sensitive data tags that stay with the data as it flows outside the database boundaries

31 To Review… 1. Security and compliance overview
Evolution of SQL security & compliance Changes in the privacy space (GDPR) 2. Recently added and upcoming features Vulnerability Assessment (Private Preview) Data Classification (Private Preview) Threat Detection (Generally Available, May 2017) TDE with Bring Your Own Key support (Public Preview) Universal Authentication with MFA support (GA) Always Encrypted Updates 3. Q&A 1. Data privacy & GDPR: necessitate investments from all organizations Organize your compliance process with the Discover-Manage- Protect-Report framework Break down each phase to a set of requirements 2. How Microsoft SQL technologies can help Familiarize yourself with SQL Database built-in capabilities that can be used to meet requirements Make use of the newest innovations that can help! Vulnerability Assessment Data classification (limited preview)

32 6/2/2018 8:46 AM Now available: SQL Whitepaper guiding customers © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 https://aka.ms/sqldataexpirationsurvey
Please help us out!

34 Ongoing Investments SQL security investments 
Championing data privacy

35 Resources SQL Security GDPR @Microsoft
SQL and GDPR Guide - Azure SQL Database Security Overview | Microsoft Docs Security Center for SQL Server Database Engine and Azure SQL Database SQL Server Security Blog - blogs.msdn.microsoft.com/sqlsecurity/ SQL Server Security | Microsoft Docs

36 Related Sessions BRK3241 Secure your data in Azure SQL Database and SQL Data Warehouse BRK3087 Azure SQL Database: The world's first intelligent cloud database service BRK2230 What's new with Azure SQL Database: Focus on your business, not on the database THR2024 Practical tips and considerations by industry experts on how to become GDPR compliant

37 Please evaluate this session Your feedback is important to us!
6/2/2018 8:46 AM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 Thank you! Microsoft Ignite 2016 6/2/2018 8:46 AM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39 6/2/2018 8:46 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "6/2/2018 8:46 AM BRK3130 Prepare for the GDPR and data privacy compliance with Microsoft SQL technologies Ronit Reger Senior Program Manager – Microsoft."

Similar presentations

Microsoft Ignite 2016 10/1/ :41 PM BRK3249

Microsoft Ignite /1/ :41 PM BRK3249
Azure SQL Database Updates

Azure SQL Database Updates
View the Microsoft external site for more information: www. Microsoft

View the Microsoft external site for more information: www. Microsoft
Secure your complete data lifecycle using Azure Information Protection

Secure your complete data lifecycle using Azure Information Protection
The time to address enterprise mobility is now

The time to address enterprise mobility is now
Deployment Planning Services

Deployment Planning Services
Successfully migrate existing databases to Azure SQL Database

Successfully migrate existing databases to Azure SQL Database
Enterprise Security in Practice

Enterprise Security in Practice
“Introduction to Azure Security Center”

“Introduction to Azure Security Center”
Understanding EU GDPR from an Office 365 perspective

Understanding EU GDPR from an Office 365 perspective
Journey to Microsoft Secure Cloud

Journey to Microsoft Secure Cloud
Microsoft 2016 6/4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
Configure and Manage Your Hybrid Cloud Environment at Scale

Configure and Manage Your Hybrid Cloud Environment at Scale
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance
Deployment Planning Services

Deployment Planning Services
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Microsoft 2016 6/20/2018 9:26 AM BRK1037 Win the IT security battle: automate password changes, privileged access & Minimize Cyber Losses Christopher.

Microsoft /20/2018 9:26 AM BRK1037 Win the IT security battle: automate password changes, privileged access & Minimize Cyber Losses Christopher.
Discover the New SharePoint Content Publishing Experiences

Discover the New SharePoint Content Publishing Experiences

Similar presentations

Ads by Google