Presentation is loading. Please wait.

Presentation is loading. Please wait.

SQL Server 2016 Security Features

Published byEmma Chénier Modified over 5 years ago

Similar presentations

Presentation on theme: "SQL Server 2016 Security Features"— Presentation transcript:

1 SQL Server 2016 Security Features
Mike Herman Omni Resources

2 Current Features in SQL Server 2014
SQL Server 2000 and before – No native tools for encryption Data at rest encryption could be done with 3rd party tools, or by encrypting the entire drive (TrueCrypt,etc) Cell Level Encryption – Introduced with SQL Server 2005 Transparent Data Encryption (TDE) Introduced with SQL Server 2008 Certificate based transport encryption SSL: Protects data on the network 2 | 4/10/2019 | SQL Server 2016 Security Features

3 Why New Security Features?
Boundries 3 | 4/10/2019 | SQL Server 2016 Security Features

4 New For SQL Server 2016 Always Encrypted Dynamic Data Masking
Row Level Security 4 | 4/10/2019 | SQL Server 2016 Security Features

5 Always Encrypted Prevents Data Disclosure
End-to-end encryption of individual columns in a table with keys that are never given to the database system. Queries on Encrypted Data Support for equality comparison, incl. join, group by and distinct operators. Application Transparency Minimal application Changes via server and client library enhancements. Connection string change: Column Encryption Setting=enabled"; 5 | 4/10/2019 | SQL Server 2016 Security Features

6 Always Encrypted Types
Deterministic Encryption Same plaintext value  Same encrypted value Supports indexing, equality comparison, JOINs, DISTINCT Randomized Encryption Same plaintext value  Different encrypted value Supports retrieval of encrypted data No SQL operations supported 6 | 4/10/2019 | SQL Server 2016 Security Features

7 Always Encrypted 7 | 4/10/2019 | SQL Server 2016 Security Features

8 Always Encrypted 8 | 4/10/2019 | SQL Server 2016 Security Features

9 Always Encrypted The magic is in the encryption keys 9 | 4/10/2019 |
9 | 4/10/2019 | SQL Server 2016 Security Features

10 Always Encrypted Demo 10 | 4/10/2019 |
10 | 4/10/2019 | SQL Server 2016 Security Features

11 Dynamic Data Masking Limits Sensitive Data Exposure
Sensitive data is masked Administrators control access Useful for Compliance Helps adhering to privacy standards imposed by regulation authorities. Application Transparency No application changes. Existing queries keep working. 11 | 4/10/2019 | SQL Server 2016 Security Features

12 Dynamic Data Masking 12 | 4/10/2019 |
12 | 4/10/2019 | SQL Server 2016 Security Features

13 Dynamic Data Masking Obfuscates data using 4 masking functions
Default: depends on data type aXXX.XXXX.com Partial: prefixXXXXXXsuffix Random: random number in a range Data is stored unmasked Masking happens on result set formation. GRANT UNMASK to disclose data Works in Azure SQL Database (preview) 13 | 4/10/2019 | SQL Server 2016 Security Features

14 Dynamic Data Masking Demo 14 | 4/10/2019 |
14 | 4/10/2019 | SQL Server 2016 Security Features

15 Row Level Security Fine-grained access control
In multi-tenant databases, limits access by users who share the same tables. Centralized Security Logic Predicate-based access control logic resides inside the database and is schema-bound to the tables it protects. Application Transparency No application changes. Existing queries keep working. 15 | 4/10/2019 | SQL Server 2016 Security Features

16 Row Level Security 16 | 4/10/2019 | SQL Server 2016 Security Features

17 Row Level Security Predicate function Security predicate
User-defined inline iTVF implementing access control logic Can be arbitrarily complicated Security predicate Applies a predicate function to a particular table (APPLY) Two types: filter predicates and blocking predicates Security policy Collection of security predicates Manages security across multiple tables 17 | 4/10/2019 | SQL Server 2016 Security Features

18 Row Level Security Demo 18 | 4/10/2019 |
18 | 4/10/2019 | SQL Server 2016 Security Features

19 Q&A Questions 19 | 4/10/2019 | SQL Server 2016 Security Features

20 References Gianluca Sartori - SQL Saturday #495 SQL Saturday #69
Always Encrypted On MSDN Getting Started With Always Encrypted Performance Impact of Always Encrypted Dynamic Data masking Using Dynamic Data masking Row Level Security on MSDN Introduction to Row Level Security 20 | 4/10/2019 | SQL Server 2016 Security Features

Download ppt "SQL Server 2016 Security Features"

Similar presentations

Overview and Roadmap for Microsoft SQL Server Security

Overview and Roadmap for Microsoft SQL Server Security
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
یا ذالامن و الامان. Virtual Private Database Mohammad Amin Sabbaghian.

یا ذالامن و الامان. Virtual Private Database Mohammad Amin Sabbaghian.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Data Sources Create a connection definition in Cognos Step 2: Create a Cognos Account on Each Data Source Step 1: Import Metadata Step 3: Publish Package.

Data Sources Create a connection definition in Cognos Step 2: Create a Cognos Account on Each Data Source Step 1: Import Metadata Step 3: Publish Package.
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
ORACLE DATABASE SECURITY

ORACLE DATABASE SECURITY
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
Key Management with the Voltage Data Protection Server Luther Martin IEEE P1619.3 May 7, 2007.

Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
SEC835 Practical aspects of security implementation Part 1.

SEC835 Practical aspects of security implementation Part 1.
Chapter 2: SQL – The Basics Objectives: 1.The SQL execution environment 2.SELECT statement 3.SQL Developer & SQL*Plus.

Chapter 2: SQL – The Basics Objectives: 1.The SQL execution environment 2.SELECT statement 3.SQL Developer & SQL*Plus.
PS Security By Deviprasad. Agenda Components of PS Security Security Model User Profiles Roles Permission List. Dynamic Roles Static Roles Building Roles/Rules.

PS Security By Deviprasad. Agenda Components of PS Security Security Model User Profiles Roles Permission List. Dynamic Roles Static Roles Building Roles/Rules.
Database Management System (DBMS) an Introduction DeSiaMore www.desiamore.com/ifm 1.

Database Management System (DBMS) an Introduction DeSiaMore 1.
IMS 4212: Database Security 1 Dr. Lawrence West, Management Dept., University of Central Florida Data & Database Administration Security.

IMS 4212: Database Security 1 Dr. Lawrence West, Management Dept., University of Central Florida Data & Database Administration Security.
Security Considerations Steve Perry

Security Considerations Steve Perry
Indexes and Views Unit 7.

Indexes and Views Unit 7.
Mission critical features in SQL 2016 David Lyth Pat Martin Premier Field Engineers, Microsoft New Zealand.

Mission critical features in SQL 2016 David Lyth Pat Martin Premier Field Engineers, Microsoft New Zealand.
Kristina Rumpff Securing Data on your Terms DAT33 1.

Kristina Rumpff Securing Data on your Terms DAT33 1.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
SQL SERVER AUDITING. Jean Joseph DBA/Consultant Contact Info: Blog: https://tsqlhelp.wordpress.com/https://tsqlhelp.wordpress.com/

SQL SERVER AUDITING. Jean Joseph DBA/Consultant Contact Info: Blog:

Similar presentations

Ads by Google