Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Gregory A. Larsen Redmond SQL Saturday April 27, 2019

Published byよいかず のじま Modified over 6 years ago

Similar presentations

Presentation on theme: "By Gregory A. Larsen Redmond SQL Saturday April 27, 2019"— Presentation transcript:

1 By Gregory A. Larsen Redmond SQL Saturday April 27, 2019
Static Data Masking By Gregory A. Larsen Redmond SQL Saturday April 27, 2019

2 Please Thank our Sponsors:

3 Agenda Why mask our data What is Static Data Masking
Requirements for Static Data Masking Static Data Masking Features Limitations Demo Recap

4 Why masked your data Avoid accidental exposing of sensitive data
Breach’s cost US companies billions of $ annually Increasing security posture Simple to accomplish

5 What is Static Data Masking
permanently replacing sensitive data with meaningless values

6 Requirements for Static Data Masking
Need SSMS version 18.0 preview 5 or above GA made available on April 24, 2019 ( Database being masked must be on version SQL Server 2012 or above

7 Static Data Masking Features
5 different Masking Methods SSMS GUI used for identifying masking criteria Masking criteria stored in XML file Perform the actual static masking via SSMS GUI

8 NULL Masking Criteria Replaces column value with NULL
Returns error if column doesn’t allow NULL values

9 Single Value Replaces column with single fixed value
Fixed value must be convertible to column data type

10 Shuffle Column values are shuffled to new rows
No new data is generated Option to maintain NULL entries

11 Group Shuffle Masking Criteria
Shuffles multiple column together Useful for keeping related data together (i.e Address, city, and postalcode) Can provide multiple shuffle groups on a single table Must define unique name for each group shuffle within a table Shuffle group names are case sensitive

12 String Composite Masking Criteria
Generates random strings along a pattern RegEx like patterns to identify masking requirements Allows for subsection of data to be replaced with a fixed or random string

13 Specifying Masking Criteria Using SSMS GUI

14 Masking Criteria Stored in XML

15 Limitations Does not support databases with temporal tables
Does not mask memory-optimized tables. Does not mask computed columns, and identity columns. Does not support Azure SQL Hyperscale databases. Does not support geometry and geography datatypes. Static Data Masking does not update histogram statistics Should run UPDATE STATISTICS after cloned database created (SQL Server only) The data and log files may still contain bits of sensitive data in unallocated memory. This data can be read using hex editor If Static Data Masking returns an error: Masking is suspended Cloned database is not deleted, and may contain confidential data

16 Demo Masking Criteria Table.Column Masking Specifications
CreditCard.CreditCardNum String Composite (replace first 10 digits with X’s). CreditCard.SecurityCode Single Value (replace all values with 123) Client.ClientName Shuffle Client.BirthDate Null Client. Addr String Composite (keep domain, but replace portion prior sign with a random value) Client.AddrLine Group Shuffle Client.City Client.PostalCode

17 Recap Masking criteria shows columns in alphabetic order
Statically masked database on same server as original DB Backup created is not a copy only backup GUI tool cumbersome, might consider using XML format No way to automate the masking process

18 Resourses SQL Server documentation Article
Article

19 Questions My contact information:

Download ppt "By Gregory A. Larsen Redmond SQL Saturday April 27, 2019"

Similar presentations

GP2013 (R2) New features in GP2013 (R2). New Ribbon for windows Edit List is the Print button on the right without the paper background Action pane can.

GP2013 (R2) New features in GP2013 (R2). New Ribbon for windows Edit List is the Print button on the right without the paper background Action pane can.
Migrating to EPiServer CMS 5 Johan Björnfot -

Migrating to EPiServer CMS 5 Johan Björnfot -
Chapter 4: Organizing and Manipulating the Data in Databases

Chapter 4: Organizing and Manipulating the Data in Databases
How a little code can help with support.. Chris Barba – Developer at Cimarex Energy Blog:

How a little code can help with support.. Chris Barba – Developer at Cimarex Energy Blog:
DAY 14: ACCESS CHAPTER 1 Tazin Afrin October 03, 2013 1.

DAY 14: ACCESS CHAPTER 1 Tazin Afrin October 03,
ISV Innovation Presented by ISV Innovation Presented by Business Intelligence Fundamentals: Data Cleansing Ola Ekdahl IT Mentors 9/12/08.

ISV Innovation Presented by ISV Innovation Presented by Business Intelligence Fundamentals: Data Cleansing Ola Ekdahl IT Mentors 9/12/08.
Chapter 10: The Data Tier We discuss back-end data storage for Web applications, relational data, and using the MySQL database server for back-end storage.

Chapter 10: The Data Tier We discuss back-end data storage for Web applications, relational data, and using the MySQL database server for back-end storage.
Database structure and space Management. Database Structure An ORACLE database has both a physical and logical structure. By separating physical and logical.

Database structure and space Management. Database Structure An ORACLE database has both a physical and logical structure. By separating physical and logical.
Component 4: Introduction to Information and Computer Science Unit 6a Databases and SQL.

Component 4: Introduction to Information and Computer Science Unit 6a Databases and SQL.
Importing Data from a Spreadsheet If you came to this presentation via a web browser, right-click and choose “Full Screen” before proceeding. Click mouse.

Importing Data from a Spreadsheet If you came to this presentation via a web browser, right-click and choose “Full Screen” before proceeding. Click mouse.
Retele de senzori Curs 2 - 1st edition UNIVERSITATEA „ TRANSILVANIA ” DIN BRAŞOV FACULTATEA DE INGINERIE ELECTRICĂ ŞI ŞTIINŢA CALCULATOARELOR.

Retele de senzori Curs 2 - 1st edition UNIVERSITATEA „ TRANSILVANIA ” DIN BRAŞOV FACULTATEA DE INGINERIE ELECTRICĂ ŞI ŞTIINŢA CALCULATOARELOR.
Enterprise Database Systems Introduction to SQL Server Dr. Georgia Garani Dr. Theodoros Mitakos Technological.

Enterprise Database Systems Introduction to SQL Server Dr. Georgia Garani Dr. Theodoros Mitakos Technological.
SQL Server 2016 Security Features Marek Chmel Microsoft MVP: Data Platform Microsoft MCT: Regional Lead MCSE: Data Platform Certified Ethical Hacker.

SQL Server 2016 Security Features Marek Chmel Microsoft MVP: Data Platform Microsoft MCT: Regional Lead MCSE: Data Platform Certified Ethical Hacker.
To play, start slide show and click on circle Access 1 Access 2 Access 3 Access 4 Access 5 1 2 4 3 5 Access 6 2 1 4 3 2 1 4 3 1 2 3 4 5 4 3 2 1 55 5.

To play, start slide show and click on circle Access 1 Access 2 Access 3 Access 4 Access Access
Data Integrity & Indexes / Session 1/ 1 of 37 Session 1 Module 1: Introduction to Data Integrity Module 2: Introduction to Indexes.

Data Integrity & Indexes / Session 1/ 1 of 37 Session 1 Module 1: Introduction to Data Integrity Module 2: Introduction to Indexes.
Azure SQL Database Updates

Azure SQL Database Updates
Temporal Databases Microsoft SQL Server 2016

Temporal Databases Microsoft SQL Server 2016
Miscellaneous Excel Combining Excel and Access.

Miscellaneous Excel Combining Excel and Access.
Module 11: File Structure

Module 11: File Structure
Enterprise Row Level Security: SQL Server 2016 and Azure SQL DB

Enterprise Row Level Security: SQL Server 2016 and Azure SQL DB

Similar presentations

Ads by Google