Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Andrew Fryer Technical Evangelist R2 Data Governance for the IT Manager.

Published byAvice Norton Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Andrew Fryer Technical Evangelist R2 Data Governance for the IT Manager."— Presentation transcript:

1 1 Andrew Fryer Technical Evangelist http://blogs.technet.com/andrew http://blogs.technet.com/andrew R2 Data Governance for the IT Manager

2 2 Determining ComplianceCompliance MonitoringRemediationValidation Governance Written PoliciesBest PracticesEnforcementTraining Risk Management AssessmentPrioritizationPlan of Action Compliance results from policies that indicate a need for risk management

3 3 Addressing Compliance PrioritizationIgnore Mitigation costs may exceed the value of trivial data Example: Non-sensitive data may not be worth securing Avoid It’s better to avoid risks that business needs don’t require Example: Don’t store sensitive data without specific need Mitigate You must mitigate risks that can’t be ignored or avoided Example: Sensitive data must be thoroughly secured

4 4 Mitigation Controls Platform Security Minimize Surface Attack AreaMinimize Surface Attack Area Use latest OS, SP & App’sUse latest OS, SP & App’s Configure Ports & FirewallConfigure Ports & Firewall Identity Management Use Windows AuthenticationUse Windows Authentication Grant only required permissionGrant only required permission Use PBM to validate policyUse PBM to validate policy Separation of Duties Create dedicated role accountsCreate dedicated role accounts Ensure users have only 1 roleEnsure users have only 1 role Restrict use of ‘SA’ accountRestrict use of ‘SA’ accountAuditing Account & Role ChangesAccount & Role Changes All Administrative ActionsAll Administrative Actions Server & Database AccessServer & Database AccessEncryption Data at RestData at Rest During AccessDuring Access During TransportDuring Transport Policy Management RemediationRemediation ValidationValidation Vulnerability ReportingVulnerability Reporting Mitigation Controls Platform Security Minimize Surface Attack AreaMinimize Surface Attack Area Use latest OS, SP & App’sUse latest OS, SP & App’s Configure Ports & FirewallConfigure Ports & Firewall Identity Management Use Windows AuthenticationUse Windows Authentication Grant only required permissionGrant only required permission Use PBM to validate policyUse PBM to validate policy Separation of Duties Create dedicated role accountsCreate dedicated role accounts Ensure users have only 1 roleEnsure users have only 1 role Restrict use of ‘SA’ accountRestrict use of ‘SA’ accountAuditing Account & Role ChangesAccount & Role Changes All Administrative ActionsAll Administrative Actions Server & Database AccessServer & Database AccessEncryption Data at RestData at Rest During AccessDuring Access During TransportDuring Transport Policy Management RemediationRemediation ValidationValidation Vulnerability ReportingVulnerability Reporting

5 5 Analyzing Compliance Requirements Aligning Vulnerabilities to Mitigation Controls Categorize requirements according to their areas of concern: Map those areas of concern to SQL Server and platform capabilities

6 6 Identifying Requirements Examples OS version must be under current Microsoft support A Password change variance, complexity and change time limit policy must be in place Secure Platform Revoke CONNECT privileges from Public and Guest Ensure individual accounts for each user, application, etc. Identity and SOD All data files must be encrypted Provide offline, offsite storage of the Service Master Key Encryption algorithms must be FIPS 140-2 compliant Encryption Server and Database access must be recorded Security assignment changes must be recorded Audit data must be retained for a minimum time period Audit

7 7 New SQL Server 2008 Features Policy Based Management SQL Audit Transparent Data Encryption Extensible Key Management Change Data Capture Data Collection Central Management Servers

8 8 Policy-Based Management (PBM) Customer Challenges Managing IT compliance is too difficult Not enough out-of-box tools to automate the compliance management process There is no clear approach for managing baseline configuration changes between version releases

9 9 Policy Based Management (PBM) Overview Eliminates scripted or manual procedures for compliance configuration and management Policies are entities for automation that declare desired state & execution behavior Custom Policy definitions are easily created using SQL Server Management Studio

10 10 Policy Based Management (PBM) Executes through a built-in Policy Engine: Manually executed by Administrator On Demand Executed as a SQL Agent Job On Schedule Logs configuration changes that would violate policy On Change - Log Only Proactively prevents any changes that would violate policy On Change - Prevent

11 11 SQL Server 2008 Audit Replaces a collection of Microsoft and third-party tools to: Provide a comprehensive approach to Auditing Expose a broader array of events Provide a better management experience Render much higher performance Trace Profiler Logs Triggers

12 12 SQL Server 2008 Audit Feature Architecture Server Audit Specification Server Audit Action Database Audit Specification Database Audit Action SQL Server Audit Object File System File Security Event Log Application Event Log

13 13 SQL Server 2008 Audit Feature Role-Based Security Sys-Admins Creates and manages auditsCreates and manages audits Reads and appends to any audit fileReads and appends to any audit fileOperators Reads audit metadataReads audit metadata Determines whether or not an audit is runningDetermines whether or not an audit is runningAuditor Reads and manages auditsReads and manages audits Reads audit logsReads audit logs Auditor (Read-only) Reads audit metadataReads audit metadata Reads audit logsReads audit logs

14 14 Transparent Data Encryption (TDE) Encrypts data at rest: Detached Data Files Transaction Log Files Backup Files Implemented at the database level Transparent to the application: Requires no application modifications to take advantage of encryption Encryption/Decryption occurs at I/O SQL Server 2008 DEK Client Application Encrypted Data Page

15 15 Extensible Key Management (EKM) Enables centralized storage & management of keys from all SQL Servers in an enterprise Can be used to store both symmetric and asymmetric keys outside the server Depends on 3rd Party Hardware Security Modules (HSM) to provide solutions based on custom implementations of industry standard algorithms

16 16 SQL Server 2008 Compliance Guide Whitepaper: Reaching Compliance Demonstrates How to Achieve Compliance Assessing Vulnerability Defining Risk Mitigation Models Managing Security Configurations Also includes Hands-on Labs

17 17 Session Takeaways 4 Things to Remember Categorize your requirements to align with SQL Server 2008’s approach to managing security and compliance configurations Policy-Based Management (PBM) replaces scripts, BPA, & other CM tools for defining, maintaining, and reporting desired state SQL Audit replaces SQL Profiler, Triggers and 3rd Party Log readers for auditing Leverage the SQL 2008 Compliance Guide and its sample scripts and policies

18 18 Resources Microsoft data governance portal http://www.microsoft.com/privacy/guidance.aspx SQLCAT Compliance Guide for SQL Server 2008 http://sqlcat.com/whitepapers/archive/2008/11/15/reac hing-compliance-sql-server-2008-compliance-guide.aspx Compliance Solution Accelerators (including PCI) http://technet.microsoft.com/en- us/solutionaccelerators/dd229342.aspx

19 19 © 2009 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Download ppt "1 Andrew Fryer Technical Evangelist R2 Data Governance for the IT Manager."

Similar presentations

Your Data Any Place, Any Time Manageability. SQL Server 2008 Manageability Challenges Challenges face database administrators today : Managing complex.

Your Data Any Place, Any Time Manageability. SQL Server 2008 Manageability Challenges Challenges face database administrators today : Managing complex.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Administering Microsoft SQL Server 2012 Databases.

Administering Microsoft SQL Server 2012 Databases.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.
©2012 Microsoft Corporation. All rights reserved..

©2012 Microsoft Corporation. All rights reserved..
Managing LOB Applications by Using System Center Operations Manager Published: March 2007.

Managing LOB Applications by Using System Center Operations Manager Published: March 2007.
Managing and Monitoring SQL Server 2005 Shankar Pal Program Manager SQL Server, Redmond.

Managing and Monitoring SQL Server 2005 Shankar Pal Program Manager SQL Server, Redmond.
SQL Server 2008 for Hosting Key Questions to Address How can SQL Server save your costs? How can SQL Server help you increase customer base? How can.

SQL Server 2008 for Hosting Key Questions to Address How can SQL Server save your costs? How can SQL Server help you increase customer base? How can.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.

Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Module 18 Monitoring SQL Server 2008 R2. Module Overview Monitoring Activity Capturing and Managing Performance Data Analyzing Collected Performance Data.

Module 18 Monitoring SQL Server 2008 R2. Module Overview Monitoring Activity Capturing and Managing Performance Data Analyzing Collected Performance Data.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Introduction to SQL 2005 Security Nick Ward SQL Server Specialist Nick Ward SQL Server Specialist

Introduction to SQL 2005 Security Nick Ward SQL Server Specialist Nick Ward SQL Server Specialist

Similar presentations

Ads by Google