SlideShare una empresa de Scribd logo

Seguridad en sql server 2016 y 2017

Descargar como PPTX, PDF
Maximiliano Accotto
Maximiliano Accotto

Nuevas funcionalidades de seguridad en SQL 2016 y 2017

Software
1 de 16
Seguridad en SQL Server 2014 / 2016 y 2017 Maximiliano Accotto | MVP Data Platform desde el 2005 Owner Triggerdb Consulting | www.triggerdb.com
BIOGRAPHY POINT THREE Especialista en Data Platform con mas de 15 años de experiencia en trabajos de (tuning – seguridad – migraciones – Desarrollo – BI – Alta disponibilidad – Big data y Machine Learning Maximiliano Accotto BIOGRAPHY POINT ONE Owner TriggerDB Consulting SRL | www.triggerdb.com BIOGRAPHY POINT TWO Microsoft MVP Data Platform desde el año 2005. https://twitter.com/m axiaccotto https://www.linkedin.c om/in/maxiaccotto/
Row Level Security
Store data intended for many consumers in a single database/table while at the same time restricting row-level read and write access based on users’ execution context. Benefits of row-level security (RLS) Security Fine-grained access control Keeping multitenant databases secure by limiting access by other users who share the same tables Application transparency RLS works transparently at query time, no app changes needed Compatible with RLS in other leading products Centralized security logic Enforcement logic resides inside database and is schema-bound to the table it protects providing greater security. Reduced application maintenance and complexity
CREATE FUNCTION dbo.fn_securitypredicate(@wing int) RETURNS TABLE WITH SCHEMABINDING AS return SELECT 1 as [fn_securitypredicate_result] FROM StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND @wing = d.Wing; CREATE SECURITY POLICY dbo.SecPol ADD FILTER PREDICATE dbo.fn_securitypredicate(Wing) ON Patients WITH (STATE = ON) Fine-grained access control over rows in a table based on one or more pre-defined filtering criteria, such as user’s role or clearance level in organization Concepts: Predicate function Security policy Example
Dynamic Data Masking
Limit access to sensitive data by defining policies to obfuscate specific database fields, without affecting the integrity of the database. Benefits of dynamic data masking Security Regulatory compliance Sensitive data protection Agility and transparency Data is masked on the fly, with underlying data in the database remaining intact. Transparent to the application and applied according to user privilege
Always encrypted
Allows customers to securely store sensitive data outside of their trust boundary. Data remains protected from high-privileged, yet unauthorized users. The need for Always Encrypted Security Prevents data disclosure Client-side encryption of sensitive data using keys that are never given to the database system Queries on encrypted data Support for equality comparison, including join, group by, and distinct operators Application transparency Minimal application changes via server and client library enhancements
Key provisioning Security Security Officer 1. Generate CEKs and master key 2. Encrypt CEK 3. Store master key securely 4. Upload encrypted CEK to DB CMK store: Certificate store HSM Azure Key Vault … Encrypted CEK Column encryption key (CEK) Column master key (CMK) CMK Database Encrypted CEK
Data remains encrypted during query Summary: Always Encrypted Protect data at rest and in motion, on-premises and in the cloud Capability ADO.Net client library provides transparent client-side encryption, while SQL Server executes T-SQL queries on encrypted data Benefits Apps TCE-enabled ADO .NET library SQL ServerEncrypted query Columnar key No app changes Master key Security
Backup Encrypted
Backup encryption Security • Increase security of backups stored separate from the instance (another environment such as the Cloud) • Encryption keys can be stored on-prem while backup files in the cloud • Support non-encrypted databases (don’t need to turn on Transparent Data Encryption anymore) • Different policies for databases and their backups
BACKUP DATABASE <dbname> TO <device> = <path to device> WITH ENCRYPTION ( ALGORITHM = <Algorithm_name> , { SERVER CERTIFICATE = <Encryptor_Name> | SERVER ASYMMETRIC KEY = <Encryptor_Name> } ); No changes to RESTORE Backup encryption
¿DUDAS O PREGUNTAS?
GRACIAS POR PARTICIPAR

Recomendados

SharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceSharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceOlav Tvedt
 
Php Frameworks
Php FrameworksPhp Frameworks
Php FrameworksManifest Infotech
 
Enterprise File Fabric for Genomics
Enterprise File Fabric for Genomics Enterprise File Fabric for Genomics
Enterprise File Fabric for Genomics Hybrid Cloud
 
Azure security infographic 2014 sec
Azure security infographic 2014 secAzure security infographic 2014 sec
Azure security infographic 2014 secKesavan Munuswamy
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
 
Azure Information Protection at the Cybercrime and Security Forum 2018
Azure Information Protection at the Cybercrime and Security Forum 2018Azure Information Protection at the Cybercrime and Security Forum 2018
Azure Information Protection at the Cybercrime and Security Forum 2018Albert Hoitingh
 
1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architectureCloud Genius
 
Presentation1
Presentation1Presentation1
Presentation1Kollipara Kiranmai
 

Recomendados

SharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceSharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceOlav Tvedt
 
Php Frameworks
Php FrameworksPhp Frameworks
Php FrameworksManifest Infotech
 
Enterprise File Fabric for Genomics
Enterprise File Fabric for Genomics Enterprise File Fabric for Genomics
Enterprise File Fabric for Genomics Hybrid Cloud
 
Azure security infographic 2014 sec
Azure security infographic 2014 secAzure security infographic 2014 sec
Azure security infographic 2014 secKesavan Munuswamy
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
 
Azure Information Protection at the Cybercrime and Security Forum 2018
Azure Information Protection at the Cybercrime and Security Forum 2018Azure Information Protection at the Cybercrime and Security Forum 2018
Azure Information Protection at the Cybercrime and Security Forum 2018Albert Hoitingh
 
1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architectureCloud Genius
 
Presentation1
Presentation1Presentation1
Presentation1Kollipara Kiranmai
 
Getting answers to your top questions for your cloud
Getting answers to your top questions for your cloudGetting answers to your top questions for your cloud
Getting answers to your top questions for your cloudOm Vaiti
 
Securing elastic applications_on_mobile_devices
Securing elastic applications_on_mobile_devicesSecuring elastic applications_on_mobile_devices
Securing elastic applications_on_mobile_devicesfirzhan naqash
 
Best Security Focussed CMS: Drupal 8
Best Security Focussed CMS: Drupal 8Best Security Focussed CMS: Drupal 8
Best Security Focussed CMS: Drupal 8OpenSense Labs
 
Barry Smith Access Control CV-05-2016
Barry Smith Access Control CV-05-2016Barry Smith Access Control CV-05-2016
Barry Smith Access Control CV-05-2016Barry Smith
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 
Bevywise MQTT Broker
Bevywise MQTT Broker Bevywise MQTT Broker
Bevywise MQTT Broker Ranjith Kumar
 
Managing a complex database toolbar application for ie, chrome & firefox
Managing a complex database toolbar application for ie, chrome & firefoxManaging a complex database toolbar application for ie, chrome & firefox
Managing a complex database toolbar application for ie, chrome & firefoxMike Taylor
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionRobert Crane
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT PlatformRanjith Kumar
 
Azure information protection and SharePoint
Azure information protection and SharePoint Azure information protection and SharePoint
Azure information protection and SharePoint Albert Hoitingh
 
Kaseya Connect 2013: Kaseya Keynote
Kaseya Connect 2013: Kaseya KeynoteKaseya Connect 2013: Kaseya Keynote
Kaseya Connect 2013: Kaseya KeynoteKaseya
 
30 days
30 days30 days
30 daysJoakim Reinert Knutsen
 
SPS Geneva - Azure information protection
SPS Geneva - Azure information protectionSPS Geneva - Azure information protection
SPS Geneva - Azure information protectionAlbert Hoitingh
 
Sql Server Security
Sql Server SecuritySql Server Security
Sql Server SecurityVinod Kumar
 
Geek Sync | Meeting Security Benchmarks and Compliance with Microsoft SQL Ser...
Geek Sync | Meeting Security Benchmarks and Compliance with Microsoft SQL Ser...Geek Sync | Meeting Security Benchmarks and Compliance with Microsoft SQL Ser...
Geek Sync | Meeting Security Benchmarks and Compliance with Microsoft SQL Ser...IDERA Software
 
Assessing security of your Active Directory
Assessing security of your Active DirectoryAssessing security of your Active Directory
Assessing security of your Active DirectoryAldo Elam Majiah
 
Cloud App Security
Cloud App SecurityCloud App Security
Cloud App SecurityAlvaro Rezende
 
Azure information protection
Azure information protectionAzure information protection
Azure information protectionKjetil Lund-Paulsen
 
Netserv Technology Services
Netserv Technology ServicesNetserv Technology Services
Netserv Technology Servicessthicks14
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEcscpconf
 
Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentationstefanjung
 

Más contenido relacionado

La actualidad más candente

Getting answers to your top questions for your cloud
Getting answers to your top questions for your cloudGetting answers to your top questions for your cloud
Getting answers to your top questions for your cloudOm Vaiti
 
Securing elastic applications_on_mobile_devices
Securing elastic applications_on_mobile_devicesSecuring elastic applications_on_mobile_devices
Securing elastic applications_on_mobile_devicesfirzhan naqash
 
Best Security Focussed CMS: Drupal 8
Best Security Focussed CMS: Drupal 8Best Security Focussed CMS: Drupal 8
Best Security Focussed CMS: Drupal 8OpenSense Labs
 
Barry Smith Access Control CV-05-2016
Barry Smith Access Control CV-05-2016Barry Smith Access Control CV-05-2016
Barry Smith Access Control CV-05-2016Barry Smith
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 
Bevywise MQTT Broker
Bevywise MQTT Broker Bevywise MQTT Broker
Bevywise MQTT Broker Ranjith Kumar
 
Managing a complex database toolbar application for ie, chrome & firefox
Managing a complex database toolbar application for ie, chrome & firefoxManaging a complex database toolbar application for ie, chrome & firefox
Managing a complex database toolbar application for ie, chrome & firefoxMike Taylor
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionRobert Crane
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT PlatformRanjith Kumar
 
Azure information protection and SharePoint
Azure information protection and SharePoint Azure information protection and SharePoint
Azure information protection and SharePoint Albert Hoitingh
 
Kaseya Connect 2013: Kaseya Keynote
Kaseya Connect 2013: Kaseya KeynoteKaseya Connect 2013: Kaseya Keynote
Kaseya Connect 2013: Kaseya KeynoteKaseya
 
SPS Geneva - Azure information protection
SPS Geneva - Azure information protectionSPS Geneva - Azure information protection
SPS Geneva - Azure information protectionAlbert Hoitingh
 
Sql Server Security
Sql Server SecuritySql Server Security
Sql Server SecurityVinod Kumar
 
Geek Sync | Meeting Security Benchmarks and Compliance with Microsoft SQL Ser...
Geek Sync | Meeting Security Benchmarks and Compliance with Microsoft SQL Ser...Geek Sync | Meeting Security Benchmarks and Compliance with Microsoft SQL Ser...
Geek Sync | Meeting Security Benchmarks and Compliance with Microsoft SQL Ser...IDERA Software
 
Assessing security of your Active Directory
Assessing security of your Active DirectoryAssessing security of your Active Directory
Assessing security of your Active DirectoryAldo Elam Majiah
 
Netserv Technology Services
Netserv Technology ServicesNetserv Technology Services
Netserv Technology Servicessthicks14
 

La actualidad más candente (19)

Getting answers to your top questions for your cloud
Getting answers to your top questions for your cloudGetting answers to your top questions for your cloud
Getting answers to your top questions for your cloud
 
Securing elastic applications_on_mobile_devices
Securing elastic applications_on_mobile_devicesSecuring elastic applications_on_mobile_devices
Securing elastic applications_on_mobile_devices
 
Best Security Focussed CMS: Drupal 8
Best Security Focussed CMS: Drupal 8Best Security Focussed CMS: Drupal 8
Best Security Focussed CMS: Drupal 8
 
Barry Smith Access Control CV-05-2016
Barry Smith Access Control CV-05-2016Barry Smith Access Control CV-05-2016
Barry Smith Access Control CV-05-2016
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
 
Bevywise MQTT Broker
Bevywise MQTT Broker Bevywise MQTT Broker
Bevywise MQTT Broker
 
Managing a complex database toolbar application for ie, chrome & firefox
Managing a complex database toolbar application for ie, chrome & firefoxManaging a complex database toolbar application for ie, chrome & firefox
Managing a complex database toolbar application for ie, chrome & firefox
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT Platform
 
Azure information protection and SharePoint
Azure information protection and SharePoint Azure information protection and SharePoint
Azure information protection and SharePoint
 
Kaseya Connect 2013: Kaseya Keynote
Kaseya Connect 2013: Kaseya KeynoteKaseya Connect 2013: Kaseya Keynote
Kaseya Connect 2013: Kaseya Keynote
 
30 days
30 days30 days
30 days
 
SPS Geneva - Azure information protection
SPS Geneva - Azure information protectionSPS Geneva - Azure information protection
SPS Geneva - Azure information protection
 
Sql Server Security
Sql Server SecuritySql Server Security
Sql Server Security
 
Geek Sync | Meeting Security Benchmarks and Compliance with Microsoft SQL Ser...
Geek Sync | Meeting Security Benchmarks and Compliance with Microsoft SQL Ser...Geek Sync | Meeting Security Benchmarks and Compliance with Microsoft SQL Ser...
Geek Sync | Meeting Security Benchmarks and Compliance with Microsoft SQL Ser...
 
Assessing security of your Active Directory
Assessing security of your Active DirectoryAssessing security of your Active Directory
Assessing security of your Active Directory
 
Cloud App Security
Cloud App SecurityCloud App Security
Cloud App Security
 
Azure information protection
Azure information protectionAzure information protection
Azure information protection
 
Netserv Technology Services
Netserv Technology ServicesNetserv Technology Services
Netserv Technology Services
 

Similar a Seguridad en sql server 2016 y 2017

A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEcscpconf
 
Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentationstefanjung
 
The Benefits of Having a Data Privacy Vault Tech domain news.pdf
The Benefits of Having a Data Privacy Vault Tech domain news.pdfThe Benefits of Having a Data Privacy Vault Tech domain news.pdf
The Benefits of Having a Data Privacy Vault Tech domain news.pdfDomain News Tech
 
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITYBLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITYijccsa
 
CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...
CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...
CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...csijjournal
 
Blockchain based Data Security as a Service in Cloud Platform Security
Blockchain based Data Security as a Service in Cloud Platform SecurityBlockchain based Data Security as a Service in Cloud Platform Security
Blockchain based Data Security as a Service in Cloud Platform Securityijccsa
 
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITYBLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITYijccsa
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
IRJET-Domain Data Security on Cloud
IRJET-Domain Data Security on CloudIRJET-Domain Data Security on Cloud
IRJET-Domain Data Security on CloudIRJET Journal
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Jishnu Pradeep
 
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeAsug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeDharma Atluri
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanNCCOMMS
 
Concurrent And Independent Access To Encrypted Cloud Databases
Concurrent And Independent Access To Encrypted Cloud DatabasesConcurrent And Independent Access To Encrypted Cloud Databases
Concurrent And Independent Access To Encrypted Cloud DatabasesEditor IJMTER
 
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...IRJET Journal
 
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...System Approach for Single Keyword Search for Encrypted Data Files Guarantees...
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...IRJET Journal
 

Similar a Seguridad en sql server 2016 y 2017 (20)

A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
 
Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentation
 
The Benefits of Having a Data Privacy Vault Tech domain news.pdf
The Benefits of Having a Data Privacy Vault Tech domain news.pdfThe Benefits of Having a Data Privacy Vault Tech domain news.pdf
The Benefits of Having a Data Privacy Vault Tech domain news.pdf
 
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITYBLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
 
CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...
CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...
CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...
 
Blockchain based Data Security as a Service in Cloud Platform Security
Blockchain based Data Security as a Service in Cloud Platform SecurityBlockchain based Data Security as a Service in Cloud Platform Security
Blockchain based Data Security as a Service in Cloud Platform Security
 
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITYBLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
IRJET-Domain Data Security on Cloud
IRJET-Domain Data Security on CloudIRJET-Domain Data Security on Cloud
IRJET-Domain Data Security on Cloud
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)
 
Paper1
Paper1Paper1
Paper1
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeAsug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
 
Concurrent And Independent Access To Encrypted Cloud Databases
Concurrent And Independent Access To Encrypted Cloud DatabasesConcurrent And Independent Access To Encrypted Cloud Databases
Concurrent And Independent Access To Encrypted Cloud Databases
 
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
IRJET- Mutual Key Oversight Procedure for Cloud Security and Distribution of ...
 
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...System Approach for Single Keyword Search for Encrypted Data Files Guarantees...
System Approach for Single Keyword Search for Encrypted Data Files Guarantees...
 

Más de Maximiliano Accotto

SQL Server 2019 Big Data Cluster
SQL Server 2019 Big Data ClusterSQL Server 2019 Big Data Cluster
SQL Server 2019 Big Data ClusterMaximiliano Accotto
 
Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Maximiliano Accotto
 
Bootcamp 2017 - SQL Server on Linux
Bootcamp 2017 - SQL Server on LinuxBootcamp 2017 - SQL Server on Linux
Bootcamp 2017 - SQL Server on LinuxMaximiliano Accotto
 
Auditoria performance SQL Server
Auditoria performance SQL ServerAuditoria performance SQL Server
Auditoria performance SQL ServerMaximiliano Accotto
 

Más de Maximiliano Accotto (20)

SQL Server 2019 Big Data Cluster
SQL Server 2019 Big Data ClusterSQL Server 2019 Big Data Cluster
SQL Server 2019 Big Data Cluster
 
Modernizando plataforma de bi
Modernizando plataforma de biModernizando plataforma de bi
Modernizando plataforma de bi
 
Microsoft machine learning
Microsoft machine learningMicrosoft machine learning
Microsoft machine learning
 
Sql server machine learning
Sql server machine learningSql server machine learning
Sql server machine learning
 
Machine Learning en SQL Server
Machine Learning en SQL ServerMachine Learning en SQL Server
Machine Learning en SQL Server
 
Solucion de BI en Azure
Solucion de BI en AzureSolucion de BI en Azure
Solucion de BI en Azure
 
Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017Seguridad en sql server 2016 y 2017
Seguridad en sql server 2016 y 2017
 
Sql 2016 2017 full
Sql 2016 2017 fullSql 2016 2017 full
Sql 2016 2017 full
 
SQL on linux
SQL on linuxSQL on linux
SQL on linux
 
Sql 2017 net raf
Sql 2017 net rafSql 2017 net raf
Sql 2017 net raf
 
Net conf uy 2017 sql 2017
Net conf uy 2017 sql 2017Net conf uy 2017 sql 2017
Net conf uy 2017 sql 2017
 
Machine Learning en SQL Server
Machine Learning en SQL ServerMachine Learning en SQL Server
Machine Learning en SQL Server
 
SQL on Azure
SQL on AzureSQL on Azure
SQL on Azure
 
Bootcamp 2017 - SQL Server on Linux
Bootcamp 2017 - SQL Server on LinuxBootcamp 2017 - SQL Server on Linux
Bootcamp 2017 - SQL Server on Linux
 
SQL Linux - Instalación
SQL Linux - Instalación SQL Linux - Instalación
SQL Linux - Instalación
 
Feliz 2016 ppt
Feliz 2016 pptFeliz 2016 ppt
Feliz 2016 ppt
 
Auditoria performance SQL Server
Auditoria performance SQL ServerAuditoria performance SQL Server
Auditoria performance SQL Server
 
Workshop sql
Workshop sqlWorkshop sql
Workshop sql
 
Sql 2016
Sql 2016Sql 2016
Sql 2016
 
TriggerDB Brochure
TriggerDB BrochureTriggerDB Brochure
TriggerDB Brochure
 

Último

SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 

Último (20)

SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Odoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting ServiceOdoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting Service
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 

Seguridad en sql server 2016 y 2017

  • 1. Seguridad en SQL Server 2014 / 2016 y 2017 Maximiliano Accotto | MVP Data Platform desde el 2005 Owner Triggerdb Consulting | www.triggerdb.com
  • 2. BIOGRAPHY POINT THREE Especialista en Data Platform con mas de 15 años de experiencia en trabajos de (tuning – seguridad – migraciones – Desarrollo – BI – Alta disponibilidad – Big data y Machine Learning Maximiliano Accotto BIOGRAPHY POINT ONE Owner TriggerDB Consulting SRL | www.triggerdb.com BIOGRAPHY POINT TWO Microsoft MVP Data Platform desde el año 2005. https://twitter.com/m axiaccotto https://www.linkedin.c om/in/maxiaccotto/
  • 4. Store data intended for many consumers in a single database/table while at the same time restricting row-level read and write access based on users’ execution context. Benefits of row-level security (RLS) Security Fine-grained access control Keeping multitenant databases secure by limiting access by other users who share the same tables Application transparency RLS works transparently at query time, no app changes needed Compatible with RLS in other leading products Centralized security logic Enforcement logic resides inside database and is schema-bound to the table it protects providing greater security. Reduced application maintenance and complexity
  • 5. CREATE FUNCTION dbo.fn_securitypredicate(@wing int) RETURNS TABLE WITH SCHEMABINDING AS return SELECT 1 as [fn_securitypredicate_result] FROM StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND @wing = d.Wing; CREATE SECURITY POLICY dbo.SecPol ADD FILTER PREDICATE dbo.fn_securitypredicate(Wing) ON Patients WITH (STATE = ON) Fine-grained access control over rows in a table based on one or more pre-defined filtering criteria, such as user’s role or clearance level in organization Concepts: Predicate function Security policy Example
  • 7. Limit access to sensitive data by defining policies to obfuscate specific database fields, without affecting the integrity of the database. Benefits of dynamic data masking Security Regulatory compliance Sensitive data protection Agility and transparency Data is masked on the fly, with underlying data in the database remaining intact. Transparent to the application and applied according to user privilege
  • 9. Allows customers to securely store sensitive data outside of their trust boundary. Data remains protected from high-privileged, yet unauthorized users. The need for Always Encrypted Security Prevents data disclosure Client-side encryption of sensitive data using keys that are never given to the database system Queries on encrypted data Support for equality comparison, including join, group by, and distinct operators Application transparency Minimal application changes via server and client library enhancements
  • 10. Key provisioning Security Security Officer 1. Generate CEKs and master key 2. Encrypt CEK 3. Store master key securely 4. Upload encrypted CEK to DB CMK store: Certificate store HSM Azure Key Vault … Encrypted CEK Column encryption key (CEK) Column master key (CMK) CMK Database Encrypted CEK
  • 11. Data remains encrypted during query Summary: Always Encrypted Protect data at rest and in motion, on-premises and in the cloud Capability ADO.Net client library provides transparent client-side encryption, while SQL Server executes T-SQL queries on encrypted data Benefits Apps TCE-enabled ADO .NET library SQL ServerEncrypted query Columnar key No app changes Master key Security
  • 13. Backup encryption Security • Increase security of backups stored separate from the instance (another environment such as the Cloud) • Encryption keys can be stored on-prem while backup files in the cloud • Support non-encrypted databases (don’t need to turn on Transparent Data Encryption anymore) • Different policies for databases and their backups
  • 14. BACKUP DATABASE <dbname> TO <device> = <path to device> WITH ENCRYPTION ( ALGORITHM = <Algorithm_name> , { SERVER CERTIFICATE = <Encryptor_Name> | SERVER ASYMMETRIC KEY = <Encryptor_Name> } ); No changes to RESTORE Backup encryption

Notas del editor

  1. Source: https://msdn.microsoft.com/en-us/library/bb510411(v=sql.130).aspx#RLS Row level security introduces predicate based access control. It features a flexible, centralized, predicate-based evaluation that can take into consideration metadata (such as labels) or any other criteria the administrator determines as appropriate. The predicate is used as a criterion to determine whether or not the user has the appropriate access to the data based on user attributes. Label based access control can be implemented by using predicate based access control. For more information, see Row-Level Security.
  2. Source: https://msdn.microsoft.com/en-us/library/dn765131(v=sql.130).aspx
  3. Source: https://msdn.microsoft.com/en-us/library/bb510411(v=sql.130).aspx#RLS Row-level security introduces predicate-based access control. It features a flexible, centralized, predicate-based evaluation that can take into consideration metadata (such as labels) or any other criteria the administrator determines as appropriate. The predicate is used to determine whether or not the user has the appropriate access to the data based on user attributes. Label-based access control can be implemented by using predicate-based access control. For more information, see Row-Level Security.
  4. Source: https://msdn.microsoft.com/en-us/library/mt147923(v=sql.130).aspx Creating and registering a custom Column Master Key Store Provider Information the driver receives from SQL Server for query parameters which need to be encrypted, and for query results which need to be decrypted, includes: An encrypted value of a column encryption key, which should be used to encrypt or decrypt a parameter or a result. The name of a key store provider that encapsulates a key store containing the column master key which was used to encrypt the column encryption key. A key path that specifies the location of the column master key in the key store. The name of the algorithm that was used to encrypt the column encryption key. The driver uses the above information to use the key store provider implementation to decrypt the retrieved encrypted value of the column encryption key, which is subsequently used to either encrypt a query parameter or to decrypt a query result. The driver comes with an implementation for one system provider: SqlColumnEncryptionCertificateStoreProvider which can be used to store column master keys in Windows Certificate Store. You can use a custom key store provider by extending the SqlColumnEncryptionKeyStoreProvider class and registering it using the SqlConnection.RegisterColumnEncryptionKeyStoreProviders() method.
  5. Source: Source: https://msdn.microsoft.com/en-us/library/mt163865(v=sql.130).aspx When it comes to mission critical security we are introducing a unique encryption technology that protects data at rest and in motion and can be full queried while encrypted. The new ADO .NET library provide transparent client-side ecryption, while SQL Server executes T-SQL queries on encrypted data. The master keys stay with the application and not with SQL Server. This can work on-premises or SQL Server in Azure VM. So think about the hybrid scenarios where you wanted to take advantage of Azure cloud computing, but for certain data could not take advantage of cloud scale due to data security requirements. This technology ensures your data is always encrypted. Best of all no application changes are required.
  6. Source: https://msdn.microsoft.com/en-us/library/mt147923(v=sql.130).aspx Creating and registering a custom Column Master Key Store Provider Information the driver receives from SQL Server for query parameters which need to be encrypted, and for query results which need to be decrypted, includes: An encrypted value of a column encryption key, which should be used to encrypt or decrypt a parameter or a result. The name of a key store provider that encapsulates a key store containing the column master key which was used to encrypt the column encryption key. A key path that specifies the location of the column master key in the key store. The name of the algorithm that was used to encrypt the column encryption key. The driver uses the above information to use the key store provider implementation to decrypt the retrieved encrypted value of the column encryption key, which is subsequently used to either encrypt a query parameter or to decrypt a query result. The driver comes with an implementation for one system provider: SqlColumnEncryptionCertificateStoreProvider which can be used to store column master keys in Windows Certificate Store. You can use a custom key store provider by extending the SqlColumnEncryptionKeyStoreProvider class and registering it using the SqlConnection.RegisterColumnEncryptionKeyStoreProviders() method.