SlideShare a Scribd company logo

Microsoft SQL Family and GDPR

Antonios Chatzipavlis
Antonios Chatzipavlis

Microsoft SQL Family and GDPR

Data & Analytics
1 of 44
Download to read offline
Microsoft SQL Family and GDPR October 8, 2017 Athens, Greece
PresenterInfo 1982 I started working with computers 1988 I started my professional career in computers industry 1996 I started working with SQL Server 6.0 1998 I earned my first certification at Microsoft as Microsoft Certified Solution Developer (3rd in Greece) 1999 I started my career as Microsoft Certified Trainer (MCT) with more than 30.000 hours of training until now! 2010 I became for first time Microsoft MVP on Data Platform I created the SQL School Greece www.sqlschool.gr 2012 I became MCT Regional Lead by Microsoft Learning Program. 2013 I was certified as MCSE : Data Platform I was certified as MCSE : Business Intelligence 2016 I was certified as MCSE: Data Management & Analytics Antonios Chatzipavlis SQL Server Expert SQL Server Evangelist Data Platform MVP MCT, MCSE, MCITP, MCPD, MCSD, MCDBA, MCSA, MCTS, MCAD, MCP, OCA, ITIL-F
SQLschool.gr Μια πηγή ενημέρωσης για τον Microsoft SQL Server προς τους Έλληνες IT Professionals, DBAs, Developers, Information Workers αλλά και απλούς χομπίστες που απλά τους αρέσει ο SQL Server. Help line : help@sqlschool.gr • Articles about SQL Server • SQL Server News • SQL Nights • Webcasts • Downloads • Resources What we are doing here Follow us in socials fb/sqlschoolgr fb/groups/sqlschool @antoniosch @sqlschool yt/c/SqlschoolGr SQL School Greece group S E L E C T K N O W L E D G E F R O M S Q L S E R V E R
▪ Sign up for a free membership today at sqlpass.org. ▪ Linked In: http://www.sqlpass.org/linkedin ▪ Facebook: http://www.sqlpass.org/facebook ▪ Twitter: @SQLPASS ▪ PASS: http://www.sqlpass.org
PASSVIRTUALCHAPTERS
PRESENTATIONCONTENT • Introduction • Data protection in Microsoft SQL family to help address GDPR requirements • Built-in Microsoft SQL technologies that can help address GDPR compliance • Summary
INTRODUCTION
• In this age of digital transformation, protecting privacy and enhancing security have become top of mind. • The upcoming EU General Data Protection Regulation (GDPR) sets a new bar for privacy rights, security, and compliance. • The GDPR mandates many requirements and obligations on organizations across the globe. • Complying with this regulation will necessitate significant investments in data handling and data protection for a very large number of organizations. • Microsoft SQL customers who are subject to the GDPR, whether managing cloud- based or on-premises databases or both, will need to ensure that qualifying data in their database systems is aptly handled and protected according to GDPR principles. ABS TR ACT
• On May 25, 2018, a European privacy law is due to take effect that sets a new global bar for privacy rights, security, and compliance. - The General Data Protection Regulation, or GDPR, is fundamentally about protecting and enabling the privacy rights of individuals. • The GDPR establishes - strict global privacy requirements - governing how personal data is managed and protected, - while respecting individual choice. TH E GDPR AND I TS I MPLI CATI ONS
• To achieve its objectives, the GDPR introduces several specific requirements related to the rights of individuals, such as - the right to access their personal data, - correct inaccuracies, - erase data, - object to processing of their data, - and the right to obtain a copy of their data. • The GDPR also seeks to ensure - personal data is protected no matter where it is sent, - processed, - or stored. TH E GDPR AND I TS I MPLI CATI ONS
OBLI GATI ONS S PECI FI CALLY I NTR ODUCED BY TH E GDPR Article 25 Data protection by design and default Control exposure to personal data. Control who is accessing data and how. Minimize data being processed in terms of amount of data collected, extent of processing, storage period, and accessibility. Include safeguards for control management integrated into processing. Article 30 Records of processing activities Log and monitor operations Maintain an audit record of processing activities on personal data. Monitor access to processing systems. Article 32 Security of processing Security mechanisms to protect personal data. Employ pseudonymization and encryption. Restore availability and access in the event of an incident. Provide a process for regularly testing and assessing effectiveness of security measures. Article 33 Notification of a personal data breach to the supervisory authority Detect and notify of breach in a timely manner (72 hours). Detect breaches. Assess impact on and identification of personal data records concerned. Describe measures to address breach Article 35 Data protection impact assessment Document risks and security measures. Describe processing operations, including their necessity and proportionality. Assess risks associated with processing. Apply measures to address risks and protect personal data, and demonstrate compliance with the GDPR.
• Name • Identification number • Email address • Online user identifier • Social media posts • Physical information • Physiological information PER S ONAL DATA I N S COPE OF TH E R EGULATI ON Personal data in scope of the regulation can include, but is not limited to, the following: • Genetic information • Medical information • Location • Bank details • IP address • Cookies
DATA PROTECTION IN MICROSOFT SQL FAMILY TO HELP ADDRESS GDPR REQUIREMENTS
Microsoft SQL offers many built-in security capabilities that can help reduce risks to data and improve the protection and manageability of data at the database level and beyond. This includes: • Microsoft SQL Server - whether on-premises or hosted in a public cloud platform • Microsoft Analytics Platform System • Azure SQL Database • Azure SQL Data Warehouse M I C R O S O F T D A T A P L A T F O R M A S A H U B O F P R I V A T E D A T A A N D S E N S I T I V E I N F O R M A T I O N
• Discover - Identify what personal data is being managed and where it resides. • Manage - Govern how personal data is used and accessed. • Protect - Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches. • Report - Keep required documentation, manage data requests, and provide breach notifications. FOUR K EY S TEPS TO ACH I EVE GDPR COMPLI ANCE
BUILT-IN MICROSOFT SQL TECHNOLOGIES THAT CAN HELP ADDRESS GDPR COMPLIANCE
• Metadata Queries - such as analyzing all column names via querying sys.columns, to identify column names which potentially contain personal data such as “Name”, “Birthdate”, “ID number”, etc. • Advanced Discovery - it is possible to use Full-Text Search in Microsoft SQL to search for keywords located within freeform text. - additionally, sensitive data can be tagged using Extended Properties to add sensitivity labels to relevant columns. • Identify and understand the current data access policies • Disable all features that are not in use to reduce the attack surface area • Disable network protocols that are not in use • Turn off the SQL Server browser service • Uninstall sample databases. DI S COVER I NG AND CLAS S I FYI NG PER S ONAL DATA AND I TS ACCES S VECTOR S
MANAGING ACCESS AND CONTROLLING HOW DATA IS USED AND ACCESSED • Authentication in SQL Server • Authorization • Azure SQL Database Firewall • Authentication in Azure SQL Database using Azure Active Directory • Dynamic Data Masking • Row-Level Security
SQL Server supports two authentication modes: Windows authentication mode Mixed mode. Ensure that only authorized users with valid credentials can access the database server. AUTH ENTI CATI ON I N S QL S ER VER Why is this important for the GDPR? The GDPR talks about ensuring the security of personal data, “including for preventing unauthorized access to or use of personal data and the equipment used for the processing.” GDPR Recital 39 Recommendation Benefits Use Windows authentication • Enables centralized management of SQL Server principals via Active Directory. • Uses Kerberos security protocol to authenticate users. • Supports built-in password policy enforcement including complexity validation for strong passwords, password expiration, and account lockout. Use separate accounts to authenticate users and applications • Enables limiting the permissions granted to users and applications. • Reduces the risks of malicious activity such as SQL injection attacks. Use contained database users • Isolates the user or application account to a single database. • Improves performance, as contained database users authenticate directly to the database without an extra network hop to the master database. • Supports both SQL Server and Azure SQL Database, as well as Azure SQL Data Warehouse.
• Define a proper authorization policy • Database role memberships and object-level permissions • Implement a proper separation of duties model • Create accounts/roles for high-privileged operations • Create account/roles for applications or users to perform day-to-day tasks. • Access policies should abide by the principle of least privilege • Microsoft SQL-based technologies provides mechanisms to define granular object-level permissions, and simplify the process by implementing role-based security • Granting permissions to roles rather than users simplifies security administration AUTH OR I ZATI ON Why is this important for the GDPR? The GDPR specifically addresses the need for mechanisms which limit access to data, requiring “measures [that] shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.” GDPR Article 25(2)—“Data protection by design and by default.”
• A firewall is automatically set up to help protect the data • The firewall initially prevents all access to the database server until explicit access permissions are specified, based on the originating IP address of each request • By default, there is an exception to allow all Azure services to connect to the database, to ensure full functionality across Azure services (However, there is an option to disable this exception in the firewall settings) AZUR E S QL DATABAS E FI R EW ALL Guidelines to properly configure firewall settings: • In the “allowed IP addresses” entry field, enter the IP address range that allows connections to trusted users and services. • Avoid using broad IP ranges as this defeats much of the protection provided by firewall rules. • Follow the least privilege principle by restricting firewall settings for the IP address range to trusted IP addresses. Why is this important for the GDPR? The GDPR specifically addresses the need for mechanisms which limit access to data, requiring “measures [that] shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.” GDPR Article 25(2)—“Data protection by design and by default.”
Use Azure AD Authentication benefits: • Reduces the proliferation of user identities across database servers. • Allows password rotation in a single place. • Enables managing database permissions using external (Azure AD) groups. • Enables integrated Windows authentication and other forms of authentication supported by Azure Active Directory. • Azure AD authentication uses contained database users to authenticate identities at the database level (considered more secure). • Supports token-based authentication for applications connecting to SQL Database. • Supports Active Directory Federation Services (ADFS) or native user/password authentication for a local Azure Active Directory without domain synchronization. AUTH ENTI CATI ON I N AZUR E S QL DATABAS E US I NG AZUR E ACTI VE DI R ECTOR Y
• It’s a build-in feature • Is supported starting from SQL Server 2016 (all editions) and for Azure SQL Database. • DDM limits sensitive data exposure by masking the data to non- privileged users or applications • DDM allows the DBA - to select and mask a particular table-column that contains sensitive data - To designate which DB users are privileged and should have access to the real data. • Once configured, any query on that table/ column will contain masked results, except for queries run by privileged users. • DDM works by masking the data on the fly with minimal impact on the application layer. • The data in the database remains intact and can be accessed by users with appropriate privileges. • Applying DDM does not explicitly require any application changes, so it is easy to use with existing applications. DYNAMI C DATA MAS K I NG Why is this important for the GDPR? The GDPR calls for implementing “appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner…” GDPR Article 25(2)—“Data protection by design and by default.”
• It’s a build-in feature • Is supported starting from SQL Server 2016 (all editions) and for Azure SQL Database. • Restrict access according to specific user entitlements • The access restriction logic is in the database tier rather than away from the data in another application tier. • The restrictions are applied every time that data access is attempted from any tier. • This makes the security system more reliable and robust by reducing the system’s surface area. R OW - LEVEL S ECUR I TY Why is this important for the GDPR? Users have access only to the data that is pertinent to them, thus reducing the risk of “unauthorized disclosure of, or access to personal data.” GDPR Article 32(2)—“Security of processing.”
PROTECTING PERSONAL DATA AGAINST SECURITY THREATS • Transport Layer Security • Transparent Data Encryption • Always Encrypted • Auditing for Azure SQL Database • SQL Threat Detection • SQL Server Audit • Business continuity—SQL Server Always On • Business continuity in Azure SQL technologies
Protecting personal data against security threats is specifically declared as a core requirement of the GDPR. The GDPR requires that organizations implement “Data protection by design and by default” GDPR Article 25. GDPR Article 32(1)—“Security of processing” States that an organization must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: • The pseudonymization and encryption of personal data. • The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services. • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident. • A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. There is also a requirement of “notification of a personal data breach” within a specified window of 72 hours, where feasible, after the organization becomes aware of it. GDPR Article 33(1)—“Notification of a personal data breach to the supervisory authority.” W H Y I S TH I S I MPOR TANT FOR TH E G DPR ?
• It is a best practice to always use connections secured with Transport Layer Security (TLS). - This ensures that data is encrypted in transit to and from the database, and reduces susceptibility to “man-in-the-middle” attacks. - SQL Server and Azure SQL Database have TLS1.2 support enabled, and this is the recommended protocol to use for highly secure communication. • To enable encrypted connections in SQL Server: - Provision a certificate on the server, - Configure the server to accept encrypted connections, - Configure the client to request encrypted connections. - To enforce that all client connections must be encrypted, set the ForceEncryption flag to Yes. • For Azure SQL Database and Azure SQL Data Warehouse, all connections require encryption at all times. - To securely connect with a client, specify connection string parameters (for ADO.NET driver) Encrypt=True and TrustServerCertificate=False. TR ANS POR T LAYER S ECUR I TY Why is this important for the GDPR? GDPR talks about integrating the “necessary safeguards into the processing” (GDPR Article 25(1), “Data protection by design and by default”), and accounting for risks presented by processing, “in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed” (GDPR Article 32(2), “Security of processing”). Protecting data during transmission is explicitly called out in this context—to avoid possible leakage and minimize these risks.
• TDE provides encryption of data at rest • Is a built-in Microsoft SQL feature • TDE addresses the scenario of protecting the data at the physical storage layer. • TDE performs real-time encryption and decryption of the database, associated backups, and transaction log files without requiring changes to the application • TDE is often required by compliance regulations and various industry guidelines as a core requirement, as it ensures the full protection of data at the physical layer. - Note that with TDE, data tables are not directly encrypted. • TDE protects the physical data files and transaction log files. - If these are moved to another server, for instance, they cannot be opened and viewed on that server. • TDE is straightforward to enable—and applies to the entire database. TR ANS PAR ENT DATA ENCR YPTI ON Why is this important for the GDPR? This relates to the GDPR obligation to take into account “risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, [or] unauthorized disclosure of” that data. In this case, the protection is at the level of the physical device—and prevents the risk of compromising the storage itself, for example via copying the physical data out to another server. GDPR Article 32(2)—“Security of processing.”
• Microsoft SQL databases (Azure SQL Database and SQL Server 2016) offer an industry-first security feature called Always Encrypted, which is designed to protect highly sensitive data • Always Encrypted allows customers to encrypt sensitive data inside client applications and never reveal the encryption keys to the database engine (SQL Database or SQL Server) • Always Encrypted provides a separation between those who own the data (and can view it) and those who manage the data (but should have no access). • An advantage of Always Encrypted is that it makes encryption transparent to applications • There are two encryption types supported: deterministic encryption and randomized encryption ALW AYS ENCR YPTED Why is this important for the GDPR? The use of this powerful encryption feature which better ensures that highly sensitive data is encrypted on the server side, even in-memory, can significantly help in meeting the GDPR requirements around “Security of processing.” This particularly applies to the requirement to “implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk” including, as appropriate, “the pseudonymization and encryption of personal data”. GDPR Article 32(2) – “Security of processing.”
• Auditing for Azure SQL Database tracks database activities by writing events to an audit log. • It enables the customer to understand ongoing database activities, as well as analyze and investigate historical activity to identify potential threats or suspected abuse and security violations. • Auditing can be enabled in the Auditing pane in the Azure portal • A retention period can be enabled for audit logs according to specific requirements • The audit data can be analyzed to investigate specific issues using - The fn_get_audit_file function, - The Azure Portal Audit Records blade, - SQL Server Management Studio (SSMS), - Azure Storage Explorer. - Microsoft Operations Management Suite (OMS) Log Analytics AUDI TI NG FOR AZUR E S QL DATABAS E Why is this important for the GDPR? The GDPR, as part of the data protection requirement, stipulates a requirement that “Each controller… shall maintain a record of processing activities under its responsibility.” GDPR Article 30(1)—“Records of processing activities.”
• SQL Threat Detection is a built-in feature • Detects anomalous database activities indicating potential security threats to the database. • The essence of this service is to proactively notify the Azure database administrator (or subscription owners) of any suspicious activity that could indicate a possible malicious intent to access, breach, or exploit data in the database. • Threat Detection operates by continuously profiling and monitoring application behavior, and employing machine learning and behavioral analytics methodologies to detect anomalies and unusual behavior S QL TH R EAT DETECTI ON Why is this important for the GDPR? The GDPR has a clear requirement regarding data breaches: “In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.” GDPR Article 33(1)—“Notification of a personal data breach to the supervisory authority.”
• SQL Server also contains an auditing capability that enables tracking activities on an on-premises database, • SQL Server Audit enables the customer to understand ongoing database activities, and analyze and investigate historical activity to identify potential threats or suspected abuse and security violations. • SQL Server Audit enables the creation of server audits, which can contain - server audit specifications for server level events, - database audit specifications for database level events. • Audited events can be written to the event logs or to audit files. - Granular control is available to specify exactly what events to audit, aligning with specific needs. S QL S ER VER AUDI T Why is this important for the GDPR? The GDPR requires that “Each controller … shall maintain a record of processing activities under its responsibility.” GDPR Article 30(1)—“Records of processing activities.”
• One important element of protecting data concerns ensuring its resiliency and availability in the event of an adverse incident • Always On Availability Groups - supports a failover environment for a discrete set of user databases - supports a set of read-write primary databases and one to eight sets of corresponding secondary databases • Always On Failover Cluster Instances BUS I NES S CONTI NUI TY —S QL S ER VER ALW AYS ON Why is this important for the GDPR? The GDPR explicitly refers to this important aspect of protecting data, by requiring that the organization “implement appropriate technical and organizational measures” that take into consideration, as appropriate, “the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident”. GDPR Article 32(1)—“Security of processing.”
• The Azure SQL Database service performs automated database backups periodically, and the service guarantees Point-in-Time Restore from these backups for a certain scope of recovery. • Long-term retention for backups is also available, by storing Azure SQL Database backups in an Azure Recovery Services vault for up to ten years. • Azure SQL Database also offers an Active Geo-Replication feature, which provides a database-level recovery solution with low recovery time. • Active Geo-Replication enables the configuration of up to four readable secondary databases in the same or different regions. • Beyond offering a complete business continuity and disaster recovery solution, Active Geo-Replication also enables load-balancing using the secondary database, and offloading read-only workloads. • It also supports user-controlled failover and failback and configurable performance levels for the secondary databases. BUS I NES S CONTI NUI TY I N AZUR E S QL TECH NOLOGI ES
REPORTING ON DATA PROTECTION POLICIES AND REVIEWING REGULARLY
• The final phase of the methodology for GDPR compliance addresses the need to maintain a record of personal data processing activities under the controller’s responsibility, and to make the record available to the supervisory authority upon request. • This phase also deals with the continuous process of reviewing the controls and security of the system, to better ensure ongoing compliance with GDPR principles. • Microsoft SQL Auditing capabilities • Temporal Tables R EPOR TI NG ON DATA PR OTECTI ON POLI CI ES AND R EVI EW I NG R EGULAR LY Why is this important for the GDPR? The GDPR requires an assessment of the impact of processing operations on the protection of personal data where such processing is likely to result in high risk. This includes an assessment on “the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data.” GDPR Article 35(7)— “Data protection impact assessment.”
Operations Management Suite SQL Assessment. This is primarily used for monitoring purposes. It also performs a limited set of security checks to review the current security status of the database environment. R EGULAR LY R EVI EW TH E S ECUR I TY S TATE OF DATA AND S YS TEMS
SUMMARY
Microsoft SQL Product Team Helping discover, classify, and protect sensitive data. Tracking personal or sensitive data throughout the database system and beyond. Assessing database vulnerabilities and overall security state. Helping meet security best practices with controls and hardening recommendations Organizations Need to invest significantly to ensure the GDPR principles are effectively implemented and sustained in their environments. S UMMAR Y
Ask your Questions
THANK YOU
SELECT KNOWLEDGE FROM SQL SERVER Copyright © 2017 SQLschool.gr. All right reserved. PRESENTER MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

Recommended

Introduction to sql database on azure
Introduction to sql database on azureIntroduction to sql database on azure
Introduction to sql database on azureAntonios Chatzipavlis
 
Dynamic data masking sql server 2016
Dynamic data masking sql server 2016Dynamic data masking sql server 2016
Dynamic data masking sql server 2016Antonios Chatzipavlis
 
Row level security
Row level securityRow level security
Row level securityAntonios Chatzipavlis
 
Live Query Statistics & Query Store in SQL Server 2016
Live Query Statistics & Query Store in SQL Server 2016Live Query Statistics & Query Store in SQL Server 2016
Live Query Statistics & Query Store in SQL Server 2016Antonios Chatzipavlis
 
Stretch db sql server 2016 (sn0028)
Stretch db sql server 2016 (sn0028)Stretch db sql server 2016 (sn0028)
Stretch db sql server 2016 (sn0028)Antonios Chatzipavlis
 
Introduction to Machine Learning on Azure
Introduction to Machine Learning on AzureIntroduction to Machine Learning on Azure
Introduction to Machine Learning on AzureAntonios Chatzipavlis
 
Implementing Mobile Reports in SQL Sserver 2016 Reporting Services
Implementing Mobile Reports in SQL Sserver 2016 Reporting ServicesImplementing Mobile Reports in SQL Sserver 2016 Reporting Services
Implementing Mobile Reports in SQL Sserver 2016 Reporting ServicesAntonios Chatzipavlis
 
Stretch Database
Stretch DatabaseStretch Database
Stretch DatabaseSolidQ
 

Recommended

Introduction to sql database on azure
Introduction to sql database on azureIntroduction to sql database on azure
Introduction to sql database on azureAntonios Chatzipavlis
 
Dynamic data masking sql server 2016
Dynamic data masking sql server 2016Dynamic data masking sql server 2016
Dynamic data masking sql server 2016Antonios Chatzipavlis
 
Row level security
Row level securityRow level security
Row level securityAntonios Chatzipavlis
 
Live Query Statistics & Query Store in SQL Server 2016
Live Query Statistics & Query Store in SQL Server 2016Live Query Statistics & Query Store in SQL Server 2016
Live Query Statistics & Query Store in SQL Server 2016Antonios Chatzipavlis
 
Stretch db sql server 2016 (sn0028)
Stretch db sql server 2016 (sn0028)Stretch db sql server 2016 (sn0028)
Stretch db sql server 2016 (sn0028)Antonios Chatzipavlis
 
Introduction to Machine Learning on Azure
Introduction to Machine Learning on AzureIntroduction to Machine Learning on Azure
Introduction to Machine Learning on AzureAntonios Chatzipavlis
 
Implementing Mobile Reports in SQL Sserver 2016 Reporting Services
Implementing Mobile Reports in SQL Sserver 2016 Reporting ServicesImplementing Mobile Reports in SQL Sserver 2016 Reporting Services
Implementing Mobile Reports in SQL Sserver 2016 Reporting ServicesAntonios Chatzipavlis
 
Stretch Database
Stretch DatabaseStretch Database
Stretch DatabaseSolidQ
 
Scalable relational database with SQL Azure
Scalable relational database with SQL AzureScalable relational database with SQL Azure
Scalable relational database with SQL AzureShy Engelberg
 
A to z for sql azure databases
A to z for sql azure databasesA to z for sql azure databases
A to z for sql azure databasesAntonios Chatzipavlis
 
Using extended events for troubleshooting sql server
Using extended events for troubleshooting sql serverUsing extended events for troubleshooting sql server
Using extended events for troubleshooting sql serverAntonios Chatzipavlis
 
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018 Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018 Antonios Chatzipavlis
 
Sql server 2016 new features
Sql server 2016 new featuresSql server 2016 new features
Sql server 2016 new featuresAjeet Singh
 
Sql 2016 - What's New
Sql 2016 - What's NewSql 2016 - What's New
Sql 2016 - What's Newdpcobb
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsHostway|HOSTING
 
SQL Server 2016 Editions
SQL Server 2016 Editions SQL Server 2016 Editions
SQL Server 2016 Editions Onomi
 
Azure data platform overview
Azure data platform overviewAzure data platform overview
Azure data platform overviewAlessandro Melchiori
 
Query Store and live Query Statistics
Query Store and live Query StatisticsQuery Store and live Query Statistics
Query Store and live Query StatisticsSolidQ
 
Confoo 202 - MySQL Group Replication and ReplicaSet
Confoo 202 - MySQL Group Replication and ReplicaSetConfoo 202 - MySQL Group Replication and ReplicaSet
Confoo 202 - MySQL Group Replication and ReplicaSetDave Stokes
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition Mark Swarbrick
 
Azure SQL Database Introduction by Tim Radney
Azure SQL Database Introduction by Tim RadneyAzure SQL Database Introduction by Tim Radney
Azure SQL Database Introduction by Tim RadneyHasan Savran
 
Troubleshooting sql server
Troubleshooting sql serverTroubleshooting sql server
Troubleshooting sql serverAntonios Chatzipavlis
 
SQL server 2016 New Features
SQL server 2016 New FeaturesSQL server 2016 New Features
SQL server 2016 New Featuresaminmesbahi
 
Always encrypted overview
Always encrypted overviewAlways encrypted overview
Always encrypted overviewSolidQ
 
SQL or NoSQL, is this the question? - George Grammatikos
SQL or NoSQL, is this the question? - George GrammatikosSQL or NoSQL, is this the question? - George Grammatikos
SQL or NoSQL, is this the question? - George GrammatikosGeorge Grammatikos
 
SQL Server 2016 New Features and Enhancements
SQL Server 2016 New Features and EnhancementsSQL Server 2016 New Features and Enhancements
SQL Server 2016 New Features and EnhancementsJohn Martin
 
Case study on mysql in rdbms
Case study on mysql in rdbmsCase study on mysql in rdbms
Case study on mysql in rdbmsRajalakshmiK19
 
Sql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedSql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedDuncan Greaves PhD
 
Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Andy Talbot
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 

More Related Content

What's hot

Scalable relational database with SQL Azure
Scalable relational database with SQL AzureScalable relational database with SQL Azure
Scalable relational database with SQL AzureShy Engelberg
 
Using extended events for troubleshooting sql server
Using extended events for troubleshooting sql serverUsing extended events for troubleshooting sql server
Using extended events for troubleshooting sql serverAntonios Chatzipavlis
 
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018 Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018 Antonios Chatzipavlis
 
Sql server 2016 new features
Sql server 2016 new featuresSql server 2016 new features
Sql server 2016 new featuresAjeet Singh
 
Sql 2016 - What's New
Sql 2016 - What's NewSql 2016 - What's New
Sql 2016 - What's Newdpcobb
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsHostway|HOSTING
 
SQL Server 2016 Editions
SQL Server 2016 Editions SQL Server 2016 Editions
SQL Server 2016 Editions Onomi
 
Query Store and live Query Statistics
Query Store and live Query StatisticsQuery Store and live Query Statistics
Query Store and live Query StatisticsSolidQ
 
Confoo 202 - MySQL Group Replication and ReplicaSet
Confoo 202 - MySQL Group Replication and ReplicaSetConfoo 202 - MySQL Group Replication and ReplicaSet
Confoo 202 - MySQL Group Replication and ReplicaSetDave Stokes
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition Mark Swarbrick
 
Azure SQL Database Introduction by Tim Radney
Azure SQL Database Introduction by Tim RadneyAzure SQL Database Introduction by Tim Radney
Azure SQL Database Introduction by Tim RadneyHasan Savran
 
SQL server 2016 New Features
SQL server 2016 New FeaturesSQL server 2016 New Features
SQL server 2016 New Featuresaminmesbahi
 
Always encrypted overview
Always encrypted overviewAlways encrypted overview
Always encrypted overviewSolidQ
 
SQL or NoSQL, is this the question? - George Grammatikos
SQL or NoSQL, is this the question? - George GrammatikosSQL or NoSQL, is this the question? - George Grammatikos
SQL or NoSQL, is this the question? - George GrammatikosGeorge Grammatikos
 
SQL Server 2016 New Features and Enhancements
SQL Server 2016 New Features and EnhancementsSQL Server 2016 New Features and Enhancements
SQL Server 2016 New Features and EnhancementsJohn Martin
 
Case study on mysql in rdbms
Case study on mysql in rdbmsCase study on mysql in rdbms
Case study on mysql in rdbmsRajalakshmiK19
 
Sql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedSql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedDuncan Greaves PhD
 

What's hot (20)

Scalable relational database with SQL Azure
Scalable relational database with SQL AzureScalable relational database with SQL Azure
Scalable relational database with SQL Azure
 
A to z for sql azure databases
A to z for sql azure databasesA to z for sql azure databases
A to z for sql azure databases
 
Using extended events for troubleshooting sql server
Using extended events for troubleshooting sql serverUsing extended events for troubleshooting sql server
Using extended events for troubleshooting sql server
 
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018 Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
 
Sql server 2016 new features
Sql server 2016 new featuresSql server 2016 new features
Sql server 2016 new features
 
Sql 2016 - What's New
Sql 2016 - What's NewSql 2016 - What's New
Sql 2016 - What's New
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite Things
 
SQL Server 2016 Editions
SQL Server 2016 Editions SQL Server 2016 Editions
SQL Server 2016 Editions
 
Azure data platform overview
Azure data platform overviewAzure data platform overview
Azure data platform overview
 
Query Store and live Query Statistics
Query Store and live Query StatisticsQuery Store and live Query Statistics
Query Store and live Query Statistics
 
Confoo 202 - MySQL Group Replication and ReplicaSet
Confoo 202 - MySQL Group Replication and ReplicaSetConfoo 202 - MySQL Group Replication and ReplicaSet
Confoo 202 - MySQL Group Replication and ReplicaSet
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition
 
Azure SQL Database Introduction by Tim Radney
Azure SQL Database Introduction by Tim RadneyAzure SQL Database Introduction by Tim Radney
Azure SQL Database Introduction by Tim Radney
 
Troubleshooting sql server
Troubleshooting sql serverTroubleshooting sql server
Troubleshooting sql server
 
SQL server 2016 New Features
SQL server 2016 New FeaturesSQL server 2016 New Features
SQL server 2016 New Features
 
Always encrypted overview
Always encrypted overviewAlways encrypted overview
Always encrypted overview
 
SQL or NoSQL, is this the question? - George Grammatikos
SQL or NoSQL, is this the question? - George GrammatikosSQL or NoSQL, is this the question? - George Grammatikos
SQL or NoSQL, is this the question? - George Grammatikos
 
SQL Server 2016 New Features and Enhancements
SQL Server 2016 New Features and EnhancementsSQL Server 2016 New Features and Enhancements
SQL Server 2016 New Features and Enhancements
 
Case study on mysql in rdbms
Case study on mysql in rdbmsCase study on mysql in rdbms
Case study on mysql in rdbms
 
Sql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedSql Server 2016 Always Encrypted
Sql Server 2016 Always Encrypted
 

Similar to Microsoft SQL Family and GDPR

Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Andy Talbot
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseWinWire Technologies Inc
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsDrew Madelung
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteEdgar Alejandro Villegas
 
SPUnite17 Microsoft Cloud Deutschland
SPUnite17 Microsoft Cloud DeutschlandSPUnite17 Microsoft Cloud Deutschland
SPUnite17 Microsoft Cloud DeutschlandNCCOMMS
 
Data Services Marketplace
Data Services MarketplaceData Services Marketplace
Data Services MarketplaceDenodo
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptxmissionsk81
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008Denny Lee
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3CCG
 
MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...
MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...
MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...MongoDB
 
Trusted Cloud
Trusted CloudTrusted Cloud
Trusted CloudMicrosoft
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 

Similar to Microsoft SQL Family and GDPR (20)

Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
 
GDPR
GDPRGDPR
GDPR
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview Solutions
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
 
Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database Security
 
SPUnite17 Microsoft Cloud Deutschland
SPUnite17 Microsoft Cloud DeutschlandSPUnite17 Microsoft Cloud Deutschland
SPUnite17 Microsoft Cloud Deutschland
 
Data Services Marketplace
Data Services MarketplaceData Services Marketplace
Data Services Marketplace
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
 
MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...
MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...
MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...
 
Trusted Cloud
Trusted CloudTrusted Cloud
Trusted Cloud
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 

More from Antonios Chatzipavlis

Workload Management in SQL Server 2019
Workload Management in SQL Server 2019Workload Management in SQL Server 2019
Workload Management in SQL Server 2019Antonios Chatzipavlis
 
Loading Data into Azure SQL DW (Synapse Analytics)
Loading Data into Azure SQL DW (Synapse Analytics)Loading Data into Azure SQL DW (Synapse Analytics)
Loading Data into Azure SQL DW (Synapse Analytics)Antonios Chatzipavlis
 
Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs Antonios Chatzipavlis
 
Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Antonios Chatzipavlis
 
Modernizing your database with SQL Server 2019
Modernizing your database with SQL Server 2019Modernizing your database with SQL Server 2019
Modernizing your database with SQL Server 2019Antonios Chatzipavlis
 
Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Antonios Chatzipavlis
 

More from Antonios Chatzipavlis (20)

Data virtualization using polybase
Data virtualization using polybaseData virtualization using polybase
Data virtualization using polybase
 
SQL server Backup Restore Revealed
SQL server Backup Restore RevealedSQL server Backup Restore Revealed
SQL server Backup Restore Revealed
 
Migrate SQL Workloads to Azure
Migrate SQL Workloads to AzureMigrate SQL Workloads to Azure
Migrate SQL Workloads to Azure
 
Machine Learning in SQL Server 2019
Machine Learning in SQL Server 2019Machine Learning in SQL Server 2019
Machine Learning in SQL Server 2019
 
Workload Management in SQL Server 2019
Workload Management in SQL Server 2019Workload Management in SQL Server 2019
Workload Management in SQL Server 2019
 
Loading Data into Azure SQL DW (Synapse Analytics)
Loading Data into Azure SQL DW (Synapse Analytics)Loading Data into Azure SQL DW (Synapse Analytics)
Loading Data into Azure SQL DW (Synapse Analytics)
 
Introduction to DAX Language
Introduction to DAX LanguageIntroduction to DAX Language
Introduction to DAX Language
 
Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs
 
Exploring T-SQL Anti-Patterns
Exploring T-SQL Anti-Patterns Exploring T-SQL Anti-Patterns
Exploring T-SQL Anti-Patterns
 
Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Designing a modern data warehouse in azure
Designing a modern data warehouse in azure
 
Modernizing your database with SQL Server 2019
Modernizing your database with SQL Server 2019Modernizing your database with SQL Server 2019
Modernizing your database with SQL Server 2019
 
Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Designing a modern data warehouse in azure
Designing a modern data warehouse in azure
 
SQLServer Database Structures
SQLServer Database Structures SQLServer Database Structures
SQLServer Database Structures
 
Sqlschool 2017 recap - 2018 plans
Sqlschool 2017 recap - 2018 plansSqlschool 2017 recap - 2018 plans
Sqlschool 2017 recap - 2018 plans
 
Statistics and Indexes Internals
Statistics and Indexes InternalsStatistics and Indexes Internals
Statistics and Indexes Internals
 
Introduction to Azure Data Lake
Introduction to Azure Data LakeIntroduction to Azure Data Lake
Introduction to Azure Data Lake
 
Azure SQL Data Warehouse
Azure SQL Data Warehouse Azure SQL Data Warehouse
Azure SQL Data Warehouse
 
Introduction to azure document db
Introduction to azure document dbIntroduction to azure document db
Introduction to azure document db
 
Auditing Data Access in SQL Server
Auditing Data Access in SQL ServerAuditing Data Access in SQL Server
Auditing Data Access in SQL Server
 
Exploring sql server 2016 bi
Exploring sql server 2016 biExploring sql server 2016 bi
Exploring sql server 2016 bi
 

Recently uploaded

RadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdfRadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdfgstagge
 
Conf42-LLM_Adding Generative AI to Real-Time Streaming Pipelines
Conf42-LLM_Adding Generative AI to Real-Time Streaming PipelinesConf42-LLM_Adding Generative AI to Real-Time Streaming Pipelines
Conf42-LLM_Adding Generative AI to Real-Time Streaming PipelinesTimothy Spann
 
NO1 Certified Black Magic Specialist Expert Amil baba in Lahore Islamabad Raw...
NO1 Certified Black Magic Specialist Expert Amil baba in Lahore Islamabad Raw...NO1 Certified Black Magic Specialist Expert Amil baba in Lahore Islamabad Raw...
NO1 Certified Black Magic Specialist Expert Amil baba in Lahore Islamabad Raw...Amil Baba Dawood bangali
 
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...Boston Institute of Analytics
 
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhh
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhhThiophen Mechanism khhjjjjjjjhhhhhhhhhhh
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhhYasamin16
 
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTPredictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTBoston Institute of Analytics
 
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)jennyeacort
 
Multiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdfMultiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdfchwongval
 
Learn How Data Science Changes Our World
Learn How Data Science Changes Our WorldLearn How Data Science Changes Our World
Learn How Data Science Changes Our WorldEduminds Learning
 
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝DelhiRS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhijennyeacort
 
April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024
April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024
April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024Timothy Spann
 
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改yuu sss
 
RABBIT: A CLI tool for identifying bots based on their GitHub events.
RABBIT: A CLI tool for identifying bots based on their GitHub events.RABBIT: A CLI tool for identifying bots based on their GitHub events.
RABBIT: A CLI tool for identifying bots based on their GitHub events.natarajan8993
 
Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024Colleen Farrelly
 
Student profile product demonstration on grades, ability, well-being and mind...
Student profile product demonstration on grades, ability, well-being and mind...Student profile product demonstration on grades, ability, well-being and mind...
Student profile product demonstration on grades, ability, well-being and mind...Seán Kennedy
 
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI
LLMs, LMMs, their Improvement Suggestions and the Path towards AGILLMs, LMMs, their Improvement Suggestions and the Path towards AGI
LLMs, LMMs, their Improvement Suggestions and the Path towards AGIThomas Poetter
 
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...Boston Institute of Analytics
 
Heart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectHeart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectBoston Institute of Analytics
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degreeyuu sss
 

Recently uploaded (20)

RadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdfRadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdf
 
Conf42-LLM_Adding Generative AI to Real-Time Streaming Pipelines
Conf42-LLM_Adding Generative AI to Real-Time Streaming PipelinesConf42-LLM_Adding Generative AI to Real-Time Streaming Pipelines
Conf42-LLM_Adding Generative AI to Real-Time Streaming Pipelines
 
NO1 Certified Black Magic Specialist Expert Amil baba in Lahore Islamabad Raw...
NO1 Certified Black Magic Specialist Expert Amil baba in Lahore Islamabad Raw...NO1 Certified Black Magic Specialist Expert Amil baba in Lahore Islamabad Raw...
NO1 Certified Black Magic Specialist Expert Amil baba in Lahore Islamabad Raw...
 
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
 
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhh
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhhThiophen Mechanism khhjjjjjjjhhhhhhhhhhh
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhh
 
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTPredictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
 
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
 
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
 
Multiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdfMultiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdf
 
Learn How Data Science Changes Our World
Learn How Data Science Changes Our WorldLearn How Data Science Changes Our World
Learn How Data Science Changes Our World
 
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝DelhiRS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
 
April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024
April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024
April 2024 - NLIT Cloudera Real-Time LLM Streaming 2024
 
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
 
RABBIT: A CLI tool for identifying bots based on their GitHub events.
RABBIT: A CLI tool for identifying bots based on their GitHub events.RABBIT: A CLI tool for identifying bots based on their GitHub events.
RABBIT: A CLI tool for identifying bots based on their GitHub events.
 
Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024
 
Student profile product demonstration on grades, ability, well-being and mind...
Student profile product demonstration on grades, ability, well-being and mind...Student profile product demonstration on grades, ability, well-being and mind...
Student profile product demonstration on grades, ability, well-being and mind...
 
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI
LLMs, LMMs, their Improvement Suggestions and the Path towards AGILLMs, LMMs, their Improvement Suggestions and the Path towards AGI
LLMs, LMMs, their Improvement Suggestions and the Path towards AGI
 
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
 
Heart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectHeart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis Project
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
 

Microsoft SQL Family and GDPR

  • 1.
  • 2.
  • 3. Microsoft SQL Family and GDPR October 8, 2017 Athens, Greece
  • 4. PresenterInfo 1982 I started working with computers 1988 I started my professional career in computers industry 1996 I started working with SQL Server 6.0 1998 I earned my first certification at Microsoft as Microsoft Certified Solution Developer (3rd in Greece) 1999 I started my career as Microsoft Certified Trainer (MCT) with more than 30.000 hours of training until now! 2010 I became for first time Microsoft MVP on Data Platform I created the SQL School Greece www.sqlschool.gr 2012 I became MCT Regional Lead by Microsoft Learning Program. 2013 I was certified as MCSE : Data Platform I was certified as MCSE : Business Intelligence 2016 I was certified as MCSE: Data Management & Analytics Antonios Chatzipavlis SQL Server Expert SQL Server Evangelist Data Platform MVP MCT, MCSE, MCITP, MCPD, MCSD, MCDBA, MCSA, MCTS, MCAD, MCP, OCA, ITIL-F
  • 5. SQLschool.gr Μια πηγή ενημέρωσης για τον Microsoft SQL Server προς τους Έλληνες IT Professionals, DBAs, Developers, Information Workers αλλά και απλούς χομπίστες που απλά τους αρέσει ο SQL Server. Help line : help@sqlschool.gr • Articles about SQL Server • SQL Server News • SQL Nights • Webcasts • Downloads • Resources What we are doing here Follow us in socials fb/sqlschoolgr fb/groups/sqlschool @antoniosch @sqlschool yt/c/SqlschoolGr SQL School Greece group S E L E C T K N O W L E D G E F R O M S Q L S E R V E R
  • 6. ▪ Sign up for a free membership today at sqlpass.org. ▪ Linked In: http://www.sqlpass.org/linkedin ▪ Facebook: http://www.sqlpass.org/facebook ▪ Twitter: @SQLPASS ▪ PASS: http://www.sqlpass.org
  • 8. PRESENTATIONCONTENT • Introduction • Data protection in Microsoft SQL family to help address GDPR requirements • Built-in Microsoft SQL technologies that can help address GDPR compliance • Summary
  • 10. • In this age of digital transformation, protecting privacy and enhancing security have become top of mind. • The upcoming EU General Data Protection Regulation (GDPR) sets a new bar for privacy rights, security, and compliance. • The GDPR mandates many requirements and obligations on organizations across the globe. • Complying with this regulation will necessitate significant investments in data handling and data protection for a very large number of organizations. • Microsoft SQL customers who are subject to the GDPR, whether managing cloud- based or on-premises databases or both, will need to ensure that qualifying data in their database systems is aptly handled and protected according to GDPR principles. ABS TR ACT
  • 11. • On May 25, 2018, a European privacy law is due to take effect that sets a new global bar for privacy rights, security, and compliance. - The General Data Protection Regulation, or GDPR, is fundamentally about protecting and enabling the privacy rights of individuals. • The GDPR establishes - strict global privacy requirements - governing how personal data is managed and protected, - while respecting individual choice. TH E GDPR AND I TS I MPLI CATI ONS
  • 12. • To achieve its objectives, the GDPR introduces several specific requirements related to the rights of individuals, such as - the right to access their personal data, - correct inaccuracies, - erase data, - object to processing of their data, - and the right to obtain a copy of their data. • The GDPR also seeks to ensure - personal data is protected no matter where it is sent, - processed, - or stored. TH E GDPR AND I TS I MPLI CATI ONS
  • 13. OBLI GATI ONS S PECI FI CALLY I NTR ODUCED BY TH E GDPR Article 25 Data protection by design and default Control exposure to personal data. Control who is accessing data and how. Minimize data being processed in terms of amount of data collected, extent of processing, storage period, and accessibility. Include safeguards for control management integrated into processing. Article 30 Records of processing activities Log and monitor operations Maintain an audit record of processing activities on personal data. Monitor access to processing systems. Article 32 Security of processing Security mechanisms to protect personal data. Employ pseudonymization and encryption. Restore availability and access in the event of an incident. Provide a process for regularly testing and assessing effectiveness of security measures. Article 33 Notification of a personal data breach to the supervisory authority Detect and notify of breach in a timely manner (72 hours). Detect breaches. Assess impact on and identification of personal data records concerned. Describe measures to address breach Article 35 Data protection impact assessment Document risks and security measures. Describe processing operations, including their necessity and proportionality. Assess risks associated with processing. Apply measures to address risks and protect personal data, and demonstrate compliance with the GDPR.
  • 14. • Name • Identification number • Email address • Online user identifier • Social media posts • Physical information • Physiological information PER S ONAL DATA I N S COPE OF TH E R EGULATI ON Personal data in scope of the regulation can include, but is not limited to, the following: • Genetic information • Medical information • Location • Bank details • IP address • Cookies
  • 15. DATA PROTECTION IN MICROSOFT SQL FAMILY TO HELP ADDRESS GDPR REQUIREMENTS
  • 16. Microsoft SQL offers many built-in security capabilities that can help reduce risks to data and improve the protection and manageability of data at the database level and beyond. This includes: • Microsoft SQL Server - whether on-premises or hosted in a public cloud platform • Microsoft Analytics Platform System • Azure SQL Database • Azure SQL Data Warehouse M I C R O S O F T D A T A P L A T F O R M A S A H U B O F P R I V A T E D A T A A N D S E N S I T I V E I N F O R M A T I O N
  • 17. • Discover - Identify what personal data is being managed and where it resides. • Manage - Govern how personal data is used and accessed. • Protect - Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches. • Report - Keep required documentation, manage data requests, and provide breach notifications. FOUR K EY S TEPS TO ACH I EVE GDPR COMPLI ANCE
  • 18. BUILT-IN MICROSOFT SQL TECHNOLOGIES THAT CAN HELP ADDRESS GDPR COMPLIANCE
  • 19. • Metadata Queries - such as analyzing all column names via querying sys.columns, to identify column names which potentially contain personal data such as “Name”, “Birthdate”, “ID number”, etc. • Advanced Discovery - it is possible to use Full-Text Search in Microsoft SQL to search for keywords located within freeform text. - additionally, sensitive data can be tagged using Extended Properties to add sensitivity labels to relevant columns. • Identify and understand the current data access policies • Disable all features that are not in use to reduce the attack surface area • Disable network protocols that are not in use • Turn off the SQL Server browser service • Uninstall sample databases. DI S COVER I NG AND CLAS S I FYI NG PER S ONAL DATA AND I TS ACCES S VECTOR S
  • 20. MANAGING ACCESS AND CONTROLLING HOW DATA IS USED AND ACCESSED • Authentication in SQL Server • Authorization • Azure SQL Database Firewall • Authentication in Azure SQL Database using Azure Active Directory • Dynamic Data Masking • Row-Level Security
  • 21. SQL Server supports two authentication modes: Windows authentication mode Mixed mode. Ensure that only authorized users with valid credentials can access the database server. AUTH ENTI CATI ON I N S QL S ER VER Why is this important for the GDPR? The GDPR talks about ensuring the security of personal data, “including for preventing unauthorized access to or use of personal data and the equipment used for the processing.” GDPR Recital 39 Recommendation Benefits Use Windows authentication • Enables centralized management of SQL Server principals via Active Directory. • Uses Kerberos security protocol to authenticate users. • Supports built-in password policy enforcement including complexity validation for strong passwords, password expiration, and account lockout. Use separate accounts to authenticate users and applications • Enables limiting the permissions granted to users and applications. • Reduces the risks of malicious activity such as SQL injection attacks. Use contained database users • Isolates the user or application account to a single database. • Improves performance, as contained database users authenticate directly to the database without an extra network hop to the master database. • Supports both SQL Server and Azure SQL Database, as well as Azure SQL Data Warehouse.
  • 22. • Define a proper authorization policy • Database role memberships and object-level permissions • Implement a proper separation of duties model • Create accounts/roles for high-privileged operations • Create account/roles for applications or users to perform day-to-day tasks. • Access policies should abide by the principle of least privilege • Microsoft SQL-based technologies provides mechanisms to define granular object-level permissions, and simplify the process by implementing role-based security • Granting permissions to roles rather than users simplifies security administration AUTH OR I ZATI ON Why is this important for the GDPR? The GDPR specifically addresses the need for mechanisms which limit access to data, requiring “measures [that] shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.” GDPR Article 25(2)—“Data protection by design and by default.”
  • 23. • A firewall is automatically set up to help protect the data • The firewall initially prevents all access to the database server until explicit access permissions are specified, based on the originating IP address of each request • By default, there is an exception to allow all Azure services to connect to the database, to ensure full functionality across Azure services (However, there is an option to disable this exception in the firewall settings) AZUR E S QL DATABAS E FI R EW ALL Guidelines to properly configure firewall settings: • In the “allowed IP addresses” entry field, enter the IP address range that allows connections to trusted users and services. • Avoid using broad IP ranges as this defeats much of the protection provided by firewall rules. • Follow the least privilege principle by restricting firewall settings for the IP address range to trusted IP addresses. Why is this important for the GDPR? The GDPR specifically addresses the need for mechanisms which limit access to data, requiring “measures [that] shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.” GDPR Article 25(2)—“Data protection by design and by default.”
  • 24. Use Azure AD Authentication benefits: • Reduces the proliferation of user identities across database servers. • Allows password rotation in a single place. • Enables managing database permissions using external (Azure AD) groups. • Enables integrated Windows authentication and other forms of authentication supported by Azure Active Directory. • Azure AD authentication uses contained database users to authenticate identities at the database level (considered more secure). • Supports token-based authentication for applications connecting to SQL Database. • Supports Active Directory Federation Services (ADFS) or native user/password authentication for a local Azure Active Directory without domain synchronization. AUTH ENTI CATI ON I N AZUR E S QL DATABAS E US I NG AZUR E ACTI VE DI R ECTOR Y
  • 25. • It’s a build-in feature • Is supported starting from SQL Server 2016 (all editions) and for Azure SQL Database. • DDM limits sensitive data exposure by masking the data to non- privileged users or applications • DDM allows the DBA - to select and mask a particular table-column that contains sensitive data - To designate which DB users are privileged and should have access to the real data. • Once configured, any query on that table/ column will contain masked results, except for queries run by privileged users. • DDM works by masking the data on the fly with minimal impact on the application layer. • The data in the database remains intact and can be accessed by users with appropriate privileges. • Applying DDM does not explicitly require any application changes, so it is easy to use with existing applications. DYNAMI C DATA MAS K I NG Why is this important for the GDPR? The GDPR calls for implementing “appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner…” GDPR Article 25(2)—“Data protection by design and by default.”
  • 26. • It’s a build-in feature • Is supported starting from SQL Server 2016 (all editions) and for Azure SQL Database. • Restrict access according to specific user entitlements • The access restriction logic is in the database tier rather than away from the data in another application tier. • The restrictions are applied every time that data access is attempted from any tier. • This makes the security system more reliable and robust by reducing the system’s surface area. R OW - LEVEL S ECUR I TY Why is this important for the GDPR? Users have access only to the data that is pertinent to them, thus reducing the risk of “unauthorized disclosure of, or access to personal data.” GDPR Article 32(2)—“Security of processing.”
  • 27. PROTECTING PERSONAL DATA AGAINST SECURITY THREATS • Transport Layer Security • Transparent Data Encryption • Always Encrypted • Auditing for Azure SQL Database • SQL Threat Detection • SQL Server Audit • Business continuity—SQL Server Always On • Business continuity in Azure SQL technologies
  • 28. Protecting personal data against security threats is specifically declared as a core requirement of the GDPR. The GDPR requires that organizations implement “Data protection by design and by default” GDPR Article 25. GDPR Article 32(1)—“Security of processing” States that an organization must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: • The pseudonymization and encryption of personal data. • The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services. • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident. • A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. There is also a requirement of “notification of a personal data breach” within a specified window of 72 hours, where feasible, after the organization becomes aware of it. GDPR Article 33(1)—“Notification of a personal data breach to the supervisory authority.” W H Y I S TH I S I MPOR TANT FOR TH E G DPR ?
  • 29. • It is a best practice to always use connections secured with Transport Layer Security (TLS). - This ensures that data is encrypted in transit to and from the database, and reduces susceptibility to “man-in-the-middle” attacks. - SQL Server and Azure SQL Database have TLS1.2 support enabled, and this is the recommended protocol to use for highly secure communication. • To enable encrypted connections in SQL Server: - Provision a certificate on the server, - Configure the server to accept encrypted connections, - Configure the client to request encrypted connections. - To enforce that all client connections must be encrypted, set the ForceEncryption flag to Yes. • For Azure SQL Database and Azure SQL Data Warehouse, all connections require encryption at all times. - To securely connect with a client, specify connection string parameters (for ADO.NET driver) Encrypt=True and TrustServerCertificate=False. TR ANS POR T LAYER S ECUR I TY Why is this important for the GDPR? GDPR talks about integrating the “necessary safeguards into the processing” (GDPR Article 25(1), “Data protection by design and by default”), and accounting for risks presented by processing, “in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed” (GDPR Article 32(2), “Security of processing”). Protecting data during transmission is explicitly called out in this context—to avoid possible leakage and minimize these risks.
  • 30. • TDE provides encryption of data at rest • Is a built-in Microsoft SQL feature • TDE addresses the scenario of protecting the data at the physical storage layer. • TDE performs real-time encryption and decryption of the database, associated backups, and transaction log files without requiring changes to the application • TDE is often required by compliance regulations and various industry guidelines as a core requirement, as it ensures the full protection of data at the physical layer. - Note that with TDE, data tables are not directly encrypted. • TDE protects the physical data files and transaction log files. - If these are moved to another server, for instance, they cannot be opened and viewed on that server. • TDE is straightforward to enable—and applies to the entire database. TR ANS PAR ENT DATA ENCR YPTI ON Why is this important for the GDPR? This relates to the GDPR obligation to take into account “risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, [or] unauthorized disclosure of” that data. In this case, the protection is at the level of the physical device—and prevents the risk of compromising the storage itself, for example via copying the physical data out to another server. GDPR Article 32(2)—“Security of processing.”
  • 31. • Microsoft SQL databases (Azure SQL Database and SQL Server 2016) offer an industry-first security feature called Always Encrypted, which is designed to protect highly sensitive data • Always Encrypted allows customers to encrypt sensitive data inside client applications and never reveal the encryption keys to the database engine (SQL Database or SQL Server) • Always Encrypted provides a separation between those who own the data (and can view it) and those who manage the data (but should have no access). • An advantage of Always Encrypted is that it makes encryption transparent to applications • There are two encryption types supported: deterministic encryption and randomized encryption ALW AYS ENCR YPTED Why is this important for the GDPR? The use of this powerful encryption feature which better ensures that highly sensitive data is encrypted on the server side, even in-memory, can significantly help in meeting the GDPR requirements around “Security of processing.” This particularly applies to the requirement to “implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk” including, as appropriate, “the pseudonymization and encryption of personal data”. GDPR Article 32(2) – “Security of processing.”
  • 32. • Auditing for Azure SQL Database tracks database activities by writing events to an audit log. • It enables the customer to understand ongoing database activities, as well as analyze and investigate historical activity to identify potential threats or suspected abuse and security violations. • Auditing can be enabled in the Auditing pane in the Azure portal • A retention period can be enabled for audit logs according to specific requirements • The audit data can be analyzed to investigate specific issues using - The fn_get_audit_file function, - The Azure Portal Audit Records blade, - SQL Server Management Studio (SSMS), - Azure Storage Explorer. - Microsoft Operations Management Suite (OMS) Log Analytics AUDI TI NG FOR AZUR E S QL DATABAS E Why is this important for the GDPR? The GDPR, as part of the data protection requirement, stipulates a requirement that “Each controller… shall maintain a record of processing activities under its responsibility.” GDPR Article 30(1)—“Records of processing activities.”
  • 33. • SQL Threat Detection is a built-in feature • Detects anomalous database activities indicating potential security threats to the database. • The essence of this service is to proactively notify the Azure database administrator (or subscription owners) of any suspicious activity that could indicate a possible malicious intent to access, breach, or exploit data in the database. • Threat Detection operates by continuously profiling and monitoring application behavior, and employing machine learning and behavioral analytics methodologies to detect anomalies and unusual behavior S QL TH R EAT DETECTI ON Why is this important for the GDPR? The GDPR has a clear requirement regarding data breaches: “In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.” GDPR Article 33(1)—“Notification of a personal data breach to the supervisory authority.”
  • 34. • SQL Server also contains an auditing capability that enables tracking activities on an on-premises database, • SQL Server Audit enables the customer to understand ongoing database activities, and analyze and investigate historical activity to identify potential threats or suspected abuse and security violations. • SQL Server Audit enables the creation of server audits, which can contain - server audit specifications for server level events, - database audit specifications for database level events. • Audited events can be written to the event logs or to audit files. - Granular control is available to specify exactly what events to audit, aligning with specific needs. S QL S ER VER AUDI T Why is this important for the GDPR? The GDPR requires that “Each controller … shall maintain a record of processing activities under its responsibility.” GDPR Article 30(1)—“Records of processing activities.”
  • 35. • One important element of protecting data concerns ensuring its resiliency and availability in the event of an adverse incident • Always On Availability Groups - supports a failover environment for a discrete set of user databases - supports a set of read-write primary databases and one to eight sets of corresponding secondary databases • Always On Failover Cluster Instances BUS I NES S CONTI NUI TY —S QL S ER VER ALW AYS ON Why is this important for the GDPR? The GDPR explicitly refers to this important aspect of protecting data, by requiring that the organization “implement appropriate technical and organizational measures” that take into consideration, as appropriate, “the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident”. GDPR Article 32(1)—“Security of processing.”
  • 36. • The Azure SQL Database service performs automated database backups periodically, and the service guarantees Point-in-Time Restore from these backups for a certain scope of recovery. • Long-term retention for backups is also available, by storing Azure SQL Database backups in an Azure Recovery Services vault for up to ten years. • Azure SQL Database also offers an Active Geo-Replication feature, which provides a database-level recovery solution with low recovery time. • Active Geo-Replication enables the configuration of up to four readable secondary databases in the same or different regions. • Beyond offering a complete business continuity and disaster recovery solution, Active Geo-Replication also enables load-balancing using the secondary database, and offloading read-only workloads. • It also supports user-controlled failover and failback and configurable performance levels for the secondary databases. BUS I NES S CONTI NUI TY I N AZUR E S QL TECH NOLOGI ES
  • 37. REPORTING ON DATA PROTECTION POLICIES AND REVIEWING REGULARLY
  • 38. • The final phase of the methodology for GDPR compliance addresses the need to maintain a record of personal data processing activities under the controller’s responsibility, and to make the record available to the supervisory authority upon request. • This phase also deals with the continuous process of reviewing the controls and security of the system, to better ensure ongoing compliance with GDPR principles. • Microsoft SQL Auditing capabilities • Temporal Tables R EPOR TI NG ON DATA PR OTECTI ON POLI CI ES AND R EVI EW I NG R EGULAR LY Why is this important for the GDPR? The GDPR requires an assessment of the impact of processing operations on the protection of personal data where such processing is likely to result in high risk. This includes an assessment on “the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data.” GDPR Article 35(7)— “Data protection impact assessment.”
  • 39. Operations Management Suite SQL Assessment. This is primarily used for monitoring purposes. It also performs a limited set of security checks to review the current security status of the database environment. R EGULAR LY R EVI EW TH E S ECUR I TY S TATE OF DATA AND S YS TEMS
  • 41. Microsoft SQL Product Team Helping discover, classify, and protect sensitive data. Tracking personal or sensitive data throughout the database system and beyond. Assessing database vulnerabilities and overall security state. Helping meet security best practices with controls and hardening recommendations Organizations Need to invest significantly to ensure the GDPR principles are effectively implemented and sustained in their environments. S UMMAR Y
  • 44. SELECT KNOWLEDGE FROM SQL SERVER Copyright © 2017 SQLschool.gr. All right reserved. PRESENTER MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION