Compliance Lessons from Operating SQL Server in Azure SQL DB.

10
Compliance Lessons from Operating SQL Server in Azure SQL DB

Transcript of Compliance Lessons from Operating SQL Server in Azure SQL DB.

Page 1: Compliance Lessons from Operating SQL Server in Azure SQL DB.

ComplianceLessons from Operating SQL Server in Azure SQL DB

Page 2: Compliance Lessons from Operating SQL Server in Azure SQL DB.

Audience

• How many have been through a Compliance Audit before?• How many planning on going through one in the near future?

Page 3: Compliance Lessons from Operating SQL Server in Azure SQL DB.

Azure Compliance – Continuous Audits

http://azure.microsoft.com/en-us/support/trust-center/services/

ISO 27001/27002

SOC 1/SSAE 16/SAE 3402 and SOC 2

FedRAMP

PCI DSS Level 1

United Kingdom G-Cloud

HIPAA

EU Model Clause

Australian Government IRAP

Singapore MTCS Standard

FBI CJIS (Azure Government)

SQL Database • • • • • • • • •

http://azure.microsoft.com/en-us/support/trust-center/services/
http://azure.microsoft.com/en-us/support/trust-center/services/
http://azure.microsoft.com/en-us/support/trust-center/services/
http://azure.microsoft.com/en-us/support/trust-center/services/
Page 4: Compliance Lessons from Operating SQL Server in Azure SQL DB.

Security Plan

• Review it and update it regularly• Security Development Lifecycle• Agile and Security Plan?• Inventory• Audit of inventory, patching of VMs, OS, SQL, etc. virus scanning

Page 5: Compliance Lessons from Operating SQL Server in Azure SQL DB.

Access Control

• Isolate Production Environment• Just In Time Access only by humans• Multi-Factor Authentication – Azure Active Directory can make this easy• Data kept in environment or filtered according agreements.

• Use RBAC Groups – review regularly• Repeatable, signed, scanned builds of applications• Audit ACLs, security settings of system

Page 6: Compliance Lessons from Operating SQL Server in Azure SQL DB.

Security Auditing

• Continuous Auditing - offloaded from node ASAP to central repository• Data Warehouse, HADOOP Cluster ETC. used to look for anomalous patterns

of activity• Alert based – volume of events makes regular reviews impractical for us.

• Many 3rd party products that will do threat detection and centralization of Audits• APT's mean we need to look across enterprise

Page 7: Compliance Lessons from Operating SQL Server in Azure SQL DB.

Availability

• AlwaysOn –• Allows rapid deployment with continuous availability due to fault zones /

upgrade zones.

• Exercise full failovers – we always discover things.• Leverage new clusters as failover test

Page 8: Compliance Lessons from Operating SQL Server in Azure SQL DB.

Secrets

• Centralize and have common reporting on expiring secrets (Certs, Passwords, Cryptographic Keys)• Rotate ahead of schedule – if required 90 days before expiration,

rotate at 120 days before to allow time to deal with failures.• Prioritize• Ability to rollback changes – keep keys in escrow• EKM allows you to centralize Keys or at least Key Encryption Keys in a

HSM or Network HSM for central managements

Page 9: Compliance Lessons from Operating SQL Server in Azure SQL DB.

Pen Testing

• Red Team• Blue Team

Page 10: Compliance Lessons from Operating SQL Server in Azure SQL DB.

Questions?

• Your challenges?• Certifications lacking?• Previous talks?


Microsoft Power Platform · SQL Server – Azure SQL DW. Relational data sources. SQL Server – SQL DB – Managed SQL. NoSQL processing. HDInsight – Databricks – Data lake analytics.

Microsoft Power Platform · SQL Server – Azure SQL DW. Relational data sources. SQL Server – SQL DB – Managed SQL. NoSQL processing. HDInsight – Databricks – Data lake analytics.

A digital Statoil - Computerworld · Azure SQL DB Azure MySQL Azure PostgreSQL Azure MariaDB Build new, globally-distributed, cloud-native applications New Globally Dist. Apps SQL

A digital Statoil - Computerworld · Azure SQL DB Azure MySQL Azure PostgreSQL Azure MariaDB Build new, globally-distributed, cloud-native applications New Globally Dist. Apps SQL

How to Create a SQL DB in Microsoft Azurecis.csuohio.edu/~sschung/cis430/HowtoCreateaSQLDBinMicrosoftAzure.pdf · How to Create a SQL DB in Microsoft Azure 1) Go to the CSU Microsoft

How to Create a SQL DB in Microsoft Azurecis.csuohio.edu/~sschung/cis430/HowtoCreateaSQLDBinMicrosoftAzure.pdf · How to Create a SQL DB in Microsoft Azure 1) Go to the CSU Microsoft

Sql Azure - Sql Saturday Chicago

Sql Azure - Sql Saturday Chicago

SQL Server on Azure - Best Practices für den DB Server in der Cloud

SQL Server on Azure - Best Practices für den DB Server in der Cloud

Windows Azure Storage SQL Azure

Windows Azure Storage SQL Azure

Azure SQL DWH - Meetupfiles.meetup.com/19858010/08_2016-Azure SQL DWH - data platform meetup.pdfWhat is Azure SQL Data warehouse 6 | 4/4/2016 Azure SQL DWH an enterprise-class, distributed

Azure SQL DWH - Meetupfiles.meetup.com/19858010/08_2016-Azure SQL DWH - data platform meetup.pdfWhat is Azure SQL Data warehouse 6 | 4/4/2016 Azure SQL DWH an enterprise-class, distributed

Sql Azure - Sql Saturday Kansas City

Sql Azure - Sql Saturday Kansas City

Масштабирование в SQL Azure - SQL Azure Federations

Масштабирование в SQL Azure - SQL Azure Federations

Forthcoming SQL Azure Services: SQL Azure Data Sync & SQL Azure Reporting

Forthcoming SQL Azure Services: SQL Azure Data Sync & SQL Azure Reporting

SQL saturday 623 TLV - SQL AZURE

SQL saturday 623 TLV - SQL AZURE

Introduction to Azure SQL DB

Introduction to Azure SQL DB

Migrating SQL Workload to Azure · •Azure Webjobs •Azure SQL Elastic Job (S0 tier and higher) •Azure Automation •Azure Functions •On-premise SQL or Azure VM SQL Server with

Migrating SQL Workload to Azure · •Azure Webjobs •Azure SQL Elastic Job (S0 tier and higher) •Azure Automation •Azure Functions •On-premise SQL or Azure VM SQL Server with

M02 - Micrisoft Azure DB - Azure Open Group

M02 - Micrisoft Azure DB - Azure Open Group

SQL Server 2017+ and Azure SQL DB: Security Smackdown

SQL Server 2017+ and Azure SQL DB: Security Smackdown

DBI314. Machine 5 SQL Instance SQL DB User DB1 User DB2 User DB3 User DB4 SQL Azure Gateway Service Machine 6 SQL Instance SQL DB User DB1 User DB2.

DBI314. Machine 5 SQL Instance SQL DB User DB1 User DB2 User DB3 User DB4 SQL Azure Gateway Service Machine 6 SQL Instance SQL DB User DB1 User DB2.

Azure SQL Managed Instance...Azure SQL The family of SQL database services on Azure Azure SQL Database Best for supporting modern cloud apps database Pre-provisioned or serverless

Azure SQL Managed Instance...Azure SQL The family of SQL database services on Azure Azure SQL Database Best for supporting modern cloud apps database Pre-provisioned or serverless

Securing SQL Azure DB? How?

Securing SQL Azure DB? How?

LABORATORY OF DATA SCIENCE Microsoft SQL Serverdidawiki.cli.di.unipi.it/.../mds/lbi/lds.07.sqlserver.pdf · 2018-10-16 · SQL Server Suite On-premises Cloud DB/DW SQL Server Azure

LABORATORY OF DATA SCIENCE Microsoft SQL Serverdidawiki.cli.di.unipi.it/.../mds/lbi/lds.07.sqlserver.pdf · 2018-10-16 · SQL Server Suite On-premises Cloud DB/DW SQL Server Azure

15-Minute Guide: Unlock Microsoft SQL Server insights with ......and users to query a variety of datastores including MongoDB®, Azure ® Cosmos DB, NoSQL, Oracle , Azure SQL Database,

15-Minute Guide: Unlock Microsoft SQL Server insights with ......and users to query a variety of datastores including MongoDB®, Azure ® Cosmos DB, NoSQL, Oracle , Azure SQL Database,