Upload File

compliance lessons from operating sql server in azure sql db

  • Home
  • Documents
  • Compliance Lessons from Operating SQL Server in Azure SQL DB
10
Compliance Lessons from Operating SQL Server in Azure SQL DB

Upload: leonard-hines

Post on 21-Jan-2016

219 views

Category:

Documents


1 download

Report

TRANSCRIPT

Page 1: Compliance Lessons from Operating SQL Server in Azure SQL DB

ComplianceLessons from Operating SQL Server in Azure SQL DB

Page 2: Compliance Lessons from Operating SQL Server in Azure SQL DB

Audience

• How many have been through a Compliance Audit before?• How many planning on going through one in the near future?

Page 3: Compliance Lessons from Operating SQL Server in Azure SQL DB

Azure Compliance – Continuous Audits

http://azure.microsoft.com/en-us/support/trust-center/services/

ISO 27001/27002

SOC 1/SSAE 16/SAE 3402 and SOC 2

FedRAMP

PCI DSS Level 1

United Kingdom G-Cloud

HIPAA

EU Model Clause

Australian Government IRAP

Singapore MTCS Standard

FBI CJIS (Azure Government)

SQL Database • • • • • • • • •

http://azure.microsoft.com/en-us/support/trust-center/services/
http://azure.microsoft.com/en-us/support/trust-center/services/
http://azure.microsoft.com/en-us/support/trust-center/services/
http://azure.microsoft.com/en-us/support/trust-center/services/
Page 4: Compliance Lessons from Operating SQL Server in Azure SQL DB

Security Plan

• Review it and update it regularly• Security Development Lifecycle• Agile and Security Plan?• Inventory• Audit of inventory, patching of VMs, OS, SQL, etc. virus scanning

Page 5: Compliance Lessons from Operating SQL Server in Azure SQL DB

Access Control

• Isolate Production Environment• Just In Time Access only by humans• Multi-Factor Authentication – Azure Active Directory can make this easy• Data kept in environment or filtered according agreements.

• Use RBAC Groups – review regularly• Repeatable, signed, scanned builds of applications• Audit ACLs, security settings of system

Page 6: Compliance Lessons from Operating SQL Server in Azure SQL DB

Security Auditing

• Continuous Auditing - offloaded from node ASAP to central repository• Data Warehouse, HADOOP Cluster ETC. used to look for anomalous patterns

of activity• Alert based – volume of events makes regular reviews impractical for us.

• Many 3rd party products that will do threat detection and centralization of Audits• APT's mean we need to look across enterprise

Page 7: Compliance Lessons from Operating SQL Server in Azure SQL DB

Availability

• AlwaysOn –• Allows rapid deployment with continuous availability due to fault zones /

upgrade zones.

• Exercise full failovers – we always discover things.• Leverage new clusters as failover test

Page 8: Compliance Lessons from Operating SQL Server in Azure SQL DB

Secrets

• Centralize and have common reporting on expiring secrets (Certs, Passwords, Cryptographic Keys)• Rotate ahead of schedule – if required 90 days before expiration,

rotate at 120 days before to allow time to deal with failures.• Prioritize• Ability to rollback changes – keep keys in escrow• EKM allows you to centralize Keys or at least Key Encryption Keys in a

HSM or Network HSM for central managements

Page 9: Compliance Lessons from Operating SQL Server in Azure SQL DB

Pen Testing

• Red Team• Blue Team

Page 10: Compliance Lessons from Operating SQL Server in Azure SQL DB

Questions?

• Your challenges?• Certifications lacking?• Previous talks?


PHP e Windows Azure, SQL Azure

Microsoft Cloud Switzerland - stevenbart.com · • Azure IaaS (compute/VMs, networking, storage, backup) and some PaaS (Azure SQL DB, Cosmos DB, Web Apps) to be launched in 2019

SQL Server on Azure - Best Practices für den DB Server in der Cloud

SQL + Azure =

AZURE SQL DBaaS ou IaaS qual escolher › ...AzureSQLIaaSvsPaaS_SQLPort.pdf · Azure SQL Database DTU Calculator Azure Máquina Virtual Azure Base de Dados SQL Input/Output Operations

28532B - resource.cdn.azure.cn · Windows Azure 2 Azure B: Windows Azure 3 Azure Web Azure Azure Wet, Azure Azure Azure ASP.NET W,ndows Azure 4 Azure SQL Azure SQL Azure SQL Azure

Azure SQL Managed Instance...Azure SQL The family of SQL database services on Azure Azure SQL Database Best for supporting modern cloud apps database Pre-provisioned or serverless

Forthcoming SQL Azure Services: SQL Azure Data Sync & SQL Azure Reporting

Migrating SQL Workload to Azure · •Azure Webjobs •Azure SQL Elastic Job (S0 tier and higher) •Azure Automation •Azure Functions •On-premise SQL or Azure VM SQL Server with

Azure Document Db

Deep dive into SQL Server Integration Services (SSIS) 2017 ... · On-premises data sources Azure SQL DB/Managed Instance VNet Cloud data sources Azure Data Factory Cloud On-premises

Microsoft SQL Azure - Scaling Out with SQL Azure Whitepaper

Масштабирование в SQL Azure - SQL Azure Federations

Seguridad en SQL Azure Windows azure

Azure SQL Database overviewdownload.microsoft.com/download/C/F/F/CFF0A653-6CD...SQL DB is phasing out SSL 3.0 and TLS 1.0 in favor of TLS 1.2. Encryption-At-Rest TDE for SQL DB TDE

Windows Azure BootCamp - SQL Azure

A digital Statoil - Computerworld · Azure SQL DB Azure MySQL Azure PostgreSQL Azure MariaDB Build new, globally-distributed, cloud-native applications New Globally Dist. Apps SQL

Securing SQL Azure DB? How?

Brk3043 azure sql db intelligent cloud database for app developers - wash dc

Sql Azure - Columbus SQL PASS

Rendezvous with Artificial Intelligence · Cognitive Services CLOUD + EDGE Azure Machine Learning Services Bot Service Cosmos DB MySQL/ Postgre SQL DB SQL DB/ DW Data Lake Spark DSVM-----DLVM

Azure SQL DWH - Meetupfiles.meetup.com/19858010/08_2016-Azure SQL DWH - data platform meetup.pdfWhat is Azure SQL Data warehouse 6 | 4/4/2016 Azure SQL DWH an enterprise-class, distributed

Smart system of renewable energy storage based on ... · 8.1 Azure components 68 8.1.1 Azure SQL Databases 68 8.1.2 Azure Table Storage 68 8.1.3 Azure Cosmos DB 68 8.1.4 Azure Blob

Testen in der Cloud - software-architects.com...–3rd party tools (e.g. Cerebrata) DB . SQL Azure Replica 1 Replica 2 Replica 3 DB Replica 4 ! SQL Azure Application Internet LB TDS

Sql Azure - Sql Saturday Chicago

MS CLOUD DB - AZURE SQL DB Fault Tolerance by Subha Vasudevan Christina Burnett

Microsoft SQL Azure - Building Applications Using SQL Azure Presentation

DBI314. Machine 5 SQL Instance SQL DB User DB1 User DB2 User DB3 User DB4 SQL Azure Gateway Service Machine 6 SQL Instance SQL DB User DB1 User DB2

Microsoft SQL Azure - Developing And Deploying With SQL Azure Whitepaper

Microsoft SQL Azure - Security Guidelines for SQL Azure Whitepaper

Introduction to Azure SQL DB

Azure SQL DB V12 at your service by Pieter Vanhove

Run your Business faster - AnalyticsCreator · 2019. 12. 5. · Data Lake Store Azure SQL DW o. Azure SQL DB Applications Azure Data Factory Business and custom apps (structured)

15-Minute Guide: Unlock Microsoft SQL Server insights with ......and users to query a variety of datastores including MongoDB®, Azure ® Cosmos DB, NoSQL, Oracle , Azure SQL Database,

Combine the power of OSS DB engines and Microsoft Azure to ...€¦ · Global Azure with 43 Regions Azure Compute SQL Data Warehouse Azure Storage SQL Database PostgreSQL MariaDBCOMING!