Upload File

compliance lessons from operating sql server in azure sql db

  • Home
  • Documents
  • Compliance Lessons from Operating SQL Server in Azure SQL DB
10
Compliance Lessons from Operating SQL Server in Azure SQL DB

Upload: leonard-hines

Post on 21-Jan-2016

219 views

Category:

Documents


1 download

Report

TRANSCRIPT

Page 1: Compliance Lessons from Operating SQL Server in Azure SQL DB

ComplianceLessons from Operating SQL Server in Azure SQL DB

Page 2: Compliance Lessons from Operating SQL Server in Azure SQL DB

Audience

• How many have been through a Compliance Audit before?• How many planning on going through one in the near future?

Page 3: Compliance Lessons from Operating SQL Server in Azure SQL DB

Azure Compliance – Continuous Audits

http://azure.microsoft.com/en-us/support/trust-center/services/

ISO 27001/27002

SOC 1/SSAE 16/SAE 3402 and SOC 2

FedRAMP

PCI DSS Level 1

United Kingdom G-Cloud

HIPAA

EU Model Clause

Australian Government IRAP

Singapore MTCS Standard

FBI CJIS (Azure Government)

SQL Database • • • • • • • • •

http://azure.microsoft.com/en-us/support/trust-center/services/
http://azure.microsoft.com/en-us/support/trust-center/services/
http://azure.microsoft.com/en-us/support/trust-center/services/
http://azure.microsoft.com/en-us/support/trust-center/services/
Page 4: Compliance Lessons from Operating SQL Server in Azure SQL DB

Security Plan

• Review it and update it regularly• Security Development Lifecycle• Agile and Security Plan?• Inventory• Audit of inventory, patching of VMs, OS, SQL, etc. virus scanning

Page 5: Compliance Lessons from Operating SQL Server in Azure SQL DB

Access Control

• Isolate Production Environment• Just In Time Access only by humans• Multi-Factor Authentication – Azure Active Directory can make this easy• Data kept in environment or filtered according agreements.

• Use RBAC Groups – review regularly• Repeatable, signed, scanned builds of applications• Audit ACLs, security settings of system

Page 6: Compliance Lessons from Operating SQL Server in Azure SQL DB

Security Auditing

• Continuous Auditing - offloaded from node ASAP to central repository• Data Warehouse, HADOOP Cluster ETC. used to look for anomalous patterns

of activity• Alert based – volume of events makes regular reviews impractical for us.

• Many 3rd party products that will do threat detection and centralization of Audits• APT's mean we need to look across enterprise

Page 7: Compliance Lessons from Operating SQL Server in Azure SQL DB

Availability

• AlwaysOn –• Allows rapid deployment with continuous availability due to fault zones /

upgrade zones.

• Exercise full failovers – we always discover things.• Leverage new clusters as failover test

Page 8: Compliance Lessons from Operating SQL Server in Azure SQL DB

Secrets

• Centralize and have common reporting on expiring secrets (Certs, Passwords, Cryptographic Keys)• Rotate ahead of schedule – if required 90 days before expiration,

rotate at 120 days before to allow time to deal with failures.• Prioritize• Ability to rollback changes – keep keys in escrow• EKM allows you to centralize Keys or at least Key Encryption Keys in a

HSM or Network HSM for central managements

Page 9: Compliance Lessons from Operating SQL Server in Azure SQL DB

Pen Testing

• Red Team• Blue Team

Page 10: Compliance Lessons from Operating SQL Server in Azure SQL DB

Questions?

• Your challenges?• Certifications lacking?• Previous talks?


Brk3043 azure sql db intelligent cloud database for app developers - wash dc

Windows Azure BootCamp - SQL Azure

Azure SQL DB V12 at your service by Pieter Vanhove

PHP e Windows Azure, SQL Azure

Microsoft SQL Azure - Building Applications Using SQL Azure Presentation

Combine the power of OSS DB engines and Microsoft Azure to ...€¦ · Global Azure with 43 Regions Azure Compute SQL Data Warehouse Azure Storage SQL Database PostgreSQL MariaDBCOMING!

Microsoft Power Platform · SQL Server – Azure SQL DW. Relational data sources. SQL Server – SQL DB – Managed SQL. NoSQL processing. HDInsight – Databricks – Data lake analytics

잠깐 회사소개먼저드리겠습니다 · Azure DC. Security. Load Balance. VM Backup. Azure DNS. DRM-TIER . DRM server. SQL DB. server. 단일서버로구성된불안한운영환경을,

DBI314. Machine 5 SQL Instance SQL DB User DB1 User DB2 User DB3 User DB4 SQL Azure Gateway Service Machine 6 SQL Instance SQL DB User DB1 User DB2

Run your Business faster - AnalyticsCreator · 2019. 12. 5. · Data Lake Store Azure SQL DW o. Azure SQL DB Applications Azure Data Factory Business and custom apps (structured)

AZURE SQL DBaaS ou IaaS qual escolher › ...AzureSQLIaaSvsPaaS_SQLPort.pdf · Azure SQL Database DTU Calculator Azure Máquina Virtual Azure Base de Dados SQL Input/Output Operations

Azure SQL Database overviewdownload.microsoft.com/download/C/F/F/CFF0A653-6CD...SQL DB is phasing out SSL 3.0 and TLS 1.0 in favor of TLS 1.2. Encryption-At-Rest TDE for SQL DB TDE

Introduction to Azure SQL DB

Migrating SQL Workload to Azure · •Azure Webjobs •Azure SQL Elastic Job (S0 tier and higher) •Azure Automation •Azure Functions •On-premise SQL or Azure VM SQL Server with

Масштабирование в SQL Azure - SQL Azure Federations

Seguridad en SQL Azure Windows azure

MS CLOUD DB - AZURE SQL DB Fault Tolerance by Subha Vasudevan Christina Burnett

Microsoft SQL Azure - Developing And Deploying With SQL Azure Whitepaper

SQL Server on Azure - Best Practices für den DB Server in der Cloud

Testen in der Cloud - software-architects.com...–3rd party tools (e.g. Cerebrata) DB . SQL Azure Replica 1 Replica 2 Replica 3 DB Replica 4 ! SQL Azure Application Internet LB TDS

SQL Azure DB - BCDR

Securing SQL Azure DB? How?

Microsoft Cloud Switzerland - stevenbart.com · • Azure IaaS (compute/VMs, networking, storage, backup) and some PaaS (Azure SQL DB, Cosmos DB, Web Apps) to be launched in 2019

15-Minute Guide: Unlock Microsoft SQL Server insights with ......and users to query a variety of datastores including MongoDB®, Azure ® Cosmos DB, NoSQL, Oracle , Azure SQL Database,

28532B - resource.cdn.azure.cn · Windows Azure 2 Azure B: Windows Azure 3 Azure Web Azure Azure Wet, Azure Azure Azure ASP.NET W,ndows Azure 4 Azure SQL Azure SQL Azure SQL Azure

Inside Sql Azure - Cihan Biyikoglu - SQL Azure

SQL + Azure =

Sql Azure - Sql Saturday Chicago

Microsoft SQL Azure - Security Guidelines for SQL Azure Whitepaper

Windows Azure Storage SQL Azure

Microsoft SQL Azure - Scaling Out with SQL Azure Whitepaper

Rendezvous with Artificial Intelligence · Cognitive Services CLOUD + EDGE Azure Machine Learning Services Bot Service Cosmos DB MySQL/ Postgre SQL DB SQL DB/ DW Data Lake Spark DSVM-----DLVM

Azure SQL DWH - Meetupfiles.meetup.com/19858010/08_2016-Azure SQL DWH - data platform meetup.pdfWhat is Azure SQL Data warehouse 6 | 4/4/2016 Azure SQL DWH an enterprise-class, distributed

Deep dive into SQL Server Integration Services (SSIS) 2017 ... · On-premises data sources Azure SQL DB/Managed Instance VNet Cloud data sources Azure Data Factory Cloud On-premises

無料 Azure Active Directory テナント作成手順書 Azure IJY—Ä App Service Function App SQL Azure Cosmos DB Virtual Machines Azure Active Directory Advisor O SQL Windows