compliance lessons from operating sql server in azure sql db
TRANSCRIPT
![Page 1: Compliance Lessons from Operating SQL Server in Azure SQL DB](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bffd1a28abf838cc1ec3/html5/thumbnails/1.jpg)
ComplianceLessons from Operating SQL Server in Azure SQL DB
![Page 2: Compliance Lessons from Operating SQL Server in Azure SQL DB](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bffd1a28abf838cc1ec3/html5/thumbnails/2.jpg)
Audience
• How many have been through a Compliance Audit before?• How many planning on going through one in the near future?
![Page 3: Compliance Lessons from Operating SQL Server in Azure SQL DB](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bffd1a28abf838cc1ec3/html5/thumbnails/3.jpg)
Azure Compliance – Continuous Audits
http://azure.microsoft.com/en-us/support/trust-center/services/
ISO 27001/27002
SOC 1/SSAE 16/SAE 3402 and SOC 2
FedRAMP
PCI DSS Level 1
United Kingdom G-Cloud
HIPAA
EU Model Clause
Australian Government IRAP
Singapore MTCS Standard
FBI CJIS (Azure Government)
SQL Database • • • • • • • • •
![Page 4: Compliance Lessons from Operating SQL Server in Azure SQL DB](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bffd1a28abf838cc1ec3/html5/thumbnails/4.jpg)
Security Plan
• Review it and update it regularly• Security Development Lifecycle• Agile and Security Plan?• Inventory• Audit of inventory, patching of VMs, OS, SQL, etc. virus scanning
![Page 5: Compliance Lessons from Operating SQL Server in Azure SQL DB](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bffd1a28abf838cc1ec3/html5/thumbnails/5.jpg)
Access Control
• Isolate Production Environment• Just In Time Access only by humans• Multi-Factor Authentication – Azure Active Directory can make this easy• Data kept in environment or filtered according agreements.
• Use RBAC Groups – review regularly• Repeatable, signed, scanned builds of applications• Audit ACLs, security settings of system
![Page 6: Compliance Lessons from Operating SQL Server in Azure SQL DB](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bffd1a28abf838cc1ec3/html5/thumbnails/6.jpg)
Security Auditing
• Continuous Auditing - offloaded from node ASAP to central repository• Data Warehouse, HADOOP Cluster ETC. used to look for anomalous patterns
of activity• Alert based – volume of events makes regular reviews impractical for us.
• Many 3rd party products that will do threat detection and centralization of Audits• APT's mean we need to look across enterprise
![Page 7: Compliance Lessons from Operating SQL Server in Azure SQL DB](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bffd1a28abf838cc1ec3/html5/thumbnails/7.jpg)
Availability
• AlwaysOn –• Allows rapid deployment with continuous availability due to fault zones /
upgrade zones.
• Exercise full failovers – we always discover things.• Leverage new clusters as failover test
![Page 8: Compliance Lessons from Operating SQL Server in Azure SQL DB](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bffd1a28abf838cc1ec3/html5/thumbnails/8.jpg)
Secrets
• Centralize and have common reporting on expiring secrets (Certs, Passwords, Cryptographic Keys)• Rotate ahead of schedule – if required 90 days before expiration,
rotate at 120 days before to allow time to deal with failures.• Prioritize• Ability to rollback changes – keep keys in escrow• EKM allows you to centralize Keys or at least Key Encryption Keys in a
HSM or Network HSM for central managements
![Page 9: Compliance Lessons from Operating SQL Server in Azure SQL DB](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bffd1a28abf838cc1ec3/html5/thumbnails/9.jpg)
Pen Testing
• Red Team• Blue Team
![Page 10: Compliance Lessons from Operating SQL Server in Azure SQL DB](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bffd1a28abf838cc1ec3/html5/thumbnails/10.jpg)
Questions?
• Your challenges?• Certifications lacking?• Previous talks?