SlideShare a Scribd company logo

SQL Server 2016 Security Features

Download as PPT, PDF
S
Sam Nasr, MCSA, MVP

The document outlines the security features of SQL Server 2016, focusing on dynamic data masking (DDM) and always encrypted technology. It includes detailed explanations on the implementation and functionalities of these features, such as how DDM can obfuscate sensitive data and the requirements for using always encrypted. Additionally, the presentation highlights potential issues and resources for further learning.

Software
Related topics:
Information Security
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
SQL Server 2016 Security Features Sam Nasr, MCSA, MVP NIS Technologies March 22, 2018
Cleveland C#/VB.Net User Group Meets every month Free of charge , open to the public Meeting info: https://www.meetup.com Meeting Space courtesy of Pizza and drinks courtesy of
Housekeeping Forum for learning: feel free to ask questions Cell phones on vibrate please
Introduction Sam Nasr (@SamNasr) Software Developer (since 1995) Sr. Software Engineer (NIS Technologies) Certifications: MCSA, MCAD, MCT, MCTS President - Cleveland C#/VB.Net User Group President - .Net Study Group INETA Community Champ (2010, 2013) Author for Visual Studio Magazine Microsoft Most Valuable Professional (since 2013)
Agenda Dynamic Data Masking (DDM) "Always Encrypted“ Row-Level Security
DDM (Dynamic Data Masking) Hide specific portions of a column Users can be granted UNMASK rights Can be added to existing tables or during CREATE Does not work with encrypted values Implemented as schema change on the underlying table
DDM Functions Default: full masking per data type String: XXXX Numeric/Binary: 0000 Date/time: 01.01.1900 00:00:00.0000000 Email: aXXX@XXXX.com Random: mask numeric values using a random value. Partial:
Demo Demo #1
Always Encrypted A client-side encryption technology Auto encrypt when data is written/read by app Requires client app to use an Always Encrypted– enabled driver Client requires access to the encryption key. Other apps can query data but cannot use it without encryption key SQL Server instance never sees the unencrypted version of the data.
Always Encrypted – Setup 1. Create Column Master Key Definition 2.Create Column Encryption Key
Column Master Key Stored in a Windows certificate store 3rd Party Hardware Security Module (HSM) Requires Enterprise Edition Azure Key Vault Created via SSMS or T-SQL
Column Master Key - Setup Create on Trusted Machines, but not on Server RT-Click CMK Folder -> New Column Export CMK to all clients Web Server for web apps
Column Encryption Keys - Setup RT-Click CEK -> New CEK
Always Encrypted To insert/update encrypted data
Always Encrypted To view unencrypted data:
Demo Demo #2
Gotchas Random DDM may display actual value if random value matches actual value. Use SSMS v17.4 for Row Level Security Parameterization Always Encrypted: Other apps can query data but cannot use it without encryption key DDM is subject to bypassing using inference or brute- force techniques
Conclusion Let’s recap…
References Editions and supported features of SQL Server 2016 https://docs.microsoft.com/en-us/sql/sql-server/editions-and-components-of-sql-serv Configure Always Encrypted using SQL Server Management Studio https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/config Always Encrypted (client development) https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always
Contact Info snasr@nistechnologies.com @SamNasr http://www.linkedin.com/in/samsnasr Thank you for attending!

More Related Content

PDF
Microsoft Azure Security Infographic
Microsoft Azure
 
PPTX
SQL Server 2016 RC3 Always Encryption
sultankhan
 
PPTX
Understanding SQL Server 2016 Always Encrypted
Ed Leighton-Dick
 
PDF
Organizational compliance and security in Microsoft SQL 2012-2016
George Walters
 
PDF
Geek Sync | Always Encrypted for Beginners
IDERA Software
 
PPTX
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
Jürgen Ambrosi
 
PDF
Sql Server 2016 Always Encrypted
Duncan Greaves PhD
 
PPTX
Seguridad en sql server 2016 y 2017
Maximiliano Accotto
 
Microsoft Azure Security Infographic
Microsoft Azure
 
SQL Server 2016 RC3 Always Encryption
sultankhan
 
Understanding SQL Server 2016 Always Encrypted
Ed Leighton-Dick
 
Organizational compliance and security in Microsoft SQL 2012-2016
George Walters
 
Geek Sync | Always Encrypted for Beginners
IDERA Software
 
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
Jürgen Ambrosi
 
Sql Server 2016 Always Encrypted
Duncan Greaves PhD
 
Seguridad en sql server 2016 y 2017
Maximiliano Accotto
 

Similar to SQL Server 2016 Security Features (20)

PPTX
Seguridad en sql server 2016 y 2017
Maximiliano Accotto
 
PPTX
Always encrypted overview
SolidQ
 
PDF
Organizational compliance and security SQL 2012-2019 by George Walters
George Walters
 
PPTX
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
Karen Lopez
 
PPTX
Designer's Favorite New Features in SQLServer
Karen Lopez
 
PPTX
SQL Server 2016 New Security Features
Gianluca Sartori
 
PPTX
Protecting Your Data with Encryption
Ed Leighton-Dick
 
PPTX
Karen's Favourite Features of SQL Server 2016
Karen Lopez
 
PPTX
Securing your data with Azure SQL DB
Microsoft Tech Community
 
PPTX
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
WinWire Technologies Inc
 
PDF
Dynamic data masking sql server 2016
Antonios Chatzipavlis
 
PPT
Steve Jones - Encrypting Data
Red Gate Software
 
PPTX
Sql server 2016
David Smith
 
PDF
Enhancing the Security of Data at Rest with SAP ASE 16
SAP Technology
 
PPTX
What's new in SQL Server 2016
Onomi
 
PPTX
Transparent Data Encryption for SharePoint Content Databases
Michael Noel
 
PPTX
SQLCAT - Data and Admin Security
Denny Lee
 
PPT
SQL Server Encryption - Adi Cohn
sqlserver.co.il
 
PPTX
Column Level Encryption in Microsoft SQL Server
Behnam Mohammadi
 
PDF
columnarlevelencryption-161229175937 (2).pdf
Melvin739799
 
Seguridad en sql server 2016 y 2017
Maximiliano Accotto
 
Always encrypted overview
SolidQ
 
Organizational compliance and security SQL 2012-2019 by George Walters
George Walters
 
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
Karen Lopez
 
Designer's Favorite New Features in SQLServer
Karen Lopez
 
SQL Server 2016 New Security Features
Gianluca Sartori
 
Protecting Your Data with Encryption
Ed Leighton-Dick
 
Karen's Favourite Features of SQL Server 2016
Karen Lopez
 
Securing your data with Azure SQL DB
Microsoft Tech Community
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
WinWire Technologies Inc
 
Dynamic data masking sql server 2016
Antonios Chatzipavlis
 
Steve Jones - Encrypting Data
Red Gate Software
 
Sql server 2016
David Smith
 
Enhancing the Security of Data at Rest with SAP ASE 16
SAP Technology
 
What's new in SQL Server 2016
Onomi
 
Transparent Data Encryption for SharePoint Content Databases
Michael Noel
 
SQLCAT - Data and Admin Security
Denny Lee
 
SQL Server Encryption - Adi Cohn
sqlserver.co.il
 
Column Level Encryption in Microsoft SQL Server
Behnam Mohammadi
 
columnarlevelencryption-161229175937 (2).pdf
Melvin739799
 
Ad

Recently uploaded (20)

PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PDF
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
Digital Systems & Binary Numbers (comprehensive )
fyfhqfhtv2
 
PDF
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PPTX
Computer Software and OS of computer science of grade 11.pptx
GauravDahal9
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
Digital Systems & Binary Numbers (comprehensive )
fyfhqfhtv2
 
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
Computer Software and OS of computer science of grade 11.pptx
GauravDahal9
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Ad

SQL Server 2016 Security Features

  • 1. SQL Server 2016 Security Features Sam Nasr, MCSA, MVP NIS Technologies March 22, 2018
  • 2. Cleveland C#/VB.Net User Group Meets every month Free of charge , open to the public Meeting info: https://www.meetup.com Meeting Space courtesy of Pizza and drinks courtesy of
  • 3. Housekeeping Forum for learning: feel free to ask questions Cell phones on vibrate please
  • 4. Introduction Sam Nasr (@SamNasr) Software Developer (since 1995) Sr. Software Engineer (NIS Technologies) Certifications: MCSA, MCAD, MCT, MCTS President - Cleveland C#/VB.Net User Group President - .Net Study Group INETA Community Champ (2010, 2013) Author for Visual Studio Magazine Microsoft Most Valuable Professional (since 2013)
  • 5. Agenda Dynamic Data Masking (DDM) "Always Encrypted“ Row-Level Security
  • 6. DDM (Dynamic Data Masking) Hide specific portions of a column Users can be granted UNMASK rights Can be added to existing tables or during CREATE Does not work with encrypted values Implemented as schema change on the underlying table
  • 7. DDM Functions Default: full masking per data type String: XXXX Numeric/Binary: 0000 Date/time: 01.01.1900 00:00:00.0000000 Email: aXXX@XXXX.com Random: mask numeric values using a random value. Partial:
  • 9. Always Encrypted A client-side encryption technology Auto encrypt when data is written/read by app Requires client app to use an Always Encrypted– enabled driver Client requires access to the encryption key. Other apps can query data but cannot use it without encryption key SQL Server instance never sees the unencrypted version of the data.
  • 10. Always Encrypted – Setup 1. Create Column Master Key Definition 2.Create Column Encryption Key
  • 11. Column Master Key Stored in a Windows certificate store 3rd Party Hardware Security Module (HSM) Requires Enterprise Edition Azure Key Vault Created via SSMS or T-SQL
  • 12. Column Master Key - Setup Create on Trusted Machines, but not on Server RT-Click CMK Folder -> New Column Export CMK to all clients Web Server for web apps
  • 13. Column Encryption Keys - Setup RT-Click CEK -> New CEK
  • 15. Always Encrypted To view unencrypted data:
  • 17. Gotchas Random DDM may display actual value if random value matches actual value. Use SSMS v17.4 for Row Level Security Parameterization Always Encrypted: Other apps can query data but cannot use it without encryption key DDM is subject to bypassing using inference or brute- force techniques
  • 19. References Editions and supported features of SQL Server 2016 https://docs.microsoft.com/en-us/sql/sql-server/editions-and-components-of-sql-serv Configure Always Encrypted using SQL Server Management Studio https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/config Always Encrypted (client development) https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always

Editor's Notes

  • #7: DDM does not work with encrypted values (encrypted in app or Always Encrypted). DDM can be configured on the database to hide sensitive data in the result sets of queries over designated database fields, while the data in the database is not changed. Dynamic data masking is easy to use with existing applications, since masking rules are applied in the query results. Many applications can mask sensitive data without modifying existing queries
  • #10: Using Always Encrypted with the .NET Framework Data Provider for SQL Server Using Always Encrypted with the JDBC Driver Using Always Encrypted with the Windows ODBC Driver
  • #15: RT-Click in Query Window (not menu) ->Options Execution -> Advanced
  • #20: Introducing SQL Server 2016 (Free e-book) https://blogs.msdn.microsoft.com/microsoft_press/2016/02/02/free-ebook-introducing-microsoft-sql-server-2016-mission-critical-applications-deeper-insights-hyperscale-cloud-preview-2/ https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking