SlideShare une entreprise Scribd logo

SQL Server 2016 RC3 Always Encryption

Télécharger en tant que PPTX, PDF
S
sultankhan

SQL Server 2016 RC3 Always Encryption

Données & analyses
1  sur  28
SQL Server 2016 RC3 Always Encrypted Session by: Md. Sultan-E-Alam Khan, PMP Techforum PASS - Monthly User Group Event Saturday, 23 April 2016 SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
Topics  History of Database Encryption  Why Encrypting the Database  What is Always Encryption  Type of Keys  Type of Encryption  How Always Encryption Works  Demo  Key Rotation  Performance Benchmarking  Limitations SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
History of Database Encryption SQL Server Version Type of Encryption 2000 & Before • No native tools • Data at Rest could be encrypted by third party tools or by encrypting the entire drive 2005 • Call level encryption 2008 • TDE (Transparent Data Encryption) • Certificate based transport encryption 2016 • Always Encryption SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
Why Encrypting the Database Separation of role between who own data and who manage data Protecting sensitive data e.g. Credit Card Number, National ID Running database and/or application in the cloud Prevent high-privileged users from having access to sensitive data Delegation of DBA role Regulatory Compliance and Audits SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
What is Always Encryption A transparent end to end solution for sensitive columns All encryption and decryption is handled transparently by the driver library on the client Allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to SQL Server Data is never in plain text while being stored or accessed while on SQL Server (including while in memory) SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
Type of Keys Column Master Keys (CMK)  To encrypt column encryption keys Encrypted values of the keys along with their location are stored on system catalog view SQL Server does not contain the keys needed to decrypt data Must be stored in a trusted key store Column Master Keys must be deployed on each client machine that needs access to the unencrypted data SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
Type of Keys (Cont.) Column Encryption Keys (CEK)  To encrypt sensitive data stored in database column  A single key can encrypt all values in a column/ table Encrypted values of the keys are stored on system catalog view  Store this key in a secured/ trusted location for backup Each CEK can have 2 encrypted values from 2 CMKs to allow master key rotation SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
Type of Encryption Deterministic Generate same encrypted value for a given text Allows grouping, filtering and joining Better chance of data decryption by unauthorized user by examining the pattern especially when applied to a smaller set of data SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
Type of Encryption (Cont.) Randomized Encrypting data in a less predictable manner More secure because different set of data is generated for same plain text Prevents equality searches, grouping, indexing and joining SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
Type of Encryption (Cont.) Deterministic vs. Randomized Column that are part of indices (either clustered or non clustered) can’t be encrypted with randomized option Column referenced by unique constraint can be encrypted with deterministic option Primary Key columns can use only deterministic option SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
How Always Encryption Works  Creation of keys  Client Development Controlling the Performance SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
Security Officer Column Encryption Key (CEK) Column Master Key (CMK) Encrypted CEK CMK 1. Generate CEKs and Master Key 2. Encrypt CEK 3. Store Master Key Securely 4. Upload Encrypted CEK to DB CMK Store: • Certificate Store • HSM • Azure Key Vault • … Database Encrypted CEK SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
How Always Encryption Works (Cont.) Client Development .Net Framework 4.6 Enable Column Encryption Setting Import CMK SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
How Always Encryption Works (Cont.) Controlling the Performance When most of the queries access encrypted column:  Enable the encryption at connection string  SqlCommandColumnEncryptionSetting.Disabled for query that do not access encrypted column  SqlCommandColumnEncryptionSetting.ResultSet that do not have any parameter requiring encryption but retrieve encrypted column SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
How Always Encryption Works (Cont.) Controlling the Performance When most of the queries do not need to access encrypted column:  Disable the encryption at connection string  SqlCommandColumnEncryptionSetting.Enabled for query that have encrypted parameters  SqlCommandColumnEncryptionSetting.ResultSet that do not have any parameter requiring encryption but retrieve encrypted column SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
SQL Server or SQL Database ADO .NET Name Sultan EmpSalary 0x7ddfddae6 Result SetResult Set Client EmpName EmpNID EmpSalary Sultan 0x7ff654ae6d 0x7ddfddae6 dbo.Employee Cipher text "SELECT EmpName,EmpSalary FROM Employee WHERE EmpNID = @NID", 0x7ff654ae6d Cipher text "SELECT EmpName,EmpSalary FROM Customers WHERE EmpNID = @NID", “NID_Sultan_1" Encrypted sensitive data and corresponding keys are never seen in plaintext in SQL Server trust boundary EmpSalary 0x7ddfddae6 Column Encryption Setting = enabled SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
Demo SQL 2016 RC3 SQ 2016 SSMS VS 2013/ 2015 SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
Key Rotation Ensure Compliance Requirement Ensure Better Security  Rotating of CMK Provision a new CMK Encrypt CEK with new CMK Configure Client Cleaning Up & Archiving SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
Performance Benchmarking http://sqlperformance.com/2015/08/sql-server-2016/always-encrypted- performance-follow-up Retrieving/ Updating of data SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
Limitations  Un supported data type:  XML  timestamp/ rowversion  image  ntext/ text  sql_variant  hierarchyid  geography/ geometry  User defined type  Non Binary2 Collation string data type  Alias  Sparse column set SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
Limitations (Cont.) Partitioning columns Columns with default constraints/ check constraints Referencing column can’t be encrypted with randomized option (for deterministic option the CEK must be the same) Columns that are keys of fulltext indices Columns referenced by computed columns when the expression does unsupported operations Columns referenced by statistics Table variable columns SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
Limitations (Cont.)  Clause that can’t be used: FOR XML FOR JSON PATH Features that are not supported: Transactional or Merge Replication Distributed Queries (linked servers) SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
SQL Server 2016 RC3 Always Encrypted SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
References  Always Encrypted (Database Engine) https://msdn.microsoft.com/en-us/library/mt163865.aspx https://channel9.msdn.com/events/datadriven/sqlserver2016/alwaysencrypted  Always Encrypted (Client Development) https://msdn.microsoft.com/en-us/library/mt147923.aspx https://blogs.msdn.microsoft.com/sqlsecurity/2015/08/27/using-always-encrypted-with-entity-framework-6  Column Master Key Rotation and Cleanup with Always Encrypted https://msdn.microsoft.com/en-us/library/mt607048.aspx  Import/Export Windows Cert http://windows.microsoft.com/en-us/windows/import-export-certificates-private-keys#1TC=windows-7 SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
SQL Server 2016 RC3 Always Encrypted SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED

Recommandé

Understanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always EncryptedUnderstanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always EncryptedEd Leighton-Dick
 
Sql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedSql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedDuncan Greaves PhD
 
Always encrypted overview
Always encrypted overviewAlways encrypted overview
Always encrypted overviewSolidQ
 
Dammit Jim! Dr McCoy’s Field Guide to system_health (and the default trace)
Dammit Jim! Dr McCoy’s Field Guide to system_health (and the default trace)Dammit Jim! Dr McCoy’s Field Guide to system_health (and the default trace)
Dammit Jim! Dr McCoy’s Field Guide to system_health (and the default trace)Ed Leighton-Dick
 
Protecting Your Data with Encryption
Protecting Your Data with EncryptionProtecting Your Data with Encryption
Protecting Your Data with EncryptionEd Leighton-Dick
 
Securing your azure web app with asp.net core data protection
Securing your azure web app with asp.net core data protectionSecuring your azure web app with asp.net core data protection
Securing your azure web app with asp.net core data protectionMike Melusky
 
Presentation
PresentationPresentation
PresentationSantosh Kumar
 
Query Store and live Query Statistics
Query Store and live Query StatisticsQuery Store and live Query Statistics
Query Store and live Query StatisticsSolidQ
 

Recommandé

Understanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always EncryptedUnderstanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always EncryptedEd Leighton-Dick
 
Sql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedSql Server 2016 Always Encrypted
Sql Server 2016 Always EncryptedDuncan Greaves PhD
 
Always encrypted overview
Always encrypted overviewAlways encrypted overview
Always encrypted overviewSolidQ
 
Dammit Jim! Dr McCoy’s Field Guide to system_health (and the default trace)
Dammit Jim! Dr McCoy’s Field Guide to system_health (and the default trace)Dammit Jim! Dr McCoy’s Field Guide to system_health (and the default trace)
Dammit Jim! Dr McCoy’s Field Guide to system_health (and the default trace)Ed Leighton-Dick
 
Protecting Your Data with Encryption
Protecting Your Data with EncryptionProtecting Your Data with Encryption
Protecting Your Data with EncryptionEd Leighton-Dick
 
Securing your azure web app with asp.net core data protection
Securing your azure web app with asp.net core data protectionSecuring your azure web app with asp.net core data protection
Securing your azure web app with asp.net core data protectionMike Melusky
 
Presentation
PresentationPresentation
PresentationSantosh Kumar
 
Query Store and live Query Statistics
Query Store and live Query StatisticsQuery Store and live Query Statistics
Query Store and live Query StatisticsSolidQ
 
Stretch Database
Stretch DatabaseStretch Database
Stretch DatabaseSolidQ
 
Introduction to SQL Server Security
Introduction to SQL Server SecurityIntroduction to SQL Server Security
Introduction to SQL Server SecurityJason Strate
 
Row level security
Row level securityRow level security
Row level securityAntonios Chatzipavlis
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
Row-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingRow-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingSolidQ
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environmentTaswar Bhatti
 
Azure key vault
Azure key vaultAzure key vault
Azure key vaultRahul Nath
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
Azure key vault - Brisbane User Group
Azure key vault - Brisbane User GroupAzure key vault - Brisbane User Group
Azure key vault - Brisbane User GroupRahul Nath
 
SQL Server 2016 New Security Features
SQL Server 2016 New Security FeaturesSQL Server 2016 New Security Features
SQL Server 2016 New Security FeaturesGianluca Sartori
 
Live Query Statistics & Query Store in SQL Server 2016
Live Query Statistics & Query Store in SQL Server 2016Live Query Statistics & Query Store in SQL Server 2016
Live Query Statistics & Query Store in SQL Server 2016Antonios Chatzipavlis
 
Dynamic data masking sql server 2016
Dynamic data masking sql server 2016Dynamic data masking sql server 2016
Dynamic data masking sql server 2016Antonios Chatzipavlis
 
Dr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. HydeDr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. Hydewebhostingguy
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsTaswar Bhatti
 
Database Modernization
Database ModernizationDatabase Modernization
Database ModernizationTrivadis
 
How SQL Server 2016 SP1 Changes the Game
How SQL Server 2016 SP1 Changes the GameHow SQL Server 2016 SP1 Changes the Game
How SQL Server 2016 SP1 Changes the GamePARIKSHIT SAVJANI
 
Sql server 2016 Discovery Day
Sql server 2016 Discovery DaySql server 2016 Discovery Day
Sql server 2016 Discovery DayThomas Sykes
 
Gamma Soft. L'entreprise Temps-Réel
Gamma Soft. L'entreprise Temps-RéelGamma Soft. L'entreprise Temps-Réel
Gamma Soft. L'entreprise Temps-RéelGamma Soft
 
SQL Server 2016 - Stretch DB
SQL Server 2016 - Stretch DB SQL Server 2016 - Stretch DB
SQL Server 2016 - Stretch DB Shy Engelberg
 
Top 5 Challenges to Upgrading to SQL Server 2016
Top 5 Challenges to Upgrading to SQL Server 2016Top 5 Challenges to Upgrading to SQL Server 2016
Top 5 Challenges to Upgrading to SQL Server 2016ScaleArc
 

Contenu connexe

Tendances

Stretch Database
Stretch DatabaseStretch Database
Stretch DatabaseSolidQ
 
Introduction to SQL Server Security
Introduction to SQL Server SecurityIntroduction to SQL Server Security
Introduction to SQL Server SecurityJason Strate
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
Row-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingRow-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingSolidQ
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environmentTaswar Bhatti
 
Azure key vault
Azure key vaultAzure key vault
Azure key vaultRahul Nath
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
Azure key vault - Brisbane User Group
Azure key vault - Brisbane User GroupAzure key vault - Brisbane User Group
Azure key vault - Brisbane User GroupRahul Nath
 
SQL Server 2016 New Security Features
SQL Server 2016 New Security FeaturesSQL Server 2016 New Security Features
SQL Server 2016 New Security FeaturesGianluca Sartori
 
Live Query Statistics & Query Store in SQL Server 2016
Live Query Statistics & Query Store in SQL Server 2016Live Query Statistics & Query Store in SQL Server 2016
Live Query Statistics & Query Store in SQL Server 2016Antonios Chatzipavlis
 
Dynamic data masking sql server 2016
Dynamic data masking sql server 2016Dynamic data masking sql server 2016
Dynamic data masking sql server 2016Antonios Chatzipavlis
 
Dr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. HydeDr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. Hydewebhostingguy
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsTaswar Bhatti
 
Database Modernization
Database ModernizationDatabase Modernization
Database ModernizationTrivadis
 

Tendances (17)

Stretch Database
Stretch DatabaseStretch Database
Stretch Database
 
Introduction to SQL Server Security
Introduction to SQL Server SecurityIntroduction to SQL Server Security
Introduction to SQL Server Security
 
Row level security
Row level securityRow level security
Row level security
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
 
Row-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingRow-level security and Dynamic Data Masking
Row-level security and Dynamic Data Masking
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
 
Azure key vault
Azure key vaultAzure key vault
Azure key vault
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
 
Azure key vault - Brisbane User Group
Azure key vault - Brisbane User GroupAzure key vault - Brisbane User Group
Azure key vault - Brisbane User Group
 
SQL Server 2016 New Security Features
SQL Server 2016 New Security FeaturesSQL Server 2016 New Security Features
SQL Server 2016 New Security Features
 
Live Query Statistics & Query Store in SQL Server 2016
Live Query Statistics & Query Store in SQL Server 2016Live Query Statistics & Query Store in SQL Server 2016
Live Query Statistics & Query Store in SQL Server 2016
 
Dynamic data masking sql server 2016
Dynamic data masking sql server 2016Dynamic data masking sql server 2016
Dynamic data masking sql server 2016
 
Dr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. HydeDr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. Hyde
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong Codeaholics
 
Database Modernization
Database ModernizationDatabase Modernization
Database Modernization
 

En vedette

How SQL Server 2016 SP1 Changes the Game
How SQL Server 2016 SP1 Changes the GameHow SQL Server 2016 SP1 Changes the Game
How SQL Server 2016 SP1 Changes the GamePARIKSHIT SAVJANI
 
Sql server 2016 Discovery Day
Sql server 2016 Discovery DaySql server 2016 Discovery Day
Sql server 2016 Discovery DayThomas Sykes
 
Gamma Soft. L'entreprise Temps-Réel
Gamma Soft. L'entreprise Temps-RéelGamma Soft. L'entreprise Temps-Réel
Gamma Soft. L'entreprise Temps-RéelGamma Soft
 
SQL Server 2016 - Stretch DB
SQL Server 2016 - Stretch DB SQL Server 2016 - Stretch DB
SQL Server 2016 - Stretch DB Shy Engelberg
 
Top 5 Challenges to Upgrading to SQL Server 2016
Top 5 Challenges to Upgrading to SQL Server 2016Top 5 Challenges to Upgrading to SQL Server 2016
Top 5 Challenges to Upgrading to SQL Server 2016ScaleArc
 
Microsoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations PresentationMicrosoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations PresentationMicrosoft Private Cloud
 
Microsoft SQL Server 2016 - Everything Built In
Microsoft SQL Server 2016 - Everything Built InMicrosoft SQL Server 2016 - Everything Built In
Microsoft SQL Server 2016 - Everything Built InDavid J Rosenthal
 
Everything you need to know about SQL Server 2016
Everything you need to know about SQL Server 2016Everything you need to know about SQL Server 2016
Everything you need to know about SQL Server 2016Softchoice Corporation
 
Microsoft SQL Server internals & architecture
Microsoft SQL Server internals & architectureMicrosoft SQL Server internals & architecture
Microsoft SQL Server internals & architectureKevin Kline
 
What's new in SQL Server 2016
What's new in SQL Server 2016What's new in SQL Server 2016
What's new in SQL Server 2016James Serra
 
Ms sql server architecture
Ms sql server architectureMs sql server architecture
Ms sql server architectureAjeet Singh
 

En vedette (13)

How SQL Server 2016 SP1 Changes the Game
How SQL Server 2016 SP1 Changes the GameHow SQL Server 2016 SP1 Changes the Game
How SQL Server 2016 SP1 Changes the Game
 
Sql server 2016 Discovery Day
Sql server 2016 Discovery DaySql server 2016 Discovery Day
Sql server 2016 Discovery Day
 
Gamma Soft. L'entreprise Temps-Réel
Gamma Soft. L'entreprise Temps-RéelGamma Soft. L'entreprise Temps-Réel
Gamma Soft. L'entreprise Temps-Réel
 
SQL Server 2016 - Stretch DB
SQL Server 2016 - Stretch DB SQL Server 2016 - Stretch DB
SQL Server 2016 - Stretch DB
 
Top 5 Challenges to Upgrading to SQL Server 2016
Top 5 Challenges to Upgrading to SQL Server 2016Top 5 Challenges to Upgrading to SQL Server 2016
Top 5 Challenges to Upgrading to SQL Server 2016
 
Microsoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations PresentationMicrosoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations Presentation
 
Microsoft SQL Server 2016 - Everything Built In
Microsoft SQL Server 2016 - Everything Built InMicrosoft SQL Server 2016 - Everything Built In
Microsoft SQL Server 2016 - Everything Built In
 
Everything you need to know about SQL Server 2016
Everything you need to know about SQL Server 2016Everything you need to know about SQL Server 2016
Everything you need to know about SQL Server 2016
 
Exploring sql server 2016
Exploring sql server 2016Exploring sql server 2016
Exploring sql server 2016
 
Microsoft SQL Server internals & architecture
Microsoft SQL Server internals & architectureMicrosoft SQL Server internals & architecture
Microsoft SQL Server internals & architecture
 
What's new in SQL Server 2016
What's new in SQL Server 2016What's new in SQL Server 2016
What's new in SQL Server 2016
 
Sql 2014 serial
Sql 2014 serialSql 2014 serial
Sql 2014 serial
 
Ms sql server architecture
Ms sql server architectureMs sql server architecture
Ms sql server architecture
 

Similaire à SQL Server 2016 RC3 Always Encryption

Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016George Walters
 
MariaDB MaxScale
MariaDB MaxScaleMariaDB MaxScale
MariaDB MaxScaleMariaDB plc
 
Geek Sync | Always Encrypted for Beginners
Geek Sync | Always Encrypted for BeginnersGeek Sync | Always Encrypted for Beginners
Geek Sync | Always Encrypted for BeginnersIDERA Software
 
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLReconDEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLReconSanjiv Kawa
 
SharePoint Security in an Insecure World - AUSPC 2012
SharePoint Security in an Insecure World - AUSPC 2012SharePoint Security in an Insecure World - AUSPC 2012
SharePoint Security in an Insecure World - AUSPC 2012Michael Noel
 
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsTROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsScott Sutherland
 
SQL Server 2016 Security Features
SQL Server 2016 Security FeaturesSQL Server 2016 Security Features
SQL Server 2016 Security FeaturesSam Nasr, MCSA, MVP
 
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...ScyllaDB
 
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...Jürgen Ambrosi
 
3429 How to transform your messaging environment to a secure messaging envi...
3429 How to transform your messaging environment to a secure messaging envi...3429 How to transform your messaging environment to a secure messaging envi...
3429 How to transform your messaging environment to a secure messaging envi...Robert Parker
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleMariaDB plc
 
IBM MQ Security Deep Dive
IBM MQ Security Deep DiveIBM MQ Security Deep Dive
IBM MQ Security Deep DiveIBM Systems UKI
 
SDC - Programming the CLR in SQL Server 2005.ppt (1.51 MB)
SDC - Programming the CLR in SQL Server 2005.ppt (1.51 MB)SDC - Programming the CLR in SQL Server 2005.ppt (1.51 MB)
SDC - Programming the CLR in SQL Server 2005.ppt (1.51 MB)webhostingguy
 
AUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint SecurityAUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint SecurityMichael Noel
 
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...Michael Noel
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsHostway|HOSTING
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleMariaDB plc
 
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint SecuritySPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint SecurityMichael Noel
 

Similaire à SQL Server 2016 RC3 Always Encryption (20)

Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016Organizational compliance and security in Microsoft SQL 2012-2016
Organizational compliance and security in Microsoft SQL 2012-2016
 
MariaDB MaxScale
MariaDB MaxScaleMariaDB MaxScale
MariaDB MaxScale
 
Geek Sync | Always Encrypted for Beginners
Geek Sync | Always Encrypted for BeginnersGeek Sync | Always Encrypted for Beginners
Geek Sync | Always Encrypted for Beginners
 
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLReconDEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
 
SharePoint Security in an Insecure World - AUSPC 2012
SharePoint Security in an Insecure World - AUSPC 2012SharePoint Security in an Insecure World - AUSPC 2012
SharePoint Security in an Insecure World - AUSPC 2012
 
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsTROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
 
SQL Server 2016 Security Features
SQL Server 2016 Security FeaturesSQL Server 2016 Security Features
SQL Server 2016 Security Features
 
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...
 
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
 
3429 How to transform your messaging environment to a secure messaging envi...
3429 How to transform your messaging environment to a secure messaging envi...3429 How to transform your messaging environment to a secure messaging envi...
3429 How to transform your messaging environment to a secure messaging envi...
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScale
 
Ajal jose
Ajal joseAjal jose
Ajal jose
 
IBM MQ Security Deep Dive
IBM MQ Security Deep DiveIBM MQ Security Deep Dive
IBM MQ Security Deep Dive
 
SDC - Programming the CLR in SQL Server 2005.ppt (1.51 MB)
SDC - Programming the CLR in SQL Server 2005.ppt (1.51 MB)SDC - Programming the CLR in SQL Server 2005.ppt (1.51 MB)
SDC - Programming the CLR in SQL Server 2005.ppt (1.51 MB)
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
AUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint SecurityAUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint Security
 
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite Things
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScale
 
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint SecuritySPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
 

Dernier

Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxolyaivanovalion
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightDelhi Call girls
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfRachmat Ramadhan H
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxolyaivanovalion
 
Capstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramCapstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramMoniSankarHazra
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecurePooja Nehwal
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfadriantubila
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxolyaivanovalion
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxolyaivanovalion
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxolyaivanovalion
 
Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...shambhavirathore45
 
VidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptxVidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptxolyaivanovalion
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfMarinCaroMartnezBerg
 
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Delhi Call girls
 
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...shivangimorya083
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusTimothy Spann
 

Dernier (20)

Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFx
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptx
 
Capstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramCapstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics Program
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptx
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptx
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptx
 
Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...
 
VidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptxVidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptx
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFx
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
 
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
 
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
 
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 

SQL Server 2016 RC3 Always Encryption

  • 1. SQL Server 2016 RC3 Always Encrypted Session by: Md. Sultan-E-Alam Khan, PMP Techforum PASS - Monthly User Group Event Saturday, 23 April 2016 SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 2. Topics  History of Database Encryption  Why Encrypting the Database  What is Always Encryption  Type of Keys  Type of Encryption  How Always Encryption Works  Demo  Key Rotation  Performance Benchmarking  Limitations SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 3. History of Database Encryption SQL Server Version Type of Encryption 2000 & Before • No native tools • Data at Rest could be encrypted by third party tools or by encrypting the entire drive 2005 • Call level encryption 2008 • TDE (Transparent Data Encryption) • Certificate based transport encryption 2016 • Always Encryption SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 4. Why Encrypting the Database Separation of role between who own data and who manage data Protecting sensitive data e.g. Credit Card Number, National ID Running database and/or application in the cloud Prevent high-privileged users from having access to sensitive data Delegation of DBA role Regulatory Compliance and Audits SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 5. What is Always Encryption A transparent end to end solution for sensitive columns All encryption and decryption is handled transparently by the driver library on the client Allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to SQL Server Data is never in plain text while being stored or accessed while on SQL Server (including while in memory) SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 6. Type of Keys Column Master Keys (CMK)  To encrypt column encryption keys Encrypted values of the keys along with their location are stored on system catalog view SQL Server does not contain the keys needed to decrypt data Must be stored in a trusted key store Column Master Keys must be deployed on each client machine that needs access to the unencrypted data SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 7. Type of Keys (Cont.) Column Encryption Keys (CEK)  To encrypt sensitive data stored in database column  A single key can encrypt all values in a column/ table Encrypted values of the keys are stored on system catalog view  Store this key in a secured/ trusted location for backup Each CEK can have 2 encrypted values from 2 CMKs to allow master key rotation SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 8. Type of Encryption Deterministic Generate same encrypted value for a given text Allows grouping, filtering and joining Better chance of data decryption by unauthorized user by examining the pattern especially when applied to a smaller set of data SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 9. Type of Encryption (Cont.) Randomized Encrypting data in a less predictable manner More secure because different set of data is generated for same plain text Prevents equality searches, grouping, indexing and joining SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 10. Type of Encryption (Cont.) Deterministic vs. Randomized Column that are part of indices (either clustered or non clustered) can’t be encrypted with randomized option Column referenced by unique constraint can be encrypted with deterministic option Primary Key columns can use only deterministic option SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 11. How Always Encryption Works  Creation of keys  Client Development Controlling the Performance SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 12. Security Officer Column Encryption Key (CEK) Column Master Key (CMK) Encrypted CEK CMK 1. Generate CEKs and Master Key 2. Encrypt CEK 3. Store Master Key Securely 4. Upload Encrypted CEK to DB CMK Store: • Certificate Store • HSM • Azure Key Vault • … Database Encrypted CEK SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 13. How Always Encryption Works (Cont.) Client Development .Net Framework 4.6 Enable Column Encryption Setting Import CMK SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 14. How Always Encryption Works (Cont.) Controlling the Performance When most of the queries access encrypted column:  Enable the encryption at connection string  SqlCommandColumnEncryptionSetting.Disabled for query that do not access encrypted column  SqlCommandColumnEncryptionSetting.ResultSet that do not have any parameter requiring encryption but retrieve encrypted column SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 15. How Always Encryption Works (Cont.) Controlling the Performance When most of the queries do not need to access encrypted column:  Disable the encryption at connection string  SqlCommandColumnEncryptionSetting.Enabled for query that have encrypted parameters  SqlCommandColumnEncryptionSetting.ResultSet that do not have any parameter requiring encryption but retrieve encrypted column SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 16. SQL Server or SQL Database ADO .NET Name Sultan EmpSalary 0x7ddfddae6 Result SetResult Set Client EmpName EmpNID EmpSalary Sultan 0x7ff654ae6d 0x7ddfddae6 dbo.Employee Cipher text "SELECT EmpName,EmpSalary FROM Employee WHERE EmpNID = @NID", 0x7ff654ae6d Cipher text "SELECT EmpName,EmpSalary FROM Customers WHERE EmpNID = @NID", “NID_Sultan_1" Encrypted sensitive data and corresponding keys are never seen in plaintext in SQL Server trust boundary EmpSalary 0x7ddfddae6 Column Encryption Setting = enabled SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 17. Demo SQL 2016 RC3 SQ 2016 SSMS VS 2013/ 2015 SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 18. Key Rotation Ensure Compliance Requirement Ensure Better Security  Rotating of CMK Provision a new CMK Encrypt CEK with new CMK Configure Client Cleaning Up & Archiving SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 20. SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 21. SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 22. SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 23. Limitations  Un supported data type:  XML  timestamp/ rowversion  image  ntext/ text  sql_variant  hierarchyid  geography/ geometry  User defined type  Non Binary2 Collation string data type  Alias  Sparse column set SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 24. Limitations (Cont.) Partitioning columns Columns with default constraints/ check constraints Referencing column can’t be encrypted with randomized option (for deterministic option the CEK must be the same) Columns that are keys of fulltext indices Columns referenced by computed columns when the expression does unsupported operations Columns referenced by statistics Table variable columns SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 25. Limitations (Cont.)  Clause that can’t be used: FOR XML FOR JSON PATH Features that are not supported: Transactional or Merge Replication Distributed Queries (linked servers) SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 26. SQL Server 2016 RC3 Always Encrypted SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 27. References  Always Encrypted (Database Engine) https://msdn.microsoft.com/en-us/library/mt163865.aspx https://channel9.msdn.com/events/datadriven/sqlserver2016/alwaysencrypted  Always Encrypted (Client Development) https://msdn.microsoft.com/en-us/library/mt147923.aspx https://blogs.msdn.microsoft.com/sqlsecurity/2015/08/27/using-always-encrypted-with-entity-framework-6  Column Master Key Rotation and Cleanup with Always Encrypted https://msdn.microsoft.com/en-us/library/mt607048.aspx  Import/Export Windows Cert http://windows.microsoft.com/en-us/windows/import-export-certificates-private-keys#1TC=windows-7 SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED
  • 28. SQL Server 2016 RC3 Always Encrypted SQL SERVER 2016 RC3 – ALWAYS ENCRYPTED

Notes de l'éditeur

  1. Typical Scenarios: Client and Data On-Premises Client On-Premises with Data in Azure Client and Data in Azure
  2. Demo
  3. Demo
  4. Demo