Closing Keynote:

Addressing Data Privacy and

GDPR on Microsoft Data Platform

TechnologiesRonit Reger, Senior Program Manager at Microsoft

Session goals

1. Data Privacy and the GDPR- Data privacy as a growing concern

- Addressing the problem: standards, regulations, and lots of investments

- The role of the cloud in tackling data security

2. How Microsoft SQL technologies can help- Microsoft investments and innovation in the data security space

- Focus on advanced data security technologies that can help!

- Sneak peak at some imminent developments…

Data Privacy in today’s world

7,125,940 data records breached each day, and

no industry is immune

91% of adults agree that consumers have lost

control of how personal information is collected and

used by companies.

67% of CISOs believe their companies are

likely to be targeted by a cyberattack or face a

data breach in 2018

Sources: http://breachlevelindex.com/, http://www.pewresearch.org/fact-tank/2016/09/21/the-state-of-privacy-in-america/, http://www.pewinternet.org/2017/01/26/americans-and-cybersecurity/, http://src.bna.com/vAu,

https://securityintelligence.com/series/ponemon-institute-cost-of-a-data-breach-2018/

LESS THAN 4% of breaches were “Secure

Breaches” where encryption rendered the stolen

data useless

The faster a data breach can be identified and contained, the

lower the costs. MTTI = 197 days and MTTC = 69 days

Data Privacy in today’s world

Elizabeth Denham, UK Information Commissioner,

Data protection landscape

Standards of data protection: Data privacy standards and policies +

information security - new standards to protect data

Regulations: Legislations and regulations across the globe

GDPR – May 25, 2018 – “Game changer”

Industry activity: Data protection and compliance-supporting products and solutions; consultation services and specialists

Microsoft’s commitment to GDPR

Microsoft believes GDPR is an important step forward for clarifying and enabling individual

privacy rights

Together with our partners, Microsoft is prepared to help customers meet policy,

people, process, and technology goals on the journey to GDPR

Microsoft commitment Innovations

Investments

In SQL:

Protection and Intelligence:

Harnessing the cloud

Cloud infrastructure is fundamentally designed to

be resilient and secure

HIPAA /

HITECH ActFERPA

GxP

21 CFR Part 11

ISO 27001 SOC 1 Type 2ISO 27018CSA STAR

Self-Assessment

Singapore

MTCS

UK

G-Cloud

Australia

IRAP/CCSL

FISC Japan

New Zealand

GCIO

China

GB 18030

EU

Model Clauses

ENISA

IAF

Argentina

PDPA

Japan CS

Mark Gold

CDSAShared

Assessments

Japan My

Number Act

FACT UK GLBA

Spain

ENS

PCI DSS

Level 1MARS-E FFIEC

China

TRUCS

SOC 2 Type 2 SOC 3

Canada

Privacy Laws

MPAA

Privacy

Shield

ISO 22301

India

MeitY

Germany IT

Grundschutz

workbook

Spain

DPA

CSA STAR

Certification

CSA STAR

Attestation

HITRUST IG Toolkit UK

China

DJCP

ITARSection 508

VPATSP 800-171 FIPS 140-2

High

JAB P-ATOCJIS

DoD DISA

SRG Level 2

DoD DISA

SRG Level 4IRS 1075

DoD DISA

SRG Level 5

Moderate

JAB P-ATO

ISO 27017

More certifications than any other cloud provider

GLO

BA

LU

S G

OV

IND

UST

RY

REG

ION

AL

Harnessing the cloud

Rich set of resources and built-in services to help

manage compliance requirements

SQL data security investments

Security research, threat landscape

Principles of data privacy

State-of-the-art features

New advanced data security package

Advanced Threat Protection

✓ Unified advanced security package

✓ Data Discovery & Classification

✓ Vulnerability Assessment

✓ Threat Detection

Intelligent security

*Costs $15/server/month , first 60 days for free.

SQL Data Security Lifecycle

Azure Data

Security posture

ProtectDiscover

DetectThreat Protection (SQL ATP)

• Detect suspicious activity (TD)

• Analyze database activities (Audit )

• Remediation actions

Data Encryption

• Encrypt data at rest (TDE)

• Encrypt data at transit (TLS)

• Encrypt data in use (AE)

Access Control

• Configure firewall rules/VNET

• Authenticate access (AAD , MFA)

• Mask sensitive data

Vulnerability Assessment (SQL ATP)

• Discover security misconfigurations

• Manage security baseline.

• Security recommendations

Data Classification (SQL ATP)

• Discover sensitive data

• Classify sensitive data

• Manage labels and policies

SQL Data ClassificationDiscover, classify, protect and track access to sensitive data

✓ Automatic discovery of columns with sensitive data

✓ Add persistent sensitive data labels

✓ Audit and detect access to the sensitive data

✓ Manage labels for your entire Azure tenant using Azure Security Center

SQL Vulnerability AssessmentDiscover, track, and remediate security misconfigurations

✓ Identify securitymisconfigurations

✓ Actionable remediation steps

✓ Security baseline tuned to your environment

✓ Manual/periodic scans

✓ Coherent reports for auditors

DemoData classification and

Vulnerability Assessment

SQL Threat DetectionDetect unusual and harmful attempts to breach your database.

Azure SQL DatabaseApps

Audit

Log

Threat Detection (1) Turn on Threat Detection

(3) Real-time actionable alerts

(2) Possible threat to

access / breach data

✓ Just turn it ON

✓ Detects potential vulnerabilities

and SQL injection attacks

✓ Detects unusual behavior

activities

✓ Actionable alerts to investigate

& remediate

✓ View alerts for your entire Azure

tenant using Azure Security

Center

Potential SQL injection attacks • SQLi attempt - An application generated a faulty SQL statement,

which may indicate a potential vulnerability of the application to

SQL injection.

• SQLi attack - Potential exploitation of application code

vulnerability to SQL Injection, which may indicate a SQL Injection

attack.

Anomalous access patterns • Someone has logged from an unusual location - change in the

access pattern from an unusual geographical location

• An unfamiliar principal successfully logged- - change in the

access pattern using an unusual SQL user.

• Someone is attempting to brute force SQL credentials abnormally

high number of failed logins with different credentials.

• Someone has logged from a potentially harmful application

Anomalous query patterns

• Data exfiltration by volume - someone has extracted

anomalous amounts of data in an hour or using a

single query

• Data exfiltration by location - someone has backup

database to an unusual storage location,

• Unsecure commands - Someone has executed

unsecure commands (e.g. xp_cmdshell…)

SQL Threat Detection Suite

DemoThreat Detection

SQL Auditing in Log Analytics and Event HubsGain insight into database audit log

(1) Turn on SQL Auditing

(2) Analyze audit log

Azure SQL Database

Audit

Log

✓ Configurable via audit policy

✓ SQL audit logs can reside in • Azure Storage account

• Azure Log Analytics

• Azure Event Hubs

✓Rich set of tools for • Investigating security alerts

• Tracking access to sensitive data

Summary

1. Security is a key investment

2. New capabilities help with GDPR

3. SQL Advanced Threat Protection

4. Continuous innovation @ cloud speed!

Please complete the feedback from online:

surveymonkey.com/r/redgatesummit

Join us for the drinks and canapes reception in the

restaurant/Sugar Lounge.

Anyquestions?