New Azure SQL Database Security Capabilities Now Available

imageIn cloud security we recognize more than ever that it’s about the data. Sure, for some of you it might sound like Captain Obvious issuing another order. But when you think about it, for the last 30 years we’ve been spending most of our time protecting the infrastructure. Network security, storage security, server security, virtualization security, and all the other infrastructure-centric security measures.

Sure, the infrastructure still needs to be secured as part of a robust defense in depth approach, but with cloud computing absorbing a lot of that infrastructure responsibility, we’re once again reminded that it’s all about the data.

That data can be stored in a lot of places, but databases probably rank as number one in terms of containing what attackers would like to get to most. That’s why we’re so happy to share with you some great new security features and capabilities that are now available in Microsoft Azure SQL Database. Check these out!

SQL Database support for Microsoft Azure Active Directory (Azure AD) authentication now in public preview. Azure AD authentication let’s you connect to SQL Databases by using identities contained in Azure AD for managed and federated domains. With Azure AD authentication, you can manage the identities of database users and other Microsoft services in one central location.

Row-Level Security generally available. Row-Level Security allows you to restrict access to rows of data based on user identity, user role memberships, or query execution context. It centralizes your access logic within the database itself, which simplifies your application code and reduces the risk of accidental data disclosure. Row-Level Security supports both filter predicates (which restrict row-level read access) and block predicates (now in public preview), which restrict row-level write access.

Dynamic data masking to become generally available. Dynamic data masking limits sensitive data exposure by masking it to non-privileged users. Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal, with minimal impact on the application layer. It operates by hiding the sensitive data in the result set of a query over designated database fields, while leaving the underlying database operations unaffected.

Always Encrypted to be in public preview soon. Always Encrypted is a feature designed to help protect sensitive data, such as credit card numbers or national identification numbers (for example, U.S. Social Security numbers), stored in SQL Server databases and SQL Database. Always Encrypted allows clients to encrypt sensitive data inside client applications and not reveal the encryption keys to the database. Always Encrypted distinguishes between those who own the data (and can view it) and those who manage the data (but should have no access).

Transparent data encryption generally available. Transparent data encryption helps you meet compliance requirements by encrypting your databases, associated backups, and transaction log files at rest without requiring changes to your applications. It’s based on SQL Server transparent data encryption technology, which encrypts the storage of an entire database by using an industry standard AES-256 symmetric database encryption key.

Make sure to check out Microsoft Azure SQL Database provides unparalleled data security in the cloud with Always Encrypted on the Azure Blog for more information.


Tom Shinder
Program Manager, Azure Security Engineering
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!


Comments (0)

Skip to main content