We are delighted to announce the public preview of SQL Information Protection (Data Discovery & Classification), introducing advanced capabilities built into Azure SQL Database for discovering, classifying, labeling & protecting the sensitive data in your databases. Similar capabilities are also being introduced for on-premises SQL Server via SQL Server Management Studio.
Discovering and classifying your most sensitive data (business, financial, healthcare, PII, etc.) can play a pivotal role in your organizational information protection stature. It can serve as an infrastructure for:
- Helping meet data privacy standards and regulatory compliance requirements, such as GDPR.
- Data-centric security scenarios, such as monitoring (auditing) and alerting on anomalous access to sensitive data.
- Controlling access to and hardening the security of databases containing highly sensitive data.
What is SQL Information Protection?
SQL Information Protection (SQL IP) introduces a set of advanced services and new SQL capabilities, forming a new information protection paradigm in SQL aimed at protecting the data, not just the database:
- Discovery & recommendations – The classification engine scans your database and identifies columns containing potentially sensitive data. It then provides you an easy way to review and apply the appropriate classification recommendations via the Azure portal.
- Labeling – Sensitivity classification labels can be persistently tagged on columns using new classification metadata attributes introduced into the SQL Engine. This metadata can then be utilized for advanced sensitivity-based auditing and protection scenarios.
- Monitoring/Auditing – Sensitivity of the query result set is calculated in real time and used for auditing access to sensitive data (currently in Azure SQL DB only).
- Visibility – The database classification state can be viewed in a detailed dashboard in the portal. Additionally, you can download a report (in Excel format) to be used for compliance & auditing purposes, as well as other needs.
Additional SQL IP capabilities will continue rolling out throughout 2018 – Stay tuned!
How does SQL IP work?
We designed SQL IP with the goal of streamlining the process of discovering -> classifying -> labeling sensitive data in your database environment.
Our built-in automated classification engine identifies columns containing potentially sensitive data, and provides a list of classification recommendations, which can be easily applied as sensitivity metadata on top of columns, using new column sensitivity attributes that have been added to the SQL engine. You can also manually classify & label your columns.
Once you classify & label your data, our detailed overview dashboard provides you visibility into the classification state of your database, as well as the ability to export and download a classification report in Excel format:
Finally, the SQL engine utilizes the column classifications to determine the sensitivity of query result sets. Combined with Azure SQL Database Auditing, this enables you to audit the sensitivity of the actual data being returned by queries:
Get started today!
We encourage you to try out SQL Information Protection today for improved visibility into your database environment, as well as for monitoring access to your sensitive data.
More details on using SQL Information Protection can be found in:
- Azure SQL Database: Getting Started Data Discovery & Classification
- SQL Server (on-prem): Getting Started with Data Discovery & Classification
SQL Security team