SlideShare a Scribd company logo

Dynamic data masking sql server 2016

Antonios Chatzipavlis
Antonios Chatzipavlis

Dynamic data masking is a data protection feature in SQL Server 2016 that masks sensitive data in query results without altering the actual data. It can help protect private information by exposing only obfuscated data to unauthorized users. Administrators can configure masking rules for specific columns using various masking functions like default, email, random, or custom string masking. The underlying data remains intact but masked data is returned for users without unmask permissions. It provides data security with minimal performance impact by masking results on-the-fly.

1 of 32
Downloaded 126 times
Dynamic data masking sql server 2016
Dynamic Data Masking in SQL Server 2016
SQLschool.gr Team Antonios Chatzipavlis SQL Server Evangelist • Trainer Vassilis Ioannidis SQL Server Expert • Trainer Fivi Panopoulou System Engineer • Speaker Sotiris Karras System Engineer • Speaker
Followus insocialmedia @sqlschool / @panfivi fb/sqlschoolgr yt/c/SqlschoolGr SQL School Greece group
Helpneeded? help@sqlschool.gr
DynamicDataMasking
Presentation Content  Introducing Dynamic Data Masking  Using Dynamic Data Masking  DDM on Azure  Some points to keep
Introducing Dynamic Data Masking
• Protect sensitive data and personally identifiable information • Regulatory Compliance • Expose sensitive data only on a need-to-know basis • Custom obfuscation in application, views or third party solutions are used to address this need The Need
Dynamic Data Masking in SQL Server 2016 • Built-in feature for SQL Server 2016 and Azure SQL DB • Data masked on the fly when queried, underlying data do not change • Control on how the data appear in the result set  Dynamic data masking is a data protection feature that masks the sensitive data in the result set of a query over chosen database fields
• Protects against unauthorized disclosure of sensitive data in the application • Very simple to configure and use • Does not require changes in application code • Centralized masking logic Benefits
• “Dynamic data masking does not aim to prevent database users from connecting directly to the database and running exhaustive queries that expose pieces of the sensitive data” • It is not a method for physical data encryption • It is complementary to other SQL Server security features Keep in mind
Using Dynamic Data Masking  Steps  Masking Functions  Permissions  System view information
Dynamic data masking sql server 2016
• Decide which columns need to be masked • Choose the masking function that best fits your needs for each column • Alter columns to add the masking rules • The underlying data is unaffected • Designate which users should see masked data and configure the permissions. Steps
Default Masking Functions Data Type Family Masked Data String XXXX Numeric 0 Date and Time 01.01.1900 00:00:00.0000000 Binary 0 ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = 'default()') Full masking according to the data types of the designated fields.
Email Masking Functions ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = ‘email()') Exposes the first letter of an email address and the constant suffix ".com", in the form of an email address. aXXX@XXXX.com
Random Masking Functions ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = 'random([start range], [end range])') A random masking function for use on any numeric type to mask the original value with a random value within a specified range.
Custom String (Partial) Masking Functions ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = ‘partial(prefix,[padding],suffix)’ Exposes the first and last letters and adds a custom padding string in the middle • Phone: partial(4,”XXXXXXXXXXX”,0) • Credit Card: partial(0,”XXXX-XXXX-XXXX-”,4) • Email: partial(1,”xxxx@xxxx.”,2)
• To retrieve the original data the user must have the UNMASK permission • To add, replace, remove masking of existing columns ALTER ANY MASK permission • The CONTROL permission on the database includes both the ALTER ANY MASK and UNMASK permission ! Users without UNMASK but with UPDATE permission can still update data. Permissions
system view to query for table-columns that have a dynamic data masking function applied to them • Simlar to sys.columns view • is_masked • masking_function sys.masked_columns
Dynamic Data Masking in Action
DDM on Azure
Azure Set up DDM using Azure Portal • Define users excluded from masking • Define Masking rules • Designated fields and masking functions for each one There is a recommendations engine that proposes potentially sensitive fields to mask
Azure Default Full Masking according to the datatypes Credit card XXXX-XXXX-XXXX-1234 Social Security number XXX-XX-1234 Email aXX@XXXX.com Random Number Random number between selected boundaries Custom Text Prefix, Padding String, Suffix
Some points to keep  Limitations and Restrictions  Considerations  Performance
• Not compatible with Always Encrypted columns • Not compatible with File Stream • Not compatible with Column set • A column with data masking cannot be a key for a FULLTEXT index. • Masking rule cannot be defined on a computed column Limitations and Restrictions
• Dynamic Data Masking is applied when running SQL Server Import and Export • Dynamic Data Masking is applied when using SELECT INTO or INSERT INTO to copy data from a masked column • Be careful with updates Considerations
Minimal Performance Impact Data masking is performed right before the data is returned. Performance SELECT * FROM Person.EmailAddress;
Dynamic data masking sql server 2016
Dynamic data masking sql server 2016
S E L E C T K N O W L E D G E F R O M S Q L S E R V E R Copyright © 2015 SQLschool.gr. All right reserved. PRESENTER MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION
Ad

Recommended

Cyber security power point templates
Cyber security power point templatesCyber security power point templates
Cyber security power point templates
Raul Flores
 
Project Communication Plan PowerPoint Presentation Slides
Project Communication Plan PowerPoint Presentation SlidesProject Communication Plan PowerPoint Presentation Slides
Project Communication Plan PowerPoint Presentation Slides
SlideTeam
 
Introduction to Azure Data Factory
Introduction to Azure Data FactoryIntroduction to Azure Data Factory
Introduction to Azure Data Factory
Slava Kokaev
 
Fortinet Fortigate 60D 中文安裝手冊 ( Ver 5.2.3)
Fortinet Fortigate 60D 中文安裝手冊 ( Ver 5.2.3)Fortinet Fortigate 60D 中文安裝手冊 ( Ver 5.2.3)
Fortinet Fortigate 60D 中文安裝手冊 ( Ver 5.2.3)
志弘 李
 
Work in a team environment
Work in a team environmentWork in a team environment
Work in a team environment
Manny Daleon
 
Introducing Azure SQL Database
Introducing Azure SQL DatabaseIntroducing Azure SQL Database
Introducing Azure SQL Database
James Serra
 
Introduction to Azure Databricks
Introduction to Azure DatabricksIntroduction to Azure Databricks
Introduction to Azure Databricks
James Serra
 
Intro to Delta Lake
Intro to Delta LakeIntro to Delta Lake
Intro to Delta Lake
Databricks
 
Oracle Data Redaction
Oracle Data RedactionOracle Data Redaction
Oracle Data Redaction
Alex Zaballa
 
Sql Server Basics
Sql Server BasicsSql Server Basics
Sql Server Basics
rainynovember12
 
Oracle Data Redaction
Oracle Data RedactionOracle Data Redaction
Oracle Data Redaction
Ivica Arsov
 
AV/DF Advanced Security Option
AV/DF Advanced Security OptionAV/DF Advanced Security Option
AV/DF Advanced Security Option
DLT Solutions
 
SQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore PlanSQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore Plan
Hamid J. Fard
 
Oracle sql high performance tuning
Oracle sql high performance tuningOracle sql high performance tuning
Oracle sql high performance tuning
Guy Harrison
 
Physical architecture of sql server
Physical architecture of sql serverPhysical architecture of sql server
Physical architecture of sql server
Divya Sharma
 
Sql server 2019 new features
Sql server 2019 new featuresSql server 2019 new features
Sql server 2019 new features
George Walters
 
Natural vs.surrogate keys
Natural vs.surrogate keysNatural vs.surrogate keys
Natural vs.surrogate keys
Ron Morgan
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
Nabeel Yoosuf
 
SQL Database Performance Tuning for Developers
SQL Database Performance Tuning for DevelopersSQL Database Performance Tuning for Developers
SQL Database Performance Tuning for Developers
BRIJESH KUMAR
 
joins and subqueries in big data analysis
joins and subqueries in big data analysisjoins and subqueries in big data analysis
joins and subqueries in big data analysis
SanSan149
 
Introduction to SQL
Introduction to SQLIntroduction to SQL
Introduction to SQL
Mahir Haque
 
Sql server basics
Sql server basicsSql server basics
Sql server basics
Dilfaroz Khan
 
Row-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingRow-level security and Dynamic Data Masking
Row-level security and Dynamic Data Masking
SolidQ
 
Fonseca_Ruiz_Respaldos_SQLServer.pptx
Fonseca_Ruiz_Respaldos_SQLServer.pptxFonseca_Ruiz_Respaldos_SQLServer.pptx
Fonseca_Ruiz_Respaldos_SQLServer.pptx
ArturoEmanuelFonseca
 
DB2 TABLESPACES
DB2 TABLESPACESDB2 TABLESPACES
DB2 TABLESPACES
Rahul Anand
 
Db2
Db2Db2
Db2
yboren
 
Oracle sql analytic functions
Oracle sql analytic functionsOracle sql analytic functions
Oracle sql analytic functions
mamamowebby
 
Backup and recovery in oracle
Backup and recovery in oracleBackup and recovery in oracle
Backup and recovery in oracle
sadegh salehi
 
Row level security
Row level securityRow level security
Row level security
Antonios Chatzipavlis
 
Introduction to Azure Data Lake
Introduction to Azure Data LakeIntroduction to Azure Data Lake
Introduction to Azure Data Lake
Antonios Chatzipavlis
 
Ad

More Related Content

What's hot (20)

Oracle Data Redaction
Oracle Data RedactionOracle Data Redaction
Oracle Data Redaction
Alex Zaballa
 
Sql Server Basics
Sql Server BasicsSql Server Basics
Sql Server Basics
rainynovember12
 
Oracle Data Redaction
Oracle Data RedactionOracle Data Redaction
Oracle Data Redaction
Ivica Arsov
 
AV/DF Advanced Security Option
AV/DF Advanced Security OptionAV/DF Advanced Security Option
AV/DF Advanced Security Option
DLT Solutions
 
SQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore PlanSQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore Plan
Hamid J. Fard
 
Oracle sql high performance tuning
Oracle sql high performance tuningOracle sql high performance tuning
Oracle sql high performance tuning
Guy Harrison
 
Physical architecture of sql server
Physical architecture of sql serverPhysical architecture of sql server
Physical architecture of sql server
Divya Sharma
 
Sql server 2019 new features
Sql server 2019 new featuresSql server 2019 new features
Sql server 2019 new features
George Walters
 
Natural vs.surrogate keys
Natural vs.surrogate keysNatural vs.surrogate keys
Natural vs.surrogate keys
Ron Morgan
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
Nabeel Yoosuf
 
SQL Database Performance Tuning for Developers
SQL Database Performance Tuning for DevelopersSQL Database Performance Tuning for Developers
SQL Database Performance Tuning for Developers
BRIJESH KUMAR
 
joins and subqueries in big data analysis
joins and subqueries in big data analysisjoins and subqueries in big data analysis
joins and subqueries in big data analysis
SanSan149
 
Introduction to SQL
Introduction to SQLIntroduction to SQL
Introduction to SQL
Mahir Haque
 
Sql server basics
Sql server basicsSql server basics
Sql server basics
Dilfaroz Khan
 
Row-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingRow-level security and Dynamic Data Masking
Row-level security and Dynamic Data Masking
SolidQ
 
Fonseca_Ruiz_Respaldos_SQLServer.pptx
Fonseca_Ruiz_Respaldos_SQLServer.pptxFonseca_Ruiz_Respaldos_SQLServer.pptx
Fonseca_Ruiz_Respaldos_SQLServer.pptx
ArturoEmanuelFonseca
 
DB2 TABLESPACES
DB2 TABLESPACESDB2 TABLESPACES
DB2 TABLESPACES
Rahul Anand
 
Db2
Db2Db2
Db2
yboren
 
Oracle sql analytic functions
Oracle sql analytic functionsOracle sql analytic functions
Oracle sql analytic functions
mamamowebby
 
Backup and recovery in oracle
Backup and recovery in oracleBackup and recovery in oracle
Backup and recovery in oracle
sadegh salehi
 
Oracle Data Redaction
Oracle Data RedactionOracle Data Redaction
Oracle Data Redaction
Alex Zaballa
 
Sql Server Basics
Sql Server BasicsSql Server Basics
Sql Server Basics
rainynovember12
 
Oracle Data Redaction
Oracle Data RedactionOracle Data Redaction
Oracle Data Redaction
Ivica Arsov
 
AV/DF Advanced Security Option
AV/DF Advanced Security OptionAV/DF Advanced Security Option
AV/DF Advanced Security Option
DLT Solutions
 
SQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore PlanSQL Server Database Backup and Restore Plan
SQL Server Database Backup and Restore Plan
Hamid J. Fard
 
Oracle sql high performance tuning
Oracle sql high performance tuningOracle sql high performance tuning
Oracle sql high performance tuning
Guy Harrison
 
Physical architecture of sql server
Physical architecture of sql serverPhysical architecture of sql server
Physical architecture of sql server
Divya Sharma
 
Sql server 2019 new features
Sql server 2019 new featuresSql server 2019 new features
Sql server 2019 new features
George Walters
 
Natural vs.surrogate keys
Natural vs.surrogate keysNatural vs.surrogate keys
Natural vs.surrogate keys
Ron Morgan
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
Nabeel Yoosuf
 
SQL Database Performance Tuning for Developers
SQL Database Performance Tuning for DevelopersSQL Database Performance Tuning for Developers
SQL Database Performance Tuning for Developers
BRIJESH KUMAR
 
joins and subqueries in big data analysis
joins and subqueries in big data analysisjoins and subqueries in big data analysis
joins and subqueries in big data analysis
SanSan149
 
Introduction to SQL
Introduction to SQLIntroduction to SQL
Introduction to SQL
Mahir Haque
 
Sql server basics
Sql server basicsSql server basics
Sql server basics
Dilfaroz Khan
 
Row-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingRow-level security and Dynamic Data Masking
Row-level security and Dynamic Data Masking
SolidQ
 
Fonseca_Ruiz_Respaldos_SQLServer.pptx
Fonseca_Ruiz_Respaldos_SQLServer.pptxFonseca_Ruiz_Respaldos_SQLServer.pptx
Fonseca_Ruiz_Respaldos_SQLServer.pptx
ArturoEmanuelFonseca
 
DB2 TABLESPACES
DB2 TABLESPACESDB2 TABLESPACES
DB2 TABLESPACES
Rahul Anand
 
Db2
Db2Db2
Db2
yboren
 
Oracle sql analytic functions
Oracle sql analytic functionsOracle sql analytic functions
Oracle sql analytic functions
mamamowebby
 
Backup and recovery in oracle
Backup and recovery in oracleBackup and recovery in oracle
Backup and recovery in oracle
sadegh salehi
 

Viewers also liked (10)

Row level security
Row level securityRow level security
Row level security
Antonios Chatzipavlis
 
Introduction to Azure Data Lake
Introduction to Azure Data LakeIntroduction to Azure Data Lake
Introduction to Azure Data Lake
Antonios Chatzipavlis
 
Exploring sql server 2016
Exploring sql server 2016Exploring sql server 2016
Exploring sql server 2016
Antonios Chatzipavlis
 
Live Query Statistics & Query Store in SQL Server 2016
Live Query Statistics & Query Store in SQL Server 2016Live Query Statistics & Query Store in SQL Server 2016
Live Query Statistics & Query Store in SQL Server 2016
Antonios Chatzipavlis
 
Microsoft SQL Family and GDPR
Microsoft SQL Family and GDPRMicrosoft SQL Family and GDPR
Microsoft SQL Family and GDPR
Antonios Chatzipavlis
 
Introduction to azure document db
Introduction to azure document dbIntroduction to azure document db
Introduction to azure document db
Antonios Chatzipavlis
 
Introduction to sql database on azure
Introduction to sql database on azureIntroduction to sql database on azure
Introduction to sql database on azure
Antonios Chatzipavlis
 
Exploring sql server 2016 bi
Exploring sql server 2016 biExploring sql server 2016 bi
Exploring sql server 2016 bi
Antonios Chatzipavlis
 
Introduction to Machine Learning on Azure
Introduction to Machine Learning on AzureIntroduction to Machine Learning on Azure
Introduction to Machine Learning on Azure
Antonios Chatzipavlis
 
Azure SQL Data Warehouse
Azure SQL Data Warehouse Azure SQL Data Warehouse
Azure SQL Data Warehouse
Antonios Chatzipavlis
 
Row level security
Row level securityRow level security
Row level security
Antonios Chatzipavlis
 
Introduction to Azure Data Lake
Introduction to Azure Data LakeIntroduction to Azure Data Lake
Introduction to Azure Data Lake
Antonios Chatzipavlis
 
Exploring sql server 2016
Exploring sql server 2016Exploring sql server 2016
Exploring sql server 2016
Antonios Chatzipavlis
 
Live Query Statistics & Query Store in SQL Server 2016
Live Query Statistics & Query Store in SQL Server 2016Live Query Statistics & Query Store in SQL Server 2016
Live Query Statistics & Query Store in SQL Server 2016
Antonios Chatzipavlis
 
Microsoft SQL Family and GDPR
Microsoft SQL Family and GDPRMicrosoft SQL Family and GDPR
Microsoft SQL Family and GDPR
Antonios Chatzipavlis
 
Introduction to azure document db
Introduction to azure document dbIntroduction to azure document db
Introduction to azure document db
Antonios Chatzipavlis
 
Introduction to sql database on azure
Introduction to sql database on azureIntroduction to sql database on azure
Introduction to sql database on azure
Antonios Chatzipavlis
 
Exploring sql server 2016 bi
Exploring sql server 2016 biExploring sql server 2016 bi
Exploring sql server 2016 bi
Antonios Chatzipavlis
 
Introduction to Machine Learning on Azure
Introduction to Machine Learning on AzureIntroduction to Machine Learning on Azure
Introduction to Machine Learning on Azure
Antonios Chatzipavlis
 
Azure SQL Data Warehouse
Azure SQL Data Warehouse Azure SQL Data Warehouse
Azure SQL Data Warehouse
Antonios Chatzipavlis
 
Ad

Similar to Dynamic data masking sql server 2016 (20)

Securing data and preventing data breaches
Securing data and preventing data breachesSecuring data and preventing data breaches
Securing data and preventing data breaches
MariaDB plc
 
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeAsug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Dharma Atluri
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Georgi Kodinov
 
Data Redaction - OTN TOUR LA 2015
Data Redaction - OTN TOUR LA 2015 Data Redaction - OTN TOUR LA 2015
Data Redaction - OTN TOUR LA 2015
Alex Zaballa
 
Oracle Data Redaction
Oracle Data RedactionOracle Data Redaction
Oracle Data Redaction
Alex Zaballa
 
Using SSRS Reports with SSAS Cubes
Using SSRS Reports with SSAS CubesUsing SSRS Reports with SSAS Cubes
Using SSRS Reports with SSAS Cubes
Code Mastery
 
How Clean is your Database? Data Scrubbing for all Skill Sets
How Clean is your Database? Data Scrubbing for all Skill SetsHow Clean is your Database? Data Scrubbing for all Skill Sets
How Clean is your Database? Data Scrubbing for all Skill Sets
Chad Petrovay
 
A to z for sql azure databases
A to z for sql azure databasesA to z for sql azure databases
A to z for sql azure databases
Antonios Chatzipavlis
 
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
Sam Bowne
 
Stored procedure in sql server
Stored procedure in sql serverStored procedure in sql server
Stored procedure in sql server
baabtra.com - No. 1 supplier of quality freshers
 
CloneTab Advanced DataScrambling.pptx
CloneTab Advanced DataScrambling.pptxCloneTab Advanced DataScrambling.pptx
CloneTab Advanced DataScrambling.pptx
CLONETAB
 
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Shivananda Rai
 
World2016_T5_S5_SQLServerFunctionalOverview
World2016_T5_S5_SQLServerFunctionalOverviewWorld2016_T5_S5_SQLServerFunctionalOverview
World2016_T5_S5_SQLServerFunctionalOverview
Farah Omer
 
Cloud computing security from single to multiple
Cloud computing security from single to multipleCloud computing security from single to multiple
Cloud computing security from single to multiple
Kiran Kumar
 
Microsoft Sentinel Deployment V1.pptx
Microsoft Sentinel Deployment V1.pptxMicrosoft Sentinel Deployment V1.pptx
Microsoft Sentinel Deployment V1.pptx
saadatali65
 
Common Data Service – A Business Database!
Common Data Service – A Business Database!Common Data Service – A Business Database!
Common Data Service – A Business Database!
Pedro Azevedo
 
Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1
Ashnikbiz
 
Oracle Database 12c - Data Redaction
Oracle Database 12c - Data RedactionOracle Database 12c - Data Redaction
Oracle Database 12c - Data Redaction
Alex Zaballa
 
Ch 9 Attacking Data Stores (Part 2)
Ch 9 Attacking Data Stores (Part 2)Ch 9 Attacking Data Stores (Part 2)
Ch 9 Attacking Data Stores (Part 2)
Sam Bowne
 
Striim_PPT yogesh.pptx
Striim_PPT yogesh.pptxStriim_PPT yogesh.pptx
Striim_PPT yogesh.pptx
yogeshsuryawanshi47
 
Securing data and preventing data breaches
Securing data and preventing data breachesSecuring data and preventing data breaches
Securing data and preventing data breaches
MariaDB plc
 
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeAsug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Dharma Atluri
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Georgi Kodinov
 
Data Redaction - OTN TOUR LA 2015
Data Redaction - OTN TOUR LA 2015 Data Redaction - OTN TOUR LA 2015
Data Redaction - OTN TOUR LA 2015
Alex Zaballa
 
Oracle Data Redaction
Oracle Data RedactionOracle Data Redaction
Oracle Data Redaction
Alex Zaballa
 
Using SSRS Reports with SSAS Cubes
Using SSRS Reports with SSAS CubesUsing SSRS Reports with SSAS Cubes
Using SSRS Reports with SSAS Cubes
Code Mastery
 
How Clean is your Database? Data Scrubbing for all Skill Sets
How Clean is your Database? Data Scrubbing for all Skill SetsHow Clean is your Database? Data Scrubbing for all Skill Sets
How Clean is your Database? Data Scrubbing for all Skill Sets
Chad Petrovay
 
A to z for sql azure databases
A to z for sql azure databasesA to z for sql azure databases
A to z for sql azure databases
Antonios Chatzipavlis
 
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
Sam Bowne
 
Stored procedure in sql server
Stored procedure in sql serverStored procedure in sql server
Stored procedure in sql server
baabtra.com - No. 1 supplier of quality freshers
 
CloneTab Advanced DataScrambling.pptx
CloneTab Advanced DataScrambling.pptxCloneTab Advanced DataScrambling.pptx
CloneTab Advanced DataScrambling.pptx
CLONETAB
 
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Cloud computing-security-from-single-to-multiple-140211071429-phpapp01
Shivananda Rai
 
World2016_T5_S5_SQLServerFunctionalOverview
World2016_T5_S5_SQLServerFunctionalOverviewWorld2016_T5_S5_SQLServerFunctionalOverview
World2016_T5_S5_SQLServerFunctionalOverview
Farah Omer
 
Cloud computing security from single to multiple
Cloud computing security from single to multipleCloud computing security from single to multiple
Cloud computing security from single to multiple
Kiran Kumar
 
Microsoft Sentinel Deployment V1.pptx
Microsoft Sentinel Deployment V1.pptxMicrosoft Sentinel Deployment V1.pptx
Microsoft Sentinel Deployment V1.pptx
saadatali65
 
Common Data Service – A Business Database!
Common Data Service – A Business Database!Common Data Service – A Business Database!
Common Data Service – A Business Database!
Pedro Azevedo
 
Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1Enterprise-class security with PostgreSQL - 1
Enterprise-class security with PostgreSQL - 1
Ashnikbiz
 
Oracle Database 12c - Data Redaction
Oracle Database 12c - Data RedactionOracle Database 12c - Data Redaction
Oracle Database 12c - Data Redaction
Alex Zaballa
 
Ch 9 Attacking Data Stores (Part 2)
Ch 9 Attacking Data Stores (Part 2)Ch 9 Attacking Data Stores (Part 2)
Ch 9 Attacking Data Stores (Part 2)
Sam Bowne
 
Striim_PPT yogesh.pptx
Striim_PPT yogesh.pptxStriim_PPT yogesh.pptx
Striim_PPT yogesh.pptx
yogeshsuryawanshi47
 
Ad

More from Antonios Chatzipavlis (20)

Data virtualization using polybase
Data virtualization using polybaseData virtualization using polybase
Data virtualization using polybase
Antonios Chatzipavlis
 
SQL server Backup Restore Revealed
SQL server Backup Restore RevealedSQL server Backup Restore Revealed
SQL server Backup Restore Revealed
Antonios Chatzipavlis
 
Migrate SQL Workloads to Azure
Migrate SQL Workloads to AzureMigrate SQL Workloads to Azure
Migrate SQL Workloads to Azure
Antonios Chatzipavlis
 
Machine Learning in SQL Server 2019
Machine Learning in SQL Server 2019Machine Learning in SQL Server 2019
Machine Learning in SQL Server 2019
Antonios Chatzipavlis
 
Workload Management in SQL Server 2019
Workload Management in SQL Server 2019Workload Management in SQL Server 2019
Workload Management in SQL Server 2019
Antonios Chatzipavlis
 
Loading Data into Azure SQL DW (Synapse Analytics)
Loading Data into Azure SQL DW (Synapse Analytics)Loading Data into Azure SQL DW (Synapse Analytics)
Loading Data into Azure SQL DW (Synapse Analytics)
Antonios Chatzipavlis
 
Introduction to DAX Language
Introduction to DAX LanguageIntroduction to DAX Language
Introduction to DAX Language
Antonios Chatzipavlis
 
Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs
Antonios Chatzipavlis
 
Exploring T-SQL Anti-Patterns
Exploring T-SQL Anti-Patterns Exploring T-SQL Anti-Patterns
Exploring T-SQL Anti-Patterns
Antonios Chatzipavlis
 
Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Designing a modern data warehouse in azure
Designing a modern data warehouse in azure
Antonios Chatzipavlis
 
Modernizing your database with SQL Server 2019
Modernizing your database with SQL Server 2019Modernizing your database with SQL Server 2019
Modernizing your database with SQL Server 2019
Antonios Chatzipavlis
 
Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Designing a modern data warehouse in azure
Designing a modern data warehouse in azure
Antonios Chatzipavlis
 
SQLServer Database Structures
SQLServer Database Structures SQLServer Database Structures
SQLServer Database Structures
Antonios Chatzipavlis
 
Sqlschool 2017 recap - 2018 plans
Sqlschool 2017 recap - 2018 plansSqlschool 2017 recap - 2018 plans
Sqlschool 2017 recap - 2018 plans
Antonios Chatzipavlis
 
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018 Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Antonios Chatzipavlis
 
Statistics and Indexes Internals
Statistics and Indexes InternalsStatistics and Indexes Internals
Statistics and Indexes Internals
Antonios Chatzipavlis
 
Implementing Mobile Reports in SQL Sserver 2016 Reporting Services
Implementing Mobile Reports in SQL Sserver 2016 Reporting ServicesImplementing Mobile Reports in SQL Sserver 2016 Reporting Services
Implementing Mobile Reports in SQL Sserver 2016 Reporting Services
Antonios Chatzipavlis
 
Auditing Data Access in SQL Server
Auditing Data Access in SQL ServerAuditing Data Access in SQL Server
Auditing Data Access in SQL Server
Antonios Chatzipavlis
 
Stretch db sql server 2016 (sn0028)
Stretch db sql server 2016 (sn0028)Stretch db sql server 2016 (sn0028)
Stretch db sql server 2016 (sn0028)
Antonios Chatzipavlis
 
Troubleshooting sql server
Troubleshooting sql serverTroubleshooting sql server
Troubleshooting sql server
Antonios Chatzipavlis
 
Data virtualization using polybase
Data virtualization using polybaseData virtualization using polybase
Data virtualization using polybase
Antonios Chatzipavlis
 
SQL server Backup Restore Revealed
SQL server Backup Restore RevealedSQL server Backup Restore Revealed
SQL server Backup Restore Revealed
Antonios Chatzipavlis
 
Migrate SQL Workloads to Azure
Migrate SQL Workloads to AzureMigrate SQL Workloads to Azure
Migrate SQL Workloads to Azure
Antonios Chatzipavlis
 
Machine Learning in SQL Server 2019
Machine Learning in SQL Server 2019Machine Learning in SQL Server 2019
Machine Learning in SQL Server 2019
Antonios Chatzipavlis
 
Workload Management in SQL Server 2019
Workload Management in SQL Server 2019Workload Management in SQL Server 2019
Workload Management in SQL Server 2019
Antonios Chatzipavlis
 
Loading Data into Azure SQL DW (Synapse Analytics)
Loading Data into Azure SQL DW (Synapse Analytics)Loading Data into Azure SQL DW (Synapse Analytics)
Loading Data into Azure SQL DW (Synapse Analytics)
Antonios Chatzipavlis
 
Introduction to DAX Language
Introduction to DAX LanguageIntroduction to DAX Language
Introduction to DAX Language
Antonios Chatzipavlis
 
Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs
Antonios Chatzipavlis
 
Exploring T-SQL Anti-Patterns
Exploring T-SQL Anti-Patterns Exploring T-SQL Anti-Patterns
Exploring T-SQL Anti-Patterns
Antonios Chatzipavlis
 
Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Designing a modern data warehouse in azure
Designing a modern data warehouse in azure
Antonios Chatzipavlis
 
Modernizing your database with SQL Server 2019
Modernizing your database with SQL Server 2019Modernizing your database with SQL Server 2019
Modernizing your database with SQL Server 2019
Antonios Chatzipavlis
 
Designing a modern data warehouse in azure
Designing a modern data warehouse in azure Designing a modern data warehouse in azure
Designing a modern data warehouse in azure
Antonios Chatzipavlis
 
SQLServer Database Structures
SQLServer Database Structures SQLServer Database Structures
SQLServer Database Structures
Antonios Chatzipavlis
 
Sqlschool 2017 recap - 2018 plans
Sqlschool 2017 recap - 2018 plansSqlschool 2017 recap - 2018 plans
Sqlschool 2017 recap - 2018 plans
Antonios Chatzipavlis
 
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018 Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Antonios Chatzipavlis
 
Statistics and Indexes Internals
Statistics and Indexes InternalsStatistics and Indexes Internals
Statistics and Indexes Internals
Antonios Chatzipavlis
 
Implementing Mobile Reports in SQL Sserver 2016 Reporting Services
Implementing Mobile Reports in SQL Sserver 2016 Reporting ServicesImplementing Mobile Reports in SQL Sserver 2016 Reporting Services
Implementing Mobile Reports in SQL Sserver 2016 Reporting Services
Antonios Chatzipavlis
 
Auditing Data Access in SQL Server
Auditing Data Access in SQL ServerAuditing Data Access in SQL Server
Auditing Data Access in SQL Server
Antonios Chatzipavlis
 
Stretch db sql server 2016 (sn0028)
Stretch db sql server 2016 (sn0028)Stretch db sql server 2016 (sn0028)
Stretch db sql server 2016 (sn0028)
Antonios Chatzipavlis
 
Troubleshooting sql server
Troubleshooting sql serverTroubleshooting sql server
Troubleshooting sql server
Antonios Chatzipavlis
 

Recently uploaded (20)

Improving Product Manufacturing Processes
Improving Product Manufacturing ProcessesImproving Product Manufacturing Processes
Improving Product Manufacturing Processes
Process mining Evangelist
 
How to regulate and control your it-outsourcing provider with process mining
How to regulate and control your it-outsourcing provider with process miningHow to regulate and control your it-outsourcing provider with process mining
How to regulate and control your it-outsourcing provider with process mining
Process mining Evangelist
 
Fundamentals of Data Analysis, its types, tools, algorithms
Fundamentals of Data Analysis, its types, tools, algorithmsFundamentals of Data Analysis, its types, tools, algorithms
Fundamentals of Data Analysis, its types, tools, algorithms
priyaiyerkbcsc
 
Adopting Process Mining at the Rabobank - use case
Adopting Process Mining at the Rabobank - use caseAdopting Process Mining at the Rabobank - use case
Adopting Process Mining at the Rabobank - use case
Process mining Evangelist
 
CERTIFIED BUSINESS ANALYSIS PROFESSIONAL™
CERTIFIED BUSINESS ANALYSIS PROFESSIONAL™CERTIFIED BUSINESS ANALYSIS PROFESSIONAL™
CERTIFIED BUSINESS ANALYSIS PROFESSIONAL™
muhammed84essa
 
What is ETL? Difference between ETL and ELT?.pdf
What is ETL? Difference between ETL and ELT?.pdfWhat is ETL? Difference between ETL and ELT?.pdf
What is ETL? Difference between ETL and ELT?.pdf
SaikatBasu37
 
Z14_IBM__APL_by_Christian_Demmer_IBM.pdf
Z14_IBM__APL_by_Christian_Demmer_IBM.pdfZ14_IBM__APL_by_Christian_Demmer_IBM.pdf
Z14_IBM__APL_by_Christian_Demmer_IBM.pdf
Fariborz Seyedloo
 
Chapter 6-3 Introducingthe Concepts .pptx
Chapter 6-3 Introducingthe Concepts .pptxChapter 6-3 Introducingthe Concepts .pptx
Chapter 6-3 Introducingthe Concepts .pptx
PermissionTafadzwaCh
 
Controlling Financial Processes at a Municipality
Controlling Financial Processes at a MunicipalityControlling Financial Processes at a Municipality
Controlling Financial Processes at a Municipality
Process mining Evangelist
 
Voice Control robotic arm hggyghghgjgjhgjg
Voice Control robotic arm hggyghghgjgjhgjgVoice Control robotic arm hggyghghgjgjhgjg
Voice Control robotic arm hggyghghgjgjhgjg
4mg22ec401
 
Analysis of Billboards hot 100 toop five hit makers on the chart.docx
Analysis of Billboards hot 100 toop five hit makers on the chart.docxAnalysis of Billboards hot 100 toop five hit makers on the chart.docx
Analysis of Billboards hot 100 toop five hit makers on the chart.docx
hershtara1
 
Process Mining at Dimension Data - Jan vermeulen
Process Mining at Dimension Data - Jan vermeulenProcess Mining at Dimension Data - Jan vermeulen
Process Mining at Dimension Data - Jan vermeulen
Process mining Evangelist
 
problem solving.presentation slideshow bsc nursing
problem solving.presentation slideshow bsc nursingproblem solving.presentation slideshow bsc nursing
problem solving.presentation slideshow bsc nursing
vishnudathas123
 
TOAE201-Slides-Chapter 4. Sample theoretical basis (1).pdf
TOAE201-Slides-Chapter 4. Sample theoretical basis (1).pdfTOAE201-Slides-Chapter 4. Sample theoretical basis (1).pdf
TOAE201-Slides-Chapter 4. Sample theoretical basis (1).pdf
NhiV747372
 
report (maam dona subject).pptxhsgwiswhs
report (maam dona subject).pptxhsgwiswhsreport (maam dona subject).pptxhsgwiswhs
report (maam dona subject).pptxhsgwiswhs
AngelPinedaTaguinod
 
L1_Slides_Foundational Concepts_508.pptx
L1_Slides_Foundational Concepts_508.pptxL1_Slides_Foundational Concepts_508.pptx
L1_Slides_Foundational Concepts_508.pptx
38NoopurPatel
 
Automation Platforms and Process Mining - success story
Automation Platforms and Process Mining - success storyAutomation Platforms and Process Mining - success story
Automation Platforms and Process Mining - success story
Process mining Evangelist
 
Dynamics 365 Business Rules Dynamics Dynamics
Dynamics 365 Business Rules Dynamics DynamicsDynamics 365 Business Rules Dynamics Dynamics
Dynamics 365 Business Rules Dynamics Dynamics
heyoubro69
 
Oral Malodor.pptx jsjshdhushehsidjjeiejdhfj
Oral Malodor.pptx jsjshdhushehsidjjeiejdhfjOral Malodor.pptx jsjshdhushehsidjjeiejdhfj
Oral Malodor.pptx jsjshdhushehsidjjeiejdhfj
maitripatel5301
 
Sets theories and applications that can used to imporve knowledge
Sets theories and applications that can used to imporve knowledgeSets theories and applications that can used to imporve knowledge
Sets theories and applications that can used to imporve knowledge
saumyasl2020
 
Improving Product Manufacturing Processes
Improving Product Manufacturing ProcessesImproving Product Manufacturing Processes
Improving Product Manufacturing Processes
Process mining Evangelist
 
How to regulate and control your it-outsourcing provider with process mining
How to regulate and control your it-outsourcing provider with process miningHow to regulate and control your it-outsourcing provider with process mining
How to regulate and control your it-outsourcing provider with process mining
Process mining Evangelist
 
Fundamentals of Data Analysis, its types, tools, algorithms
Fundamentals of Data Analysis, its types, tools, algorithmsFundamentals of Data Analysis, its types, tools, algorithms
Fundamentals of Data Analysis, its types, tools, algorithms
priyaiyerkbcsc
 
Adopting Process Mining at the Rabobank - use case
Adopting Process Mining at the Rabobank - use caseAdopting Process Mining at the Rabobank - use case
Adopting Process Mining at the Rabobank - use case
Process mining Evangelist
 
CERTIFIED BUSINESS ANALYSIS PROFESSIONAL™
CERTIFIED BUSINESS ANALYSIS PROFESSIONAL™CERTIFIED BUSINESS ANALYSIS PROFESSIONAL™
CERTIFIED BUSINESS ANALYSIS PROFESSIONAL™
muhammed84essa
 
What is ETL? Difference between ETL and ELT?.pdf
What is ETL? Difference between ETL and ELT?.pdfWhat is ETL? Difference between ETL and ELT?.pdf
What is ETL? Difference between ETL and ELT?.pdf
SaikatBasu37
 
Z14_IBM__APL_by_Christian_Demmer_IBM.pdf
Z14_IBM__APL_by_Christian_Demmer_IBM.pdfZ14_IBM__APL_by_Christian_Demmer_IBM.pdf
Z14_IBM__APL_by_Christian_Demmer_IBM.pdf
Fariborz Seyedloo
 
Chapter 6-3 Introducingthe Concepts .pptx
Chapter 6-3 Introducingthe Concepts .pptxChapter 6-3 Introducingthe Concepts .pptx
Chapter 6-3 Introducingthe Concepts .pptx
PermissionTafadzwaCh
 
Controlling Financial Processes at a Municipality
Controlling Financial Processes at a MunicipalityControlling Financial Processes at a Municipality
Controlling Financial Processes at a Municipality
Process mining Evangelist
 
Voice Control robotic arm hggyghghgjgjhgjg
Voice Control robotic arm hggyghghgjgjhgjgVoice Control robotic arm hggyghghgjgjhgjg
Voice Control robotic arm hggyghghgjgjhgjg
4mg22ec401
 
Analysis of Billboards hot 100 toop five hit makers on the chart.docx
Analysis of Billboards hot 100 toop five hit makers on the chart.docxAnalysis of Billboards hot 100 toop five hit makers on the chart.docx
Analysis of Billboards hot 100 toop five hit makers on the chart.docx
hershtara1
 
Process Mining at Dimension Data - Jan vermeulen
Process Mining at Dimension Data - Jan vermeulenProcess Mining at Dimension Data - Jan vermeulen
Process Mining at Dimension Data - Jan vermeulen
Process mining Evangelist
 
problem solving.presentation slideshow bsc nursing
problem solving.presentation slideshow bsc nursingproblem solving.presentation slideshow bsc nursing
problem solving.presentation slideshow bsc nursing
vishnudathas123
 
TOAE201-Slides-Chapter 4. Sample theoretical basis (1).pdf
TOAE201-Slides-Chapter 4. Sample theoretical basis (1).pdfTOAE201-Slides-Chapter 4. Sample theoretical basis (1).pdf
TOAE201-Slides-Chapter 4. Sample theoretical basis (1).pdf
NhiV747372
 
report (maam dona subject).pptxhsgwiswhs
report (maam dona subject).pptxhsgwiswhsreport (maam dona subject).pptxhsgwiswhs
report (maam dona subject).pptxhsgwiswhs
AngelPinedaTaguinod
 
L1_Slides_Foundational Concepts_508.pptx
L1_Slides_Foundational Concepts_508.pptxL1_Slides_Foundational Concepts_508.pptx
L1_Slides_Foundational Concepts_508.pptx
38NoopurPatel
 
Automation Platforms and Process Mining - success story
Automation Platforms and Process Mining - success storyAutomation Platforms and Process Mining - success story
Automation Platforms and Process Mining - success story
Process mining Evangelist
 
Dynamics 365 Business Rules Dynamics Dynamics
Dynamics 365 Business Rules Dynamics DynamicsDynamics 365 Business Rules Dynamics Dynamics
Dynamics 365 Business Rules Dynamics Dynamics
heyoubro69
 
Oral Malodor.pptx jsjshdhushehsidjjeiejdhfj
Oral Malodor.pptx jsjshdhushehsidjjeiejdhfjOral Malodor.pptx jsjshdhushehsidjjeiejdhfj
Oral Malodor.pptx jsjshdhushehsidjjeiejdhfj
maitripatel5301
 
Sets theories and applications that can used to imporve knowledge
Sets theories and applications that can used to imporve knowledgeSets theories and applications that can used to imporve knowledge
Sets theories and applications that can used to imporve knowledge
saumyasl2020
 

Dynamic data masking sql server 2016

  • 3. SQLschool.gr Team Antonios Chatzipavlis SQL Server Evangelist • Trainer Vassilis Ioannidis SQL Server Expert • Trainer Fivi Panopoulou System Engineer • Speaker Sotiris Karras System Engineer • Speaker
  • 7. Presentation Content  Introducing Dynamic Data Masking  Using Dynamic Data Masking  DDM on Azure  Some points to keep
  • 9. • Protect sensitive data and personally identifiable information • Regulatory Compliance • Expose sensitive data only on a need-to-know basis • Custom obfuscation in application, views or third party solutions are used to address this need The Need
  • 10. Dynamic Data Masking in SQL Server 2016 • Built-in feature for SQL Server 2016 and Azure SQL DB • Data masked on the fly when queried, underlying data do not change • Control on how the data appear in the result set  Dynamic data masking is a data protection feature that masks the sensitive data in the result set of a query over chosen database fields
  • 11. • Protects against unauthorized disclosure of sensitive data in the application • Very simple to configure and use • Does not require changes in application code • Centralized masking logic Benefits
  • 12. • “Dynamic data masking does not aim to prevent database users from connecting directly to the database and running exhaustive queries that expose pieces of the sensitive data” • It is not a method for physical data encryption • It is complementary to other SQL Server security features Keep in mind
  • 13. Using Dynamic Data Masking  Steps  Masking Functions  Permissions  System view information
  • 15. • Decide which columns need to be masked • Choose the masking function that best fits your needs for each column • Alter columns to add the masking rules • The underlying data is unaffected • Designate which users should see masked data and configure the permissions. Steps
  • 16. Default Masking Functions Data Type Family Masked Data String XXXX Numeric 0 Date and Time 01.01.1900 00:00:00.0000000 Binary 0 ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = 'default()') Full masking according to the data types of the designated fields.
  • 17. Email Masking Functions ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = ‘email()') Exposes the first letter of an email address and the constant suffix ".com", in the form of an email address. aXXX@XXXX.com
  • 18. Random Masking Functions ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = 'random([start range], [end range])') A random masking function for use on any numeric type to mask the original value with a random value within a specified range.
  • 19. Custom String (Partial) Masking Functions ALTER COLUMN ColumnName ADD MASKED WITH (FUNCTION = ‘partial(prefix,[padding],suffix)’ Exposes the first and last letters and adds a custom padding string in the middle • Phone: partial(4,”XXXXXXXXXXX”,0) • Credit Card: partial(0,”XXXX-XXXX-XXXX-”,4) • Email: partial(1,”xxxx@xxxx.”,2)
  • 20. • To retrieve the original data the user must have the UNMASK permission • To add, replace, remove masking of existing columns ALTER ANY MASK permission • The CONTROL permission on the database includes both the ALTER ANY MASK and UNMASK permission ! Users without UNMASK but with UPDATE permission can still update data. Permissions
  • 21. system view to query for table-columns that have a dynamic data masking function applied to them • Simlar to sys.columns view • is_masked • masking_function sys.masked_columns
  • 22. Dynamic Data Masking in Action
  • 24. Azure Set up DDM using Azure Portal • Define users excluded from masking • Define Masking rules • Designated fields and masking functions for each one There is a recommendations engine that proposes potentially sensitive fields to mask
  • 25. Azure Default Full Masking according to the datatypes Credit card XXXX-XXXX-XXXX-1234 Social Security number XXX-XX-1234 Email aXX@XXXX.com Random Number Random number between selected boundaries Custom Text Prefix, Padding String, Suffix
  • 26. Some points to keep  Limitations and Restrictions  Considerations  Performance
  • 27. • Not compatible with Always Encrypted columns • Not compatible with File Stream • Not compatible with Column set • A column with data masking cannot be a key for a FULLTEXT index. • Masking rule cannot be defined on a computed column Limitations and Restrictions
  • 28. • Dynamic Data Masking is applied when running SQL Server Import and Export • Dynamic Data Masking is applied when using SELECT INTO or INSERT INTO to copy data from a masked column • Be careful with updates Considerations
  • 29. Minimal Performance Impact Data masking is performed right before the data is returned. Performance SELECT * FROM Person.EmailAddress;
  • 32. S E L E C T K N O W L E D G E F R O M S Q L S E R V E R Copyright © 2015 SQLschool.gr. All right reserved. PRESENTER MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION
  翻译: