SQL Information Protection - why should you care?

SQL Data Protection
A little background

In today’s world data privacy and protection is one of the biggest concern for the organizations across the globe. Most of the apps, websites we use today captures some sort of personal data like email address, phone number, date of birth and even our credit card information in some form or the other. Recent data breaches are making app and website users less confident on the companies who manages their data. This is hampering the brand image and trust for the companies.  One of such recent Cambridge Analytica Facebook data scandal triggered movement like #DeleteFacebook. This caused billions of dollars for brand like Facebook and trust factors went negative for them.

To help protect Citizen’s personal and sensitive data –  data protection and regulatory laws are in place for many countries. These laws and regulations are not something very new, they are there for quite a while. Recent data breaches and scandals triggered various governments to take strict actions to protect their citizen’s data, one of such example is European Unions General Data Protection Regulation (GDPR). 

Many tech titans and entrepreneurs across the globe stepping up and demanding stronger and well-crafted data protection regulation. It is needless to say in future data privacy and it’s protection is going to be a huge thing and organizations will be imposed with more and more regulatory, audit and reporting requirements around the data that they manage.

Since database is the heart of any organizations IT infrastructure where most of the data gets stored and processed. It is needless to say the most of the regulatory controls applies to database first. SQL Information Protection (SQLIP) is one of such technique from the house of Microsoft – using which you can stay compliant with regulatory and audit compliance by discovering, classifying, labeling & reporting enssitive data in your databases.

Ask yourself whether you should care about SQLIP or not?

Now, it’s time to ask yourself a few questions to understand your current situation and to assess whether you should really need to care about SQLIP or not?

Is your organization deals with a lot of your customers personal data? data of Personally Identifiable Information (PII) category? deals with health care information, financial information, business sensitive data, and moreover are you managing data of European Union (EU) Citizens? 

If any one of the above answer is yes and you store your customer data in Microsoft SQL Server on-premise or in Azure SQL databases then you must care about SQL Information Protection to stay compliant.

SQLIP will act as an infrastructure of your organization in data and information protection paradigm. This will help enormously on the following front:

  • It will help your organization to meet data privacy standards and regulatory compliance requirements. One of such compliance requirement is EU’s GDPR which is due on May 2018 (yes it’s very close).
  • In data security scenarios, such as auditing and alerting on anomalous access to sensitive data.
  • Help hardening security and controlling access to the databases with highly sensitive data.
How SQLIP works and how you can be benefited?

SQLIP comes with a set of advanced capabilities which protects the data, not only just the database. SQLIP is based on few fundamental blocks of capabilities as follows:

  • Discovery & recommendations – It has In-built automated classification engine which scans the database and identifies columns with potentially sensitive data. It gives us an easy user interface to review and apply appropriate classification in Azure portal or in Sql Server Management Studio (SSMS).
SQL Information Discovery
 
  • Labeling – Using new classification metadata attributes you can label columns with sensitive information and this can be persisted. This metadata can further be utilized in advanced sensitivity-based auditing and protection scenarios.
 
  • Visibility – Database discovery and classification state can be viewed in a dashboard in the Azure portal or in SSMS. This report can be downloaded in Excel, PDF and Word formats for compliance & auditing purposes further.
SQL Data classification report
 
  • Monitoring/Auditing – Currently in Azure SQL DB, sensitivity of the query result set can be calculated in real time and used for auditing to see who accessed the sensitive data.
Azure SQL Data Audit
So, in a nutshell SQLIP helps you to identify potentially sensitive data in your SQL database, helps you to review and label the data based on the sensitivity of the information, generates reports out of the data classification and database which then can be used for all regulatory and compliance requirements, additionally in Azure SQL it provided a monitoring on who has accessed which data.  
What next?

I hope by now you have got a basic understanding of what SQL Information Protection is, how it works and why it’s important for you. Now it’s time to get into action. Refer to these articles from Microsoft to get started 

Data Discovery and Classification in Azure SQL Database using Azure Portal.

Data Discovery and Classification in SQL Server On-Premise using SSMS.

Finally if you are done with the data discovery and classification,  you can look at the column’s extended properties to see the physical changes made by the data discovery and classification.

Subhankar is an Information Technologist, Solution Architect and Software Engineer from India. He has more than a decade long Industry experience in solving various business critical problems by infusing goodness of technology. He is a coffee person and has a lot of enthusiasm for gadgets and space exploration. He cares for Cancer research and prevention.