Building a Proper SQL Server Database Security Model
You've been asked to assist with designing or improving the security model for a SQL Server database. How do you go about doing this? What are the things you should look at? What can make a tangible difference?
In this webinar we'll look at the two paths for securing a database: a home-grown application versus supporting the database for a third-party application.
We'll first walk through the home-grown application where we are designing the database from scratch. In this design phase we'll talk through the important features SQL Server gives us which allows us to build the security model we need. Then, with an understanding of those features, we'll look at how to apply those design principles to existing databases, whether they are home-grown and already deployed or belong to third-party applications. As part of considering that third-party application scenario, we'll also talk about the options your organization has based on actual practice.
In both paths we'll focus on the Principle of Least Privilege while attempting to keep the security model as simple as possible. In addition, we'll talk about what you can do to protect sensitive or PII data, whether through permissions, encryption, or a combination of both.
Tuesday, March 09, 2021
3:00:00 PM EST (New York) | 8:00:00 PM UTC
Brian Kelley is an author, columnist, Certified Information Systems Auditor (CISA), and former Microsoft Data Platform (SQL Server) MVP (2009-2016) focusing primarily on SQL Server and Windows security. Brian currently serves as a data architect as well as an independent infrastructure/security architect concentrating on Active Directory, SQL Server, and Windows Server. He has served in a myriad of other positions including senior database administrator, data warehouse architect, web developer, incident response team lead, and project manager. Brian has spoken at 24 Hours of PASS, IT/Dev Connections, SQLConnections, the Techno Security and Forensics Investigation Conference, the IT GRC Forum, SyntaxCon, and at various SQL Saturdays, Code Camps, and user groups.
Register for this webinar:
Copyright (c) 2006-2021 Edgewood Solutions, LLC All rights reserved
Some names and products listed are the registered trademarks of their respective owners.