Introduction and Overview
Track Data Changes
The course is part of this learning path
In the Information age data is the new currency and like anything valuable, it needs to be protected. Azure SQL and its environment provide a range of mechanisms for protecting your data from a multitude of hazards. The potential threats range from bad actors trying to steal information to unintentional human error corrupting your data. To cover all eventualities Azure provides pre-emptive protection in the form of network security, several types of data encryption, data classification, and vulnerability assessment services. After the fact protection is available in the form of built-in data change tracking. This course shows not only tells you about what protection is available for your database but also how to implement it.
If you have any feedback relating to this course, feel free to contact us at firstname.lastname@example.org.
- Learn what security components are available within Azure SQL
- Understand how these elements work together to provide a secure environment
- Learn how to implement infrastructure security
- Learn how to secure your data from external and internal hazards
- Learn how to implement data change tracking
- Anyone who wants to learn how to implement secure Azure SQL databases
- Those preparing for Microsoft’s DP-300 exam
To get the most out of this course, you have should a general understanding of the fundamentals of Microsoft Azure. Experience using databases — especially SQL Server — would also be beneficial.
The GitHub repository for this course can be found here: https://github.com/cloudacademy/azure-sql-data-security-dp-300
Let's recap how Azure SQL and its variants, SQL managed instance, and SQL Server can assist you in protecting your data. The outermost ring of defense is the network infrastructure your database server lives in. Azure SQL Server and database firewall rules enable you to restrict access to connections coming from whitelisted IP addresses. SQL managed instance lets you do the same with virtual network rules. You can set up Vnet to Vnet communication via VPN gateways and Azure virtual network peering or connect to an on-premise network with an Azure data Gateway. Whatever connection method you use, network traffic to and from an Azure SQL Server will be transmitted using transport layer security. When your data is not on the move, that is at rest either on a virtual hard drive or within an Azure SQL database, you can encrypt it with a system managed key or a customer-managed key stored in an Azure key vault. As well as global or blanket database encryption, you can encrypt particular columns to keep their contents secret. If column encryption is cracking a nut with a sledgehammer, you can use dynamic data masking to partially hide sensitive information. Advanced data security helps you classify your data in terms of sensitivity and identify potential security vulnerabilities. You can then add these vulnerabilities to your baseline security metrics, that will be incorporated into future vulnerability scans. All variants of Azure SQL support system versioned temporal tables that enable you to track data changes by automatically creating a history version of the table containing data you want to track.
Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.