Now, let’s move on to security. Synapse Analytics provides a variety of data protection features for dedicated SQL pools, including Data Discovery & Classification, Dynamic Data Masking, Vulnerability Assessment, Advanced Threat Protection, and Transparent Data Encryption.

Data Discovery & Classification scans your database looking for sensitive data, such as names, addresses, and credit card numbers. It then gives you a list of recommendations for how these columns should be classified, such as “Confidential” or “Highly Confidential.” If you accept the recommendations, then those columns will be labeled with those classifications. You can also label them manually if you want different classifications than the recommended ones. Once these columns are labeled, you can use the database auditing feature to monitor access to this sensitive data.

Dynamic Data Masking will obscure some of the information in a particular column when it is retrieved in a query. For example, if you apply data masking to a credit card column, then queries will return a credit card number with exes over everything except the last four digits.

The Vulnerability Assessment service scans your database looking for potential security issues, such as loose permissions and dangerous firewall settings. Then you can go through the list of issues and decide whether or not they truly are issues that need to be addressed. When you drill down into issues that you want to address, there will be a recommendation as to how you can remediate the issue, and, in many cases, there will even be a remediation script you can run.

Advanced Threat Protection looks for unusual attempts to access or exploit databases. For example, it triggers email alerts when it sees potential SQL injection attacks or brute force login attempts. Then you can drill down into each alert to get more details about a potential attack.

Transparent Data Encryption is used to encrypt the entire database, including the log files and the backups. So if a hacker gets access to a copy of the database, they won’t be able to read any of the data in it.

Another useful data protection feature is row-level security. This lets you restrict each user’s or group’s access only to the rows they should be able to see in a table. For example, you might give each department, such as Sales, Engineering, and Finance, access only to the rows that are pertinent to their department.

Similarly, you can use column-level security to restrict access to specific columns. For example, you could configure an employee database so that only people in the Human Resources and Accounting departments would have access to a column containing Social Security numbers. 

And that’s it for security.