Author: Northdoor plc
The lower cost of ownership combined with increased agility of Azure SQL Database makes it a compelling offering to organisations where having fast time-to-market is critical.
What is Microsoft Azure SQL Database?
Microsoft Azure SQL Database is a relational database-as-a-service (DBaaS) hosted in the Azure cloud. It is built on standardised hardware and software that is all owned, hosted and maintained by Microsoft. It is delivered using the pay-as-you-go model with options to scale up or out with no interruption in service.
Here, we ask James Cherry, Chief Technology Officer, what are the security features insurers should be aware of when considering Microsoft Azure SQL Database:
“Data security is top of the agenda. A recent report from the Online Trust Alliance* highlighted the year-on-year increase in data breaches. It is well known that cyber-attacks are increasing in both volume and complexity, however over 37% of the breaches were due to inside threats** and in total 90% could have been prevented***. As UK data protection regulations and data privacy laws becomes tougher, and insurers increase their digital footprint, it has never been more important to make sure they have adequate data security. Penalties for serious breaches of the Data Protection Act have changed and the ICO (Information Commissioner’s Office) can now issue fines up to £500,000 without having to issue a warning notice first.
Microsoft Azure SQL Database has many security features, here’s my top 5:
Always Encrypted
Always Encrypted helps you protect sensitive data such as National Insurance numbers or medical data, stored in Azure SQL Database. It provides a separation between those who own and can view the data, and those who manage the data but should have no access to it. Data remains encrypted at all times – on disk, in memory and in transit.
Row-Level Security
Row-Level Security restricts access to rows of data based on a user’s identity, role or query execution context. For example it can be implemented to ensure workers only have access to data rows that are relevant to their department or restricting customer’s access to data applicable to their company.
Dynamic Data Masking
Dynamic Data Masking allows you to define masking patterns on database columns to limit exposure of sensitive data to non-privileged users. It’s a policy-based security feature that hides the sensitive data in the results of a query over designated database fields, while the data in the database remains unchanged. A good example would be credit card numbers where masking can be used to expose the last four digits of the designated field and add a constant string as a prefix e.g.
XXXX-XXXX-XXXX-1234
Threat Detection
Threat Detection enables customers to detect and respond to potential threats as they occur by providing security alerts on abnormal activities. Users can then explore the suspicious events using Azure SQL Database Auditing to determine if they result from an attempt to access, breach or exploit data in the database.
Database Auditing
Azure SQL Database Auditing tracks database events and writes audited events to an audit log in an Azure Storage account. Auditing can help you maintain regulatory compliance, understand database activity, and gain insight into discrepancies and abnormal activities that could indicate business concerns or suspected security violations.”
*Online Trust Alliance 2015 Data Protection & Breach Readiness Guide
** Open Security Foundation
*** Online Trust Alliance
You can find out more information on Microsoft’s Azure SQL Database here.