Azure SQL and Information Protection (GDPR)

I’m talking a lot on this blog about Azure SQL and its usage as a PaaS database engine for many applications, including Microsoft Dynamics NAV.

One of the latest features (actually in Preview) of Azure SQL is Data Discovery and Classification, a new feature for discovering, classifying, labeling & protecting the sensitive data in your databases.

SQL Information Protection (SQL IP) introduces a set of advanced services and new SQL capabilities, forming a new information protection paradigm in SQL aimed at protecting the data, not just the database:

  • Discovery & recommendations – The classification engine scans your database and identifies columns containing potentially sensitive data. It then provides you an easy way to review and apply the appropriate classification recommendations via the Azure portal.
  • Labeling – Sensitivity classification labels can be persistently tagged on columns using new classification metadata attributes introduced into the SQL Engine. This metadata can then be utilized for advanced sensitivity-based auditing and protection scenarios.
  • Monitoring/Auditing – Sensitivity of the query result set is calculated in real time and used for auditing access to sensitive data (currently in Azure SQL DB only).
  • Visibility – The database classification state can be viewed in a detailed dashboard in the portal. Additionally, you can download a report (in Excel format) to be used for compliance & auditing purposes, as well as other needs.

From the Azure Portal, select your Azure SQL Database instance and on the blade select Data discovery & classification:

AzureSQLDataDiscovery_01.jpg

The Azure SQL database is scanned, the built-in automated classification engine identifies columns containing potentially sensitive data and provides a list of classification recommendations, which can be easily applied as sensitivity metadata on top of columns, using new column sensitivity attributes that have been added to the SQL engine. You can also manually classify & label your columns:

AzureSQLDataDiscovery_02.jpg

You can accept all the proposed recommendations (by clicking on the Accept selected recommendations button):

AzureSQLDataDiscovery_03.jpg

or select a classification for a particular column by clicking on Add Classification and set the column and the sensitivity label:

AzureSQLDataDiscovery_04.jpg

To complete your classification and persistently tag the database columns with the new classification metadata, click on Save in the top menu of the window.

After saving the classification, on the Overview tab you’ve a clear representation of the confidential state of your database:

AzureSQLDataDiscovery_05.jpg

You can also export the report in Excel format:

AzureSQLDataDiscovery_06

This is the Excel report you obtain:

AzureSQLDataDiscovery_07.jpg

Obviously, this works with every SQL database, including NAV databases. I think this is very cool in order to have a GDPR-compliance overview of your database and take actions accordingly.

Last interesting notes: similar capabilities are also being introduced for on-premises SQL Server via SQL Server Management Studio. Data Discovery & Classification is supported for SQL Server 2008 and later.

More details on using SQL Information Protection can be found in:

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s