Microsoft improves security for Azure SQL Database

Security capabilities for managed database service help protect data

microsoft guthrie azure

Scott Guthrie, executive vice president, Microsoft Cloud and Enterprise group, shows how Microsoft differentiates Azure at a press conference in 2014.

Credit: James Niccolai/IDG News Service

Microsoft is giving database administrators working with Azure SQL Database a new suite of security tools to check out.

A new Always Encrypted feature will be available as a public beta by the end of the month. It allows users to encrypt sensitive data within an application using their own keys without relinquishing those keys to Azure SQL Database. It's a feature that lets companies maintain better control over critical applications they want to keep as secure as possible. 

Microsoft's Transparent Data Encryption feature, which allows the encryption of a database without altering the application itself, will be generally available by the end of October. The company will automatically rotate the encryption keys for a database using the feature every 90 days, without end users having to worry about it. 

Database administrators who want to lock down a large data set and only hand out limited access to individual users can take advantage of the now generally available Row-Level Security feature. As the name implies, the feature can limit access to individual rows of data based on factors like a user's identity or role. A dynamic data masking capability will also be available for the service by the end of the month, which allows administrators to limit exposure to sensitive data by setting masking patterns for database columns.  

In addition, Microsoft will now let users beta test authenticating to SQL Database using Azure Active Directory, so people who already connect to other services using Microsoft's cloud-based identity functionality will be able to access their databases through the same process.  

Users will also be able to try out a new Threat Detection feature, in public beta by the end of the month, that checks for suspicious activity at both the database and logical server level and then sends off alerts if it catches something anomalous. It's a tool that may help prevent massive data breaches, or at least mitigate the damage done if someone does manage to break into a database.

All of these upgrades are key, since Microsoft is in close competition with Amazon and Google to attract and retain cloud customers. Amazon Web Services chief Andy Jassy revealed last week that the company's Aurora managed relational database service is the fastest growing product in the cloud platform's stable.

To comment on this article and other CIO content, visit us on Facebook, LinkedIn or Twitter.
Download the CIO Nov/Dec 2016 Digital Magazine
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.