Webcast Recording – Building a Proper SQL Server DB Security Model

15 Mar 2021 Leave a comment

by K. Brian Kelley in Microsoft SQL Server Tags:

The recording for my presentation on Building a Proper SQL Server DB Security Model is now available. It’s right at an hour long and in it I present a framework if you’re building your own model from scratch as well as a short portion on how to handle third party solutions.

Registration (free) for Building a Proper SQL Server DB Security Model recording

Webinar – Building a Proper SQL Server Database Security Model

08 Mar 2021 Leave a comment

by K. Brian Kelley in Microsoft SQL Server Tags:

Tomorrow, March 9, 2020, at 3 PM EST, I will be giving a presentation on how to build a database security model in SQL Server. We’ll primarily focus on if you’re developing a homegrown application/system and what rules you should follow as well as a framework which helps reduce the security complexity. However, we’ll also cover at the end what you can do about 3rd party products. Sometimes, there, the right approach pays dividends. If you’re interested, here’s the webinar information:

MSSQLTips – Building a Proper SQL Server Database Security Model Registration Page

Here’s the description:

You’ve been asked to assist with designing or improving the security model for a SQL Server database. How do you go about doing this? What are the things you should look at? What can make a tangible difference?

In this webinar we’ll look at the two paths for securing a database: a home-grown application versus supporting the database for a third-party application.

We’ll first walk through the home-grown application where we are designing the database from scratch. In this design phase we’ll talk through the important features SQL Server gives us which allows us to build the security model we need. Then, with an understanding of those features, we’ll look at how to apply those design principles to existing databases, whether they are home-grown and already deployed or belong to third-party applications. As part of considering that third-party application scenario, we’ll also talk about the options your organization has based on actual practice.

In both paths we’ll focus on the Principle of Least Privilege while attempting to keep the security model as simple as possible. In addition, we’ll talk about what you can do to protect sensitive or PII data, whether through permissions, encryption, or a combination of both.