Database and Analytics

T10 New SQL Server 2016 Security Features for Developers


1:30pm - 2:45pm

Level: Introductory to Intermediate

Leonard Lobel



Sleek Technologies, Inc.

With the release of SQL Server 2016, the database engine is greatly enhanced for security, with three new features you'll learn about in this demo-packed session. With dynamic data masking (DDM), you can fully or partially conceal sensitive columns from query results. Masking does not modify data on in the table. It simply hides data from users that don't have access permission. Row-level security (RLS) also hides data from unauthorized users, but at the row level. With RLS, you can create your own security policy to control which users can read or write specific rows in the table. Finally, Always Encrypted (AE) uses client-side encryption to ensure that data is encrypted in flight, not just at rest. Furthermore, the encryption keys are accessible only to the client. This guarantees data can't be decrypted on the server, easing the migration path to the cloud for users with highly sensitive data.

You will learn:

  • How dynamic data masking (DDM) can hide sensitive columns from un-authorized users
  • How row-level security (RLS) can filter or block individual rows from different users
  • About Always Encrypted (AE), a new client-side database encryption technology available in SQL Server 2016