Secure by Design: Upcoming CMK and Auditing Features in Fabric SQL Database

Microsoft Developer introduces upcoming security features for Fabric SQL Database, focusing on Customer-Managed Keys and auditing to empower organizations with encryption control and robust operational visibility.

Secure by Design: Upcoming CMK and Auditing Features in Fabric SQL Database

Microsoft Developer presents an in-depth look at upcoming security enhancements for Fabric SQL Database, focusing on two major features: Customer-Managed Keys (CMK) and auditing.

Key Topics Covered

• Customer-Managed Keys (CMK):
  • Grant organizations full control over database encryption keys
  • Enable compliance with regulatory requirements and maintain data sovereignty
  • Integrated into Transparent Data Encryption (TDE)
  • Demonstrations of configuration and practical use
• Auditing for Fabric SQL Database:
  • Provides visibility into database activity
  • Supports security and regulatory needs by tracking key actions and changes
  • Discusses auditing capabilities, configuration access control, and implementation best practices
  • Demo showcasing audit setup and reviewing collected audit data

Detailed Breakdown

• What is Customer-Managed Key (CMK):
  • CMK empowers organizations to create, control, and manage encryption keys used in their Fabric SQL Database.
  • Enhances security by storing keys in a secure vault, often integrated with Azure Key Vault for centralized management.
• Transparent Data Encryption (TDE):
  • Provides at-rest data encryption for all database files
  • TDE with CMK enables organizations to meet compliance mandates for key ownership and rotation
• Auditing Features:
  • Records user activity and database operations
  • Helps organizations monitor for potential security incidents or compliance breaches
  • Key capabilities include detailed access logging, customizable auditing policies, and integration with security monitoring solutions

Compliance and Data Sovereignty

• Both features addressed in the episode are essential for organizations with strict compliance and data protection requirements.
• Customer-Managed Keys ensure that data encryption keys are never accessible to unauthorized parties, supporting sovereignty mandates.
• Auditing delivers evidence of security best practices and supports regulatory attestation.

Demo Highlights

• Step-by-step walkthroughs for enabling CMK and auditing on Fabric SQL Database
• Insights into best practices for configuration, access control, and ongoing management

Additional Resources

• Azure SQL Twitter
• Microsoft Azure SQL YouTube
• Microsoft SQL Server YouTube
• Data Exposed Episodes

For more SQL Server and Fabric insights, follow Anna Hoffman on Twitter.