Uncover data protection in the world of Panama Papers

Play Uncover data protection in the world of Panama Papers
Sign in to queue

Description

Financial Fabric, in partnership with Microsoft, has integrated Always Encrypted into the Financial Fabric DataHub Analytics platform hosted on Microsoft Azure. Financial Fabric's DataHub provides a single, centralized and secure data repository where customer data can be ingested, stored and securely accessed for further processing and analysis. In this presentation, we introduce the Always Encrypted feature of Azure SQL Database and discuss the business necessity for its use in the Financial Fabric DataHub. We share the Financial Fabric DataHub implementation details focusing on the integration of Always Encrypted, Azure SQL Database and Azure Active Directory.

Embed

Download

Right click to download this episode

The Discussion

  • User profile image
    stahtufiang

    // I believe the project on the invention of the wheel was safe patented a long time ago and no one will exploit that, but you're not talking about protecting that nor the secret "data" recipe for your grandmothers apple pie. your analogy of the "panama papers" was well selected, but you can't compare protecting the secret recipe of the apple pie to the dirty books of the suits and tie

  • User profile image
    Dave​ZHallmark

    Thanks for a fantastic video. I built my own "Always Encrypted" demo on my local machine using SQL Server Express (2016) along with an app to access it. When encrypting columns I ran SSMS as "Administrator" so that I could create the certificate in the Local Machine store, rather than in the Current User store, in order to demonstrate the ability to enable/disable multiple users for plain-text visibility. When I run as a different user that has enabled private key visibility ("read" permission in the certificate) everything works fine. But if I turn off that same user's private key visibility, instead of seeing encrypted text in the app, the application times out with this InnerException: "Failed to decrypt a column encryption key using key store provider: 'MSSQL_CERTIFICATE_STORE'. The last 10 bytes of the encrypted column encryption key are: '11-F0-FF-31-DF-61-23-AD-38-9A'. Keyset does not exist." It's the same user with the same permissions, so there is no question that the user can access the Local Machine certificate; the only difference is the private key access that you showed in the demo. What am I doing wrong? Thanks.

Add Your 2 Cents