Microsoft Enhances Security of Azure-Based SQL Databases

Newly added support for SQL auditing enhances regulatory compliance efforts and helps unearth potential security violations.

cloud security

Enterprises have one less reason to be concerned about running their SQL databases on the Azure cloud computing platform, according to Microsoft.

The Redmond, Wash.-based software company and cloud services provider has launched a preview of the SQL Database Auditing feature for Azure SQL DB. "This is a key security enhancement that removes barriers from businesses wanting to manage their databases in the cloud," said Microsoft's Tony Petrossian, group program manager of Azure SQL DB, in a statement.

SQL Database Auditing is available on all Azure SQL DB service tiers, including Basic, Standard and Premium plans, he added. Configuration options include the new Azure Preview Portal, Microsoft's management and monitoring hub for the company's cloud betas, or industry-standard APIs.

Audit logs are written to specified Azure Storage accounts, and they count against an organization's plan, as would practically any data and files stored on the service. Upon enabling the feature, "an Azure Table is automatically created on that designated storage account, and records for selected events (based on what you configured) are written to that table," informed Petrossian.

Among the biggest benefits that native auditing support brings to Azure-based SQL databases is improved compliance capabilities, he added.

"Auditing is a valuable tool that can be used to help organizations meet various industry compliance requirements and regulations, such as PCI-DSS, SOX or HIPAA," asserted Petrossian. "Many such regulations require an audit trail on data-related activities against the underlying databases."

PCI DSS (Payment Card Industry Data Security Standard) is a thorn in the side of the tech industry and organizations that accept electronic payments. A study conducted by Verizon revealed that just 11.1 percent of companies complied fully with the PCI DSS 2.0 standard in 2013, a 3.2 percent gain over the year prior.

Ongoing compliance helps stave off costly data breaches, according to Rodolphe Simonetti, managing director, PCI practice, for Verizon Enterprise Solutions. "What we have seen from the last five years of security breaches is that most companies, even if they were at one point PCI-compliant, were not compliant at the time of the breach," he told eWEEK's Sean Michael Kerner.

Auditing also helps security experts "expose discrepancies and anomalies in data-related activities across the organization," said Petrossian. "This can lead to the identification of potential security incidents."

Finally, it can also be used to improve visibility and further align IT with the needs of the business. "For instance, an analysis of the data may identify a drop in activity levels over time in a database located in a particular geographic location, which can then be addressed by the business," he added.

In related news, Microsoft announced the release of the SQL Server 2014 AlwaysOn automation template for Azure Portal Gallery.

The template fast-tracks the creation of Availability Groups, a virtual machine high-availability offering, according to Guy Bowerman, senior program manager of Azure Compute Runtime. After inputting a few basic settings, like host name prefix and VM pricing tiers, the "template automates the creation of a SQL Server AlwaysOn Availability Group, taking care of the setup steps behind the scenes," he wrote in an Aug. 25 blog post.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...