Today we’re announcing the public preview of Data Discovery & Classification for Azure SQL Data Warehouse, an additional capability for managing security for sensitive data. Azure SQL Data Warehouse is a fast, flexible, and secure cloud data warehouse tuned for running complex queries fast and across petabytes of data.
While it’s critical to protect the privacy of your customers and other sensitive data, it becomes unmanageable to discover, classify, and protect such sensitive data as your businesses and data assets are growing rapidly. The Data Discovery & Classification feature that we’re introducing natively with Azure SQL Data Warehouse helps alleviate this pain-point. The overall benefits of this capability are:
- Meeting data privacy standards and regulatory compliance requirements such as General Data Protection Regulation (GDPR).
- Restricting access to and hardening the security of data warehouses containing highly sensitive data.
- Monitoring and alerting on anomalous access to sensitive data.
- Visualization of sensitive data in a central dashboard on the Azure portal.
What is Data Discovery & Classification?
Data Discovery & Classification introduces a set of advanced capabilities aimed at protecting data and not just the data warehouse itself.
- Auto-discovery and recommendations – Underlying classification engine automatically scans your data warehouse and identifies columns containing potentially sensitive data. It also provides you an easy way to review and apply appropriate classification recommendations through the Azure portal.
- Classification/Labeling – Sensitivity classification labels tagged on the columns can be persisted in the data warehouse itself.
- Reporting – Data classification can be centrally viewed on a dashboard in the Azure portal. In addition, you can download a report in Microsoft Excel format for compliance and auditing purposes.
- Monitoring/Auditing – Auditing has been enhanced to log sensitivity classifications or labels of the actual data that were returned by the query. This would enable you to gain insights on who is accessing sensitive data.
How does Data Discovery & Classification work?
The Data Discovery & Classification capability have built-in automated classification engines that identify columns containing potentially sensitive data and provides a list of recommendations for you to choose from. This data can be persisted as sensitivity metadata on top of the columns directly in the data warehouse. You can manually classify and label your columns. You can also define custom labels and information types in addition to those generated by the system.
You can also use T-SQL to add, remove, and retrieve column classifications across all tables in your data warehouse:
Additionally, Azure SQL Data Warehouse engine utilizes the column classifications to determine the sensitivity of query results. Combined with Azure SQL Data Warehouse Auditing, this enables you to audit the sensitivity of the actual data being returned by queries.
This capability is now available in all Azure regions as part of Advanced Data Security and including Vulnerability Assessment and Threat Detection. For more information on Data Discovery & Classification in Azure SQL Data Warehouse, refer to our online documentation “Azure SQL Database Data Discovery & Classification.”
Azure SQL Data Warehouse continues to lead in the areas of security, compliance, privacy, and auditing. Check out our latest videos on Azure SQL Data Warehouse security related topics:
Leave a Reply