I’ll be speaking at PASS Summit East this year in Chicago, and I’ll be running a full-day pre-conference workshop:

SQL Server Security vs. Security Theater: Build a Defensible Data Estate

If you’re responsible for SQL Server security, audits, or reducing data breach impact, this session is designed for you.

https://passdatacommunitysummit.com/east/pre-conference-sessions-and-speakers/#speaker-andreas-wolter

What this PreCon is about

Most environments aren’t insecure because of missing features – they’re insecure because of misconfigurations, over-privileged access, and false assumptions.

Common recommendations often focus on individual features like TDE or flagging sysadmin membership, without addressing how attackers actually move through an environment. The result is often a false sense of security – or unnecessary alarmism- while real attack paths remain open.

This workshop is based on real-world assessments and breach scenarios. We will look at how attackers operate in SQL Server, Azure SQL, and Fabric environments — and how to:

  • make their job harder
  • limit blast radius
  • detect malicious activity earlier

Adhering to proven security best practices not only strengthens your defenses, it also helps reduce the financial impact of a breach (for example through frameworks like HIPAA Safe Harbor).

Agenda Overview

  • Identity and authentication
    SQL Server vs Windows AD vs Entra ID, NTLM deprecation, Kerberos readiness, service account hygiene, and relevant changes in SQL Server 2025
  • Access control in practice
    Roles, permissions, and common escalation paths, applying Least Privilege to minimize blast radius
  • Data protection
    Encryption strategies and tamper evidence with Database Ledger
  • Auditing and detection
    Building a minimal viable audit, Extended Events vs SQL Server Audit
  • Network and system security configuration
    What to avoid, what to use, and why it matters
  • Security implications of Fabric / OneLake
  • Microsoft Purview (intro)
    Data discovery and governance considerations

The focus here is on practical measures you can implement in your environment – some quick wins, others requiring deeper changes – but all focused on reducing real risk.

Who should attend

  • SQL Server DBAs
  • Security and compliance professionals
  • Architects responsible for data platforms

What you’ll walk away with

  • A practical model for defensible SQL Server security
  • Clear understanding of real risks vs. security theater
  • Techniques to reduce breach impact and improve detection

If that sounds relevant to your SQL environment, you can find details and register here:

https://passdatacommunitysummit.com/east/pre-conference-sessions-and-speakers/#speaker-andreas-wolter

See you in Chicago!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *