I’ll be speaking at PASS Summit East this year in Chicago, and I’ll be running a full-day pre-conference workshop:
SQL Server Security vs. Security Theater: Build a Defensible Data Estate
If you’re responsible for SQL Server security, audits, or reducing data breach impact, this session is designed for you.
What this PreCon is about
Most environments aren’t insecure because of missing features – they’re insecure because of misconfigurations, over-privileged access, and false assumptions.
Common recommendations often focus on individual features like TDE or flagging sysadmin membership, without addressing how attackers actually move through an environment. The result is often a false sense of security – or unnecessary alarmism- while real attack paths remain open.
This workshop is based on real-world assessments and breach scenarios. We will look at how attackers operate in SQL Server, Azure SQL, and Fabric environments — and how to:
- make their job harder
- limit blast radius
- detect malicious activity earlier
Adhering to proven security best practices not only strengthens your defenses, it also helps reduce the financial impact of a breach (for example through frameworks like HIPAA Safe Harbor).
Agenda Overview
- Identity and authentication
SQL Server vs Windows AD vs Entra ID, NTLM deprecation, Kerberos readiness, service account hygiene, and relevant changes in SQL Server 2025
- Access control in practice
Roles, permissions, and common escalation paths, applying Least Privilege to minimize blast radius
- Data protection
Encryption strategies and tamper evidence with Database Ledger
- Auditing and detection
Building a minimal viable audit, Extended Events vs SQL Server Audit
- Network and system security configuration
What to avoid, what to use, and why it matters
- Security implications of Fabric / OneLake
- Microsoft Purview (intro)
Data discovery and governance considerations
The focus here is on practical measures you can implement in your environment – some quick wins, others requiring deeper changes – but all focused on reducing real risk.
Who should attend
- SQL Server DBAs
- Security and compliance professionals
- Architects responsible for data platforms
What you’ll walk away with
- A practical model for defensible SQL Server security
- Clear understanding of real risks vs. security theater
- Techniques to reduce breach impact and improve detection
If that sounds relevant to your SQL environment, you can find details and register here:
See you in Chicago!
Leave a Reply
Want to join the discussion?Feel free to contribute!