{"id":6095,"date":"2021-01-16T17:00:09","date_gmt":"2021-01-16T22:00:09","guid":{"rendered":"http:\/\/andreas-wolter.com\/?p=6095"},"modified":"2025-07-28T19:36:23","modified_gmt":"2025-07-29T00:36:23","slug":"202109_introduction-into-security-principles-in-the-context-of-database-systems","status":"publish","type":"post","link":"https:\/\/andreas-wolter.com\/en\/202109_introduction-into-security-principles-in-the-context-of-database-systems\/","title":{"rendered":"Introduction into security principles in the context of database systems"},"content":{"rendered":"<section  class='av_textblock_section av-mdnps949-c7768ec1693d62eb4795a8cd17bb783c '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>This is the Intro-article to the series \u201cSeparation of Duties and other Security Principles in the context of Database Systems\u201d<\/p>\n<\/div><\/section>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_image-103a3979b0d96ebf915e136227ee0795\">\n.avia-image-container.av-av_image-103a3979b0d96ebf915e136227ee0795 img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-av_image-103a3979b0d96ebf915e136227ee0795 .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-av_image-103a3979b0d96ebf915e136227ee0795 av-styling- avia-align-center  avia-builder-el-1  el_after_av_textblock  el_before_av_one_full '   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" class='wp-image-6076 avia-img-lazy-loading-not-6076 avia_image ' src=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/01\/Security_wide.png\" alt='Security-Logo' title='Security_wide'  height=\"745\" width=\"1800\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/01\/Security_wide.png 1800w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/01\/Security_wide-600x248.png 600w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/01\/Security_wide-300x124.png 300w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/01\/Security_wide-768x318.png 768w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/01\/Security_wide-1030x426.png 1030w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/01\/Security_wide-1500x621.png 1500w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/01\/Security_wide-705x292.png 705w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/01\/Security_wide-450x186.png 450w\" sizes=\"(max-width: 1800px) 100vw, 1800px\" \/><\/div><\/div><\/div>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_one_full-15d750bd1b332b34c6e70b077ebbccdf\">\n.flex_column.av-av_one_full-15d750bd1b332b34c6e70b077ebbccdf{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  class='flex_column av-av_one_full-15d750bd1b332b34c6e70b077ebbccdf av_one_full  avia-builder-el-2  el_after_av_image  el_before_av_textblock  first flex_column_div av-zero-column-padding  '     ><section  class='av_textblock_section av-mdnnkdsw-4c570857e29b98a99bb051a80a6a1d4e '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h3>Introduction into security principles in the context of database systems<\/h3>\n<p>By Andreas Wolter<\/p>\n<\/div><\/section>\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h4><a name=\"_Toc58433743\"><\/a>Preface<\/h4>\n<p>While many of us are practicing \u2018social distancing\u2019, and spend lots of time at home, I am finally finding the time to share some of the topics with the public that I have been working on since I joined Microsoft at the end of 2018.<\/p>\n<p>In the recent years and with increasing frequency, one of the asks in terms of Security to the SQL Engine On-Prem as well as SQL Azure Database has been coming up with solutions to help accomplish \u201c<strong>Separation of Duties<\/strong>\u201d. This is a good thing, because it reassures my point of view that Separation of Duties is becoming increasingly important in IT and specifically Cloud-based systems.<\/p>\n<p>On the other hand, we noticed that there is not a broad understanding in the technical community yet as to what Separation of Duties (aka SoD) really means and how it can be accomplished today. It occurs to me that the understanding is often vague and sometimes even contradicting depending on who you ask. It might therefore help to provide some context and guidance on what SoD really is and how it relates to other commonly referenced security principles that have been established over the last decades in IT.<\/p>\n<p>If you are not already an expert in IT security, I hope that you will find this series useful.<\/p>\n<\/div><\/section><\/div>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h4><a name=\"_Toc58433744\"><\/a>Intro: Motivation<\/h4>\n<p>Security principles in information technology or cybersecurity (I won\u2019t touch on physical security in these articles) exist as guidelines to assist design and decision processes in architecture, implementation, and reactive procedures when incidents happen. The purpose is to help designing for security in the first place, by using common proven patterns, and to be able to effectively assess a systems security.<br \/>\nBuilding secure systems from the start can be an expensive task, but over the years we have all seen security incidents which can cost millions and cause companies or even banks to go out of business. (i.e. see <a href=\"https:\/\/www.ibm.com\/ae-en\/security\/data-breach\" target=\"_blank\" rel=\"noopener\">https:\/\/www.ibm.com\/ae-en\/security\/data-breach<\/a> )<\/p>\n<p>One word of caution: Simply complying with these security principles provides <u>no guarantee of preventing successful attacks<\/u>. Some attackers invest a lot of time thinking to come up with ever new methods and exploit attack vectors which may not have been considered before.<br \/>\nBut <u>following these security principles helps to reach the following objectives<\/u>:<\/p>\n<ol>\n<li>Reducing the blast radius of an attack\n<ul>\n<li>i.e. attackers may not gain access to all targeted services because of partitioning or may not be able to elevate to all permissions to gain access to all documents<\/li>\n<\/ul>\n<\/li>\n<li>Increasing the time for a successful attack\n<ul>\n<li>this also goes back to #1 as it becomes harder to gain sufficient access<\/li>\n<\/ul>\n<\/li>\n<li>Increasing the chances of early detection (!!)\n<ul>\n<li>More controls and audits usually mean more chances of raising triggers or errors along the way<\/li>\n<\/ul>\n<\/li>\n<li>Improving forensic abilities after detection\n<ul>\n<li>Better audit trails allow for more successful investigations<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h4>Security at first<\/h4>\n<p>Therefore, I strongly advise to implement the proper security controls from start. And this is not just because it is common knowledge among IT architects that changing running systems is more expensive than making sure that Security is a main pillar in the architecture from the start.<br \/>\nTo take it one step further: security should be THE FIRST pillar to be implemented. What I mean by that is that, ideally, nothing gets deployed before all security measures have been put in place. Otherwise, it is easily possible to admit backdoors or other security issues in the foundation, purposefully or not, that remain undetected. The very first measure therefore should be to put Auditing in place. We will talk more about Auditing in a later article.<\/p>\n<\/div><\/section>\r\n\r\n<section  class='av_textblock_section av-mdnnmq1f-2431c1d5f17995c505f852cad8d50dd1 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h4>Contents<\/h4>\n<p>This series of articles will provide an overview on the most commonly cited security principles and concepts which are often used when talking about <strong>Separation of Duties<\/strong> \u2013 or even intermingled with it \u2013 and briefly clarify their meaning and relation. Expect a lot of keywords (not buzzwords though, I promise)<\/p>\n<p><strong><a href=\"https:\/\/andreas-wolter.com\/en\/202102_principle-of-least-privilege-polp\/\">Principle of Least Privilege (POLP)<\/a>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <a href=\"https:\/\/andreas-wolter.com\/en\/202103-need-to-know-security-principle\/\">Need to know<\/a><\/strong><\/p>\n<p><strong><a href=\"https:\/\/andreas-wolter.com\/en\/delegation-of-authority\/\">Delegation of Authority<\/a> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <a href=\"https:\/\/andreas-wolter.com\/en\/202105_security-separation-of-privilege\/\">Separation of Privilege<\/a><\/strong><\/p>\n<p><strong><a href=\"https:\/\/andreas-wolter.com\/en\/202109_security_concept_audit_trail\/\">Audit Trail<\/a>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Separation of Duties<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<ul>\n<li>These articles will be released one by one over the next weeks and the links will then be updated one by one as well.<\/li>\n<\/ul>\n<p>One more principle you should keep in mind when designing security:<strong> \u201cKISS\u201d &#8211; Keep it simple, stupid<br \/>\n<\/strong>As already mentioned in my article from 2017 (<a href=\"https:\/\/andreas-wolter.com\/en\/1712-separation-of-duties-sqlserver-role-based-security\/\">Separation of Duties (SoD) and role-based security conception in SQL Server<\/a>), it is absolutely vital to keep the user experience as simple as possible. Anything \u201ctoo much\u201d of an effort (and that can be just \u201ctoo many clicks\u201d) will lead to users to try to find ways around it. And they will.<\/p>\n<p style=\"padding-left: 40px;\"><em>Example<\/em><br \/>\nA common example of that is the <u>shared Admin account<\/u>. Instead of having one elevated account per person, often especially in small shops, developers share one common privileged account. Among other things this renders Auditing almost useless as no one can really tell who did what.<\/p>\n<p><em>Note<\/em><br \/>\n<strong>Separation of concerns (SoC)<\/strong><strong><br \/>\n<\/strong>Over time I have heard it being used when actually \u201cSeparation of Duties\u201d was meant. SoC is <u>NOT a security principle<\/u> and rather a basic programming design principle which leads to modular (or \u201cfunctional\u201d) programming. Hopefully, this clears up this common mix-up.<br \/>\nWikipedia-Article: <a href=\"https:\/\/en.wikipedia.org\/wiki\/Separation_of_concerns\" target=\"_blank\" rel=\"noopener\">https:\/\/en.wikipedia.org\/wiki\/Separation_of_concerns<\/a><\/p>\n<p>Let me know if you find this series helpful and what else you want to hear about in the future.<\/p>\n<p>Andreas<\/p>\n<\/div><\/section>\r\n\r\n<section  class='av_textblock_section av-mdnnkk0f-2440538492243894c674fa2a52c0e429 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h4>Special thanks to<\/h4>\n<p>Raul Garcia, former SQL Security PM and \u201chonorable member for life\u201d \ud83d\ude42 \u2013 your knowledge in Security and SQL Security helped me make sure to not overlook anything important and meet a certain quality bar \ud83d\ude09<br \/>\nSteven Gott, one of our most senior Security Engineers, for your critical viewpoints which help me look ahead, although I know I can\u2019t possible mention everything.<br \/>\n<a href=\"https:\/\/www.linkedin.com\/in\/ralf-dietrich-91a4b21\/\" target=\"_blank\" rel=\"noopener\">Ralf Dietrich<\/a> from <em>Sarpedon Quality Lab<\/em>\u00ae Germany for countless hours of brainstorming about secure architectures even while being based in separate time zones.<\/p>\n<pre>\"Security Logo\" by <a href=\"https:\/\/www.pexels.com\/@pixabay\" target=\"_blank\" rel=\"noopener\">pixabay<\/a> is licensed under <a href=\"https:\/\/creativecommons.org\/publicdomain\/zero\/1.0\/\" target=\"_blank\" rel=\"noopener\">CC0<\/a><\/pre>\n<p>Note: This series was originally published on the Microsoft Community Hub: <a href=\"https:\/\/techcommunity.microsoft.com\/blog\/azuresqlblog\/intro-into-security-principles-in-the-context-of-database-systems\/2067363\" target=\"_blank\" rel=\"noopener\">Intro into security principles in the context of database systems | Microsoft Community Hub<\/a><\/p>\n<\/div><\/section>","protected":false},"excerpt":{"rendered":"","protected":false},"author":4,"featured_media":6076,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57],"tags":[205,27,232],"class_list":["post-6095","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-en","tag-least-privilege","tag-security-en","tag-sicherheit-en"],"_links":{"self":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/6095","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/comments?post=6095"}],"version-history":[{"count":8,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/6095\/revisions"}],"predecessor-version":[{"id":6917,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/6095\/revisions\/6917"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/media\/6076"}],"wp:attachment":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/media?parent=6095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/categories?post=6095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/tags?post=6095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}