Strategies For Solving Compliance

Challenges

Steve Jones, Microsoft Data Platform MVP, Editor at SQLServerCentral.com

and Evangelist at Redgate

Agenda

• Bio

• Problems in a changing world

• The DevOps Transformation

• Protecting data throughout software development process

Steve JonesEvangelist, Redgate Software

Editor, SQLServerCentral

27 years SQL Server data experience

DBA, developer, manager, writer, speaker in a variety of

companies and industries

Founder, SQLServerCentral

And current editor, with the goal of helping you learn to be a

better data professional every day

11 years Microsoft Data Platform MVP

I have been honored to be recognized by Microsoft for the

last decade as an MVP

@way0utwest/in/way0utwest www.voiceofthedba.comsjones@sqlservercentral.com

The World is Becoming More Dangerous

The World is Dangerous

Scale and variety are increasing

447

614

783 781

1093

1579

17

92 86

169

37

179

0

200

400

600

800

1000

1200

1400

1600

1800

2012 2013 2014 2015 2016 2017

Data Breaches are the New Normal

Data Breaches Millions of Records Exposed

Source: Identity Theft Resource Center

Dev/Test is a problem

The world of information is evolving

The DevOps Transformation

What is DevOps?

“DevOps is the union of people, process,

and products to enable continuous

delivery of value to our end users.”

Donovan Brown,

Principal DevOps Program Manager, Microsoft

The database needs to evolve faster

The database CANNOT be the bottleneck.

Database DevOps

What does Compliant Database DevOps look like?

What does Compliant Database DevOps look like?

Standardize team-based development

Adopt the industry-standard tools for coding, comparison, and version control,

to speed up and simplify team-based database development.

What does Compliant Database DevOps look like?

Automate database deployments

Implement a consistent, scalable, and repeatable process to automate

database deployments.

What does Compliant Database DevOps look like?

Monitor performance & availability

Continuously optimize your processes by diagnosing and resolving causes

of operational and performance issues, including deployments.

What does Compliant Database DevOps look like?

Protect and preserve data

Protect sensitive data as it moves through database environments.

Demo – Onboard New DeveloperIdeally create a database quickly

Reset Database State

We have a problem

Software teams want to use Production data

https://assets.red-gate.com/products/dba/sql-clone/sql-server-database-provisioning-report.pdf

Conflicts to solve

Developers DBA

Conflicts to solve

• Evaluate software sooner

• Up-to-date, production

scale, realistic data

• Self-service access

• Data must be protected

• All copies of data accounted for

• Sensitive data must be

sanitized

Database Developers DBAs

Provisioning is a Blocker for DevOps

Time Storage and

sprawl

Shared environment

conflicts

Data security Limited Testing

Takes too long to get a database

We don't have space for copies of data

We need production data but can’t have it

No time because environments aren't read or data isn't like production

Pen testers can't interfere with QA

Don't Bring Me Your Problems

Protecting data throughout software development process

What Compliant Provisioning for Dev/Test

• Single central view of database copies

• Control over creation process

• Mechanism to sanitise data classified as sensitive

• Security / access to data

• Consistent, automated process

• Record of activities for auditing

Demo – SQL Provision for TeamsDeploy database copies in seconds

Include masking

Keys for Compliant Database DevOps Provisioning

• Repeatable process through automation

• Consistent security

• Masking ALWAYS included

• Customizable as needed

• Reduce provisioning tickets and accelerate delivery to unblock the team

• Self service

• Automation

• Give teams their own production-like databases to increase time to market

• Shift testing left to find issues early using realistic data and identify the change impact

• Single central view of provisioning activities

Summary

• Securing data is becoming more and more important

• Developers are feeling pressure to build software faster

• DevOps is consistent with better security• Use automation to provision data securely in dev/test

• Use configuration as code to implement better security

• Improve your provisioning process in stages

• Don't bring problems, bring solutions

Thank you

www.voiceofthedba.com

sjones@sqlservercentral.com

@way0utwest

/in/way0utwest

Questions?

Panel discussion:

Compliant Database DevOps Adoption

Panel host:

Steve Jones, Microsoft Data Platform MVP, Editor at SQLServerCentral.com

and Evangelist at Redgate

Panelists

Questions from the room

Ask a question via

#sqlinthecity