Microsoft Codename “SQL Azure Security Services” is a cloud service that enables you to protect your database using an Assess, Prevent, Detect, React Data Protection lifecycle. The service complements core security features in the SQL Azure platform with advisory and management tools for data security.

In this introductory version of the service, you can assess the security state of your database(s) or entire SQL Azure server by scanning it for security vulnerabilities and detect any malware (such as malicious Javascript) embedded in your database(s). Depending on your enthusiasm for such a service and your valuable feedback, more advanced features like sensitive data discovery, data masking, configuration drift, SQL injection detection, and other functionality layered on core SQL Azure platform will be added to the service. So your feedback is absolutely important!

Microsoft Codename SQL Azure Security Services can be accessed at:
http://www.microsoft.com/en-us/sqlazurelabs/labs/sqlazuresecurityservices.aspx

Prerequisites

To use SQL Azure Security Services, you must have the following:

Login to your SQL Azure Account

Microsoft Codename “SQL Azure Security Services” is located at:
http://www.microsoft.com/en-us/sqlazurelabs/labs/sqlazuresecurityservices.aspx

At this page, click on the Start Here icon.

The home page looks like this:



Specify Databases to Scan

Specify whether you would like to scan all the databases in the SQL Azure Server or choose individual databases. If you click on the latter, the UI will show you a list of databases currently in the Azure server. Choose the databases that would like to scan. NOTE: Full server scan or scanning several individual databases will involve additional scan time. Please be patient for the scan to complete.

 

Specify output location

Specify where you would want the output to be sent. You can choose HTML output directly to your browser in the same session, or choose to schedule a job that generates and saves the report in a Windows Azure BLOB account. The second choice is particularly useful if you have several databases to scan an/or you want the scan report also to be stored in your own private storage. If you choose the latter, provide the URL full path and name of the file (with a .html extension), and the BLOB credentials (storage access key).

If you chose the first option, then a link to the output HTML will be presented after a short time in the same page.





View Scan report

Click on the link here, or access the output HTML file using an Azure BLOB browser. The components of the Scan report are shown below. In this introductory release, the Scan report consists of two sections (tabs):

Security Issues: This section provide the list of potential security concerns on a per-database basis, with a Severity level and brief explanation.

 

Clicking the drop-down for provides a description of the issue, and a recommended mitigation.



Attack Surface: This section presents the security model - i.e. it lists all the objects in the master db as well as the individual databases that could be potential targets for an attack.



That is it! Now you can use this report to edit your schema, and if applicable, eliminate malware from the affected tables in your database. The intended result is a secure database(s).

We Want Your Feedback

You can provide your feedback through multiple means.

Each scan report provides two links in the Top Right corner.

Click I Have an Idea to tell us about how we can improve this service.
Click I Found a Bug to send us email about what doesn’t work so we can fix it.
Click Take the Survey to fill in a survey of the features that you'd like to see us support in this service, and their priority.

Future Plans

The SQL Azure Security Services is currently under consideration for active development. Some of our plans for possible future features include:

  • Sensitive data discovery
  • Data masking
  • Configuration drift
  • SQL injection detection
  • Active Database Monitoring
  • Audit for Compliance
  • Active data protection with Forefront integration.
  • Assessment and advisory capabilities for customer usage of core SQL Azure features such as Audit, Separation of Duties, Row Based Security 

Conclusion

We thank you in advance for taking the time to evaluate the Lab, and your valuable feedback.