Saturday, November 30, 2019

Data Platform Tips 14 - Data Discovery and Classification in Azure SQL Database

Data Discovery and Classification in Azure SQL Database is part of the "Advanced Data Security" feature. This feature allows organisations to discover, classify, label and protect PII (Personally Identifiable Data). It also provide organisations to comply against audit and regulatory compliance.

The classification taxonomy for the sensitive columns will be located in one central place for organisations to manage.

a) Logon to the Azure Portal. Refer steps a) and b) for creation of resource group and Azure SQL Database.

b) Navigate to the "sampledb" under the "AAD-SQL" resource group and click on "Advanced data security"

c) Enable "Advanced Data Security on server"

d) Once enabled, you can see the columns recommended for classification along with the sensitivity label provided.

e) The database is scanned for sensitive columns and it will be listed along with the sensitivity labels. You can accept the automatic recommendations or you can manual add classifications. Custom sensitivity labels can also be added and columns can be changed to the new sensitive labels as required.

f) Save the recommendations.

g) The "Overview" tab provides the summary of classification information of the database including the list of classified columns along with the schema, informative types and sensitive labels. Once classified you can monitor the access to sensitive data through "SQL Auditing".

No comments:

Post a Comment