SansSQL

Wednesday, May 16, 2018

Cloud Access Security Broker (CASB)

Cloud computing has matured way too much in the recent years and with its truly innovative, increased speed to collaborate, communicate, and ease of use is becoming the integral part of the business. However, with the increased use of cloud computing, the data that should have resided within the organizations perimeter is now being moved beyond the walls of the organization. And In this era of Cloud and BYOD, CYOD, COPE, it is much easier to make the data available anytime and anywhere at the same time maintaining an efficient security posture is becoming a big challenge.
Security is at the top of every organizations list and is a shared responsibility between the service provider and the customer. Even though the cloud service provider provides an optimum level of security for the applications hosted on their platform, it is difficult for them to gain deeper visibility and control at the risks associated with user behavior. Also, the visibility of access from outside of an organizations network or with a personal device is limited and lays path for the relook at the security in the cloud in a different way.

Cloud Access Security Brokers are a category of security tools that help enterprises safely enable cloud apps and mobile devices.  A Cloud access security brokers (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are being accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.

CASBs work by intermediating traffic between cloud apps and users. Once proxied, these tools provide:
  • Visibility—audit logs, security alerts, compliance reports, etc.
  • Data Security—access control, data leakage prevention, encryption, etc.

Together, these functions fill in the gaps otherwise encountered when an enterprise moves from internal, premises-based applications to cloud. For enterprises in heavily regulated industries, like Finance and Healthcare, use of a CASB might be the only practical approach to enabling cloud apps. More broadly, any organization with sensitive data to protect would be well served by considering this emerging solution category.


The Four Pillars of CASB are 
  • Visibility
  • Compliance
  • Data Security 
  • Threat Protection

By using cloud access security brokers, organizations can:
  • Identify what Shadow IT cloud services are in use, by whom, and what risks they pose to the organization and its data
  • Evaluate and select cloud services that meet security and compliance requirements using a database of cloud services and their security controls
  • Protect enterprise data in the cloud by preventing certain types of sensitive data from being uploaded, and encrypting and tokenizing data
  • Identify potential misuse of cloud services, including both activity from insiders as well as third parties that compromise user accounts
  • Enforce differing levels of data access and cloud service functionality based on the user’s device, location, and operating system

Choosing a CASB is not an easy task. While many providers focus on limited areas of the four CASB functionality pillars, most organizations prefer to select a single provider that covers all use cases. Skyhigh Networks, Symantec and Netskope are some of the leaders in CASB while CipherCloud and Cisco are challengers according to the Gartner’s Magic Quadrant for Cloud Access Security Brokers.
Related Posts Widget For Blogger with ThumbnailsBlogger Templates

Monday, May 14, 2018

How to add an additional Administrator to your Amazon AWS account


To create an additional administrator in your AWS account, follow the below steps
  1. Login to your AWS Management Console
    https://console.aws.amazon.com/ 
  2. Search for the "IAM" service
  3. In the left navigation panel, select "Users".
  4. Choose "Add User"
  5. Provide the User Name, Access type, and Password
  6. Choose the option "Attach Existing Policies Directly" and select "Administrator Access"
  7. Review the Settings in the next screen
  8. On choosing the option "Create User" this will now create a new user with the administrator rights
  9. On successful creation of the user, the portal allows you to down the credentials and share to the user via the send email link. 
  10. Optionally, you can customize the sign in URL before sending the details, by navigating to the IAM dashboard and selecting the option Customize under "IAM Users Sign-In Link"
    https://console.aws.amazon.com/iam/home

Sunday, June 25, 2017

SQL Coding Best Practices and Design Considerations

As the business demand the applications to be more flexible and user friendly, the data access layers become more critical. For the applications to be flexible and quick responsive, the database reads and writes should be at optimum performance levels leaving the developers and DBA's an mandatory option to following the coding standards and best practices.

Superior coding techniques and programming practices are hallmarks of a professional programmer. The bulk of programming consists of making a large number of small choices while attempting to solve a larger set of problems. How wisely those choices are made depends largely upon the programmer's skill and expertise.

The readability of source code has a direct impact on how well a developer comprehends a software system. Code maintainability refers to how easily that software system can be changed to add new features, modify existing features, fix bugs, or improve performance. Although readability and maintainability are the result of many factors, one particular facet of software development upon which all developers have an influence is coding technique. The easiest method to ensure that a team of developers will yield quality code is to establish a coding standard, which is then enforced at routine code reviews.

This post and the underlying presentation aims at the fundamentals of SQL Coding Best Practices and Design Considerations. To read further, download the copy of presentation from here.

Saturday, June 24, 2017

T-SQL to find Memory Used by Database and its Objects

When a data page is read from disk, the page is copied into the SQL Server buffer pool and cached for reuse. Each cached data page has one buffer descriptor. Buffer descriptors uniquely identify each data page that is currently cached in an instance of SQL Server and we use this for calculating the memory used by the Databases and its objects.

-- Memory Used by All Databases
SELECT 
 CAST (COUNT(1)*8/1024 AS decimal(8,2)) AS [MemoryUsedByAllDB's(MB)]
,CAST (COUNT(1)*8/1024/1024 AS decimal(8,2)) AS [MemoryUsedByAllDB's(GB)]
FROM sys.dm_os_buffer_descriptors
GO

-- Memory Used by Individual Databases
SELECT
 CASE WHEN database_id = 32767 
      THEN 'ResourceDB' 
      ELSE DB_NAME(database_id) 
 END AS [DatabaseName]
,COUNT(1) AS [CachedPages]
,CAST (COUNT(1)*8/1024 AS decimal(8,2)) AS [MemoryUsed(MB)]
,CAST(COUNT(1)*8/1024/1024 AS decimal(8,2)) AS [MemoryUsed(GB)]
,CASE WHEN is_modified = 1 
      THEN 'Dirty Page' 
      ELSE 'Clean Page' 
 END AS [PageState]
FROM
sys.dm_os_buffer_descriptors
GROUP BY database_id
	,is_modified
ORDER BY CachedPages DESC
	,DB_NAME(database_id)
GO

-- Memory Used by Objects within a Database. Change the <<database name>> to your desiged Database Name
USE <<database name>>
GO
SELECT
 CASE WHEN database_id = 32767 
      THEN 'ResourceDB' 
      ELSE DB_NAME(database_id) 
 END AS [DatabaseName],
 InnerData.ObjectName,
 InnerData.ObjectType,
 InnerData.IndexName,
 InnerData.IndexType
,COUNT(1) AS [CachedPages]
,CAST (COUNT(1)*8/1024 AS decimal(8,2)) AS [MemoryUsed(MB)]
,CAST(COUNT(1)*8/1024/1024 AS decimal(8,2)) AS [MemoryUsed(GB)]
,CASE WHEN is_modified = 1 
      THEN 'Dirty Page' 
      ELSE 'Clean Page' 
 END AS [PageState]
FROM
sys.dm_os_buffer_descriptors SBD INNER JOIN 
(
SELECT
SAU.allocation_unit_id, 
SO.name AS [ObjectName],
SO.type_desc AS [ObjectType],
SI.name AS [IndexName],
SI.type_desc AS [IndexType]
FROM sys.allocation_units SAU INNER JOIN sys.partitions SP
ON SAU.container_id = SP.partition_id INNER JOIN sys.objects SO
ON SP.object_id = SO.object_id INNER JOIN sys.indexes SI
ON SO.object_id = SI.object_id
WHERE SO.is_ms_shipped=0
) AS InnerData
ON SBD.allocation_unit_id = InnerData.allocation_unit_id
WHERE DB_NAME(SBD.database_id) = DB_NAME()
GROUP BY database_id
	,is_modified
	,InnerData.ObjectName
	,InnerData.ObjectType
	,InnerData.IndexName
	,InnerData.IndexType
ORDER BY CachedPages DESC
	,InnerData.ObjectName
GO

Monday, May 29, 2017

Find Isolation Level of transaction and Database

Find Isolation level of a transaction
SELECT  session_id AS SessionID, 
  program_name AS ProgramName,
  DB_NAME(database_id) AS DatabaseName, 
  CASE transaction_isolation_level 
   WHEN 0 THEN 'Unspecified' 
   WHEN 1 THEN 'ReadUncommitted' 
   WHEN 2 THEN 'ReadCommitted' 
   WHEN 3 THEN 'Repeatable' 
   WHEN 4 THEN 'Serializable' 
   WHEN 5 THEN 'Snapshot' 
  END AS Transaction_Isolation_Level
FROM sys.dm_exec_sessions

Changing the Transaction Isolation level
Using the below statement the isolation level of a transaction can be changed.

Isolation Level
  • Read uncommitted
  • Read committed
  • Repeatable read
  • Serializable
  • Read committed snapshot
  • Snapshot
SET TRANSACTION ISOLATION LEVEL <<Isolation Level>>

Find Isolation level of a Database
USE <<Database Name>>
GO
DECLARE @UserOptions TABLE ([Set Option] NVARCHAR(50), [Value] NVARCHAR(50))
INSERT INTO @UserOptions Execute ('DBCC USEROPTIONS')
SELECT * FROM @UserOptions WHERE [Set Option] = 'isolation level'

You can download the script from here.