© Mapbox, © OpenStreetMap

Speaker

Andreas Wolter

Andreas Wolter

Data Architect, Security, Sarpedon Quality Lab

Data Architect, Security, Sarpedon Quality Lab LLC

Phoenix, Arizona, United States

Actions

Andreas Wolter is a former Program Manager for Access Control in Azure SQL and SQL Server at Microsoft. In this role, he spearheaded the design of the external authorization system used by Purview policies and Azure database and data warehouse in Fabric.
He has over 20 years of experience with SQL Server, is one of only 7 Microsoft Certified Solutions Master for Data Platform (MCSM) and has been a regular speaker at conferences worldwide for over a decade.
Andreas is the founder of Sarpedon Quality Lab LLC, a consulting company specializing in SQL Server performance, high availability, and security, which he manages in cooperation with Sarpedon Quality Lab Germany.

Andreas Wolter ist ehemaliger Program Manager für Access Control in Azure SQL und SQL Server bei Microsoft USA. In dieser Rolle leitete er den Entwurf des externen Autorisierungssystems, das von Purview-Policies und Azure database unter Fabric verwendet wird und ist außerdem verantwortlich für die rund 50 neue Permissions und neuen Server- und Datenbankrollen in SQL Server 2022.
Als einer von nur 7 Microsoft Certified Solutions Master für Data Platform (MCSM) weltweit ist er regelmäßiger Sprecher auf internationalen Konferenzen und war bis zu seinem Wechsel zu Microsoft Jahrelang aktiver MVP in der deutschen Data Platform Community.
Er ist der Gründer der auf SQL Server HA, Performance und Sicherheit spezialisierten Firma Sarpedon Quality Lab Deutschland und seit seinem Rücktritt bei Microsoft leitet er die US-amerikanische Partnerfirma Sarpedon Quality Lab LLC von seiner neuen Heimat in den USA aus.

Area of Expertise

  • Information & Communications Technology

Topics

  • Security & Compliance
  • Data Security
  • performance tuning
  • High Availability
  • Database Performance
  • Program management

Learnings from the latest breaches: Approaching security for SQL Server and Azure SQL stratgically

SQL Server and Azure SQL provide many different functionalities and services which help you to protect your most valuable assets: your data. But features alone do not protect if not carefully thought through and working in siloed manners. Without a properly planned security strategy, it is too easy to miss gaps between security controls and finding oneself exposed when a serious attack occurs.
In today’s environment of “hacking as a service”, state-funded and orchestrated hacking groups, being properly prepared for all scenarios can become vital to a company’s survival.
In this session, Andreas Wolter, a former program manager for SQL security at Microsoft with over 2 decades of experience working with customers, will reflect on the current threat landscape and explain the most common breach-patterns as well as how to stop them from occurring.
Under an assume breach mindset we will look at various attack vectors, discuss what ransomware and data exfiltration attacks have in common and how that helps us to prevent or limit the blast radius.
We will look at how to strategically approach a security concept, which starts at the overall system’s architecture and does not end with encryption alone.
This session is aimed at security managers and architects who want to learn how to secure their SQL environments and data not just using the latest technologies and features but also how to approach it strategically.

Using Microsoft Purview to control access to SQL at scale

When working in large environments containing numerous Azure SQL instances and databases, relying on individually managed access for each server and database can become unwieldy. This is where Microsoft Purview steps in, allowing you to define access policies that can be applied efficiently to a range of Azure SQL resources, including SQL Server on Arc, in a highly scalable manner.
If you want to learn the art of managing access to SQL resources at scale using Purview, this session by Andreas Wolter is tailored just for you. Andreas spearheaded the external access control efforts within the SQL Security team since its inception. In this session you will learn the typical scenarios that Microsoft Purview supports, discover where it excels, explore its current limitations, and gain insight into future developments.

Unleashing the power of access control in SQL Server and Azure SQL

Access control is a fundamental aspect of securing a database system, especially when storing high-value data. On the other hand, navigating a rich permission system such as the one offered by SQL Server and Azure SQL can be overwhelming even for the most seasoned DBA. In this session, Andreas Wolter, Program Manager and long-time expert for access control in SQL Server, will explore the authorization capabilities of SQL Server/Azure SQL, explain the value of industry best practices such a “Role separation” and “Principle of Least Privilege”, and share insights from his many years working directly with customers.
Discover some of the hidden gems that can help you implement access control policies that are effective for a wide range of workloads.

Practical Performance Monitoring & Troubleshooting SQL Server

You are in a DBA, Developer or Consultant role, supporting SQL Server Databases and often someone asks you to take a look at a badly performing database application, certain queries or even “the whole server”. And over and over again you find yourself in the situation of “how to find the root cause in the least amount of time”.
This full-day Precon will teach you techniques for general troubleshooting and performance analysis from start-up to advanced techniques.
Among them are:
• SQL Server Architecture & Internals – the fundament to understanding complex correlations
• Monitoring Methodology, Tools & Techniques
o Dynamic Management Views (DMVs)
o Wait Statistics
o Extended Events for Workload & Query-Analysis
o Query Store
• Investigating Memory Problems
• Identifying and Remediating Plan Regression
• Analysis of Indexes & Statistics
• Detecting I/O Latency problems
• Investigating Tempdb Performance
• Locking & Blocking Analysis, Concurrency problems

While no one has evolved into a Performance-Tuning-Master in one single day, you can be sure to learn valuable techniques and concepts to build upon for day-to-day work. And of course, we will also discuss possible solutions or even implement them live. So, at your next phone call “Help, the server is slow!” you know will where to start.
Expect lots of demos and a deep dive into core concepts of SQL Server.

Hands-on: If you want to play along, please bring a laptop running at least SQL Server 2019, with at least 5GB of free drive space for the demo databases and workload. But you are welcome to just sit back and consume this one fully packed one day Precon.

Prerequisites: Basic understanding of the SQL Server relational engine and Transact-SQL, Basic familiarity with Dynamic Management Views (DMVs) and Query Plans

Implementing the Principle of Least Privilege for administrative roles in SQL Server

In many enterprises security requirements have become increasingly strict and demand that no persona should have full power on the SQL server instance or database.
Join Sam Mesel (Microsoft Azure SQL Global Black Belt) and Andreas Wolter (MCSM Data Platform, former Program Manager for Access Control in Server at Microsoft) for an informative session on implementing the principle of least privilege for administrative roles in SQL Server.
Learn about the different approaches you can undertake to secure your databases even against administrative personas. Learn how to solve specific operational tasks without granting high privileges using a solution template published on GitHub. Explore the use of built-in permissions and roles, custom code, and break-glass processes. Don't miss this opportunity to learn about how to lock down access to your data in SQL!

From Locks to No Locks – Concurrency in SQL Server

In this session we take a look at essential mechanisms inside SQL Server, which influence administrators as well as developers and should be known thoroughly.
Why does SQL Server have to lock objects, which effects does this have (performance and data integrity) and how we can influence these things.
Specifically we will look at:
· Can indexes prevent locking?
· Why is NOLOCK not a good idea when dealing with critical data?
· When and what happens at Lock-Escalation?
· What does table-design have to do with blocking?
· Why everyone should know error number 1205 – how deadlocks can occur and what can prevent them?
· How is „optimistic concurrency“ implemented in SQL Server?
. How does In-Memory OLTP change the game?
As usual: lots of (code) demos

Authorisierung unter SQL Server und Azure SQL deep dive

Nach der Authentifizierung ist die Implementierung von Berechtigungen die grundlegendste Methode um Systeme zu sicherm.
SQL Server und die Azure SQL Angebote beeinhalten ein Umfangreiches Berechtigungssystem, welches allerdings aufgrund der schieren Anzahl an individuellen Berechtigungen (weit uber 250) und seiner hirarchichen Ordung selbst für Experten eine Herausforderung ist.
In dieser Session wird Andreas Wolter, Program Manager im Microsoft Security Team mit 2 Jahrenzehnten praktischer Erfahrung in SQL Server, die Möglichkeiten und auch Fallstricke des Authorsierungssystems in live Demos aufzeigen.
Best practices wie „Rollentrennung“ und „Principle of least privilege” und wie man diese mit SQL Server umsetzen kann werden erläutert.

Access control in SQL Server & Azure SQL from zero to hero

You inherited a SQL Server or Azure SQL environment or are designing a new one. One of the fundamental tasks is to manage access to your SQL Server, databases and data objects within.
The almost 300 permissions that the SQL engine supports can be overwhelming. And sometimes permission is not sufficiently granular to implement according to the Principle of Least Privilege. What if you do not want to take care of all permissions yourself and instead delegate some of these tasks to someone else. How can you do that safely?
In this interactive training day, Andreas Wolter, Program Manager in the SQL Security team with 2 decades of practical experience of SQL Server will walk you through all the fundamentals of SQL servers’ hierarchical permission system including the latest additions and strategy behind them. Then you will look at special scenarios and possible solutions that you may encounter and need to solve at some point. Along the way you will learn about concepts like PoLP, role separation, SoD, impersonation, delegation, and ownership chains in SQL.

Building a data security strategy for SQL Server and Azure SQL

SQL Server and Azure SQL provide many different functionalities and services which help you to protect your most valuable assets: your data. But features alone do not protect if not carefully thought through and working in siloed manners. Without a properly planned security strategy, it is too easy to miss gaps between security controls and finding oneself exposed when a serious attack occurs.
In today’s environment of “hacking as a service”, state-funded and orchestrated hacking groups, being properly prepared for all scenarios can become vital to a company’s survival.
In this session, Andreas Wolter, a former program manager for SQL security at Microsoft with over 2 decades of experience working with customers, will guide you through strategically approaching security concepts, which starts at the overall system’s architecture and does not end with encryption alone.
Under an assume breach mindset we will look at various attack vectors, from ransomware attacks to data exfiltration and possible ways to prevent or limit the blast radius.
This session is aimed at security managers and architects who want to learn how to secure their SQL environments and data not just using the latest technologies and features but also how to approach it strategically.

Data protection next level: what comes after access control

You may have taken care of proper authentication and authorization, and while these functionalities are absolutely essential, they are also just the foundation. When you are dealing with data that requires special protection, be it health-care-, identity-, IP-related or even concerning our defense, you really need to implement additional layers of security. In this session, Andreas Wolter, former Program Manager for access control in the SQL security team with over two decades of experience working with customers, will guide you through the additional security controls which SQL Server and Azure SQL have to offer. He will compare the use-cases and limitations of the various encryption methods that the SQL engine offers, as well as Ledger, data classification and Row level security. Be prepared for a demo-heavy session.

SQL Server under attack: SQL Injection

One of the most often successfully attacked targets is the data that resides in a database server. SQL Server is considered “secure by default”, but this is only relevant until the first databases and configurations have been changed. Which is why most of the exploited weaknesses are due to misconfiguration or weak coding practices as opposed to security bugs in SQL Server itself. In this purely demo-based session, Andreas Wolter, former Program Manager for Access Control in SQL at Microsoft will show several real-life attacks, from mere reading up to disrupting service availability via various types of manuals performed SQL Injection, including an elevation of privileges attack to sysadmin level. If you have a database-server which is accessible by processes beyond your direct control or that even can be reached by some kind of frontend applications and you are unsure regarding the possible security implications to watch out for, this session is meant for you.

Deep dive in SQL access control using roles and permissions

Proper access control is the foundation of any database environment. In this session, Andreas Wolter, formerly Program Manager for access control in SQL at Microsoft, who led the work on access control for SQL Server, Azure SQL and SQL under Fabric, will dissect the permission system and built-in roles for you, to utilize it with maximum efficiency.
You will learn about the distinction between workspace and database roles and when to use what. You will explore when to use custom roles over built-in roles, understand the granular permissions the side-effects of using workspace-roles under Fabric for SQL and which pitfalls to avoid. The goal is to comply with the Principle of Least Privilege and at the same time keep access control manageable.

Troubleshooting Availability Groups with DMVs and XEvents

In this session, we look under the covers of availability groups. Various demos show how to analyze functionality and performance in relation to availability groups. This includes problem analysis during initial seeding and the subsequent synchronization traffic and its performance overhead on the workload. The aim is to provide a better understanding of the basic mechanisms and their impact on the chosen high-availability infrastructure as well as how to use the available, built-in tools for troubleshooting.

SQL server database under attack – live battle session

Be it a malicious insider or stolen credentials: once an attacker can run queries against a database, it comes down to the level of access. Depending on the actual permissions and configuration, there are many things the attacker can attempt to gain access to the data.
In this session, Andreas Wolter, former Program Manager for SQL security access control at Microsoft and Ralf Dietrich a veteran in system forensics will play a live battle of DBA vs attacker: in multiple rounds they will demonstrate common weaknesses and potential paths to privilege escalation, how an attacker can exploit them and how they can be fixed. While the focus is on permissions, we will also highlight complementary security controls such as auditing.
Expect an entertaining and demo-focused session and lots of valuable information from the field.

Quickstart into Performance Monitoring & Troubleshooting for SQL databases in Azure and Fabric

Having a consistent performance-experience is crucial for a successful business. If your role requires supporting SQL Server Databases you need to understand where to look and what to look for.
Depending on whether your SQL database is hosted on-prem, in Azure SQL or Fabric, there are some differences in what tools are available.
In this session, Andreas Wolter, former Program Manager at Microsoft with over 20 years of experience in the field as consultant will give you an overview over the available tools, explain where they overlap and where limitations require a different approach using built-in SQL functionalities.
Among the things you will be introduced to will be the database watcher, extended events, wait stats and DMVs.
So next time someone asks you to take a look at a badly performing database application, you know where to look.

Andreas Wolter

Data Architect, Security, Sarpedon Quality Lab

Phoenix, Arizona, United States

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top