Andreas Wolter
Data Architect, Security, Sarpedon Quality Lab
Data Architect, Security, Sarpedon Quality Lab LLC
Phoenix, Arizona, United States
Actions
Andreas Wolter is a former Program Manager for Access Control in Azure SQL and SQL Server at Microsoft. In this role, he spearheaded the design of the external authorization system used by Purview policies and Azure database and data warehouse in Fabric.
He has over 20 years of experience with SQL Server, is one of only 7 Microsoft Certified Solutions Master for Data Platform (MCSM) and has been a regular speaker at conferences worldwide for over a decade.
Andreas is the founder of Sarpedon Quality Lab LLC, a consulting company specializing in SQL Server performance, high availability, and security, which he manages in cooperation with Sarpedon Quality Lab Germany.
Andreas Wolter ist ehemaliger Program Manager für Access Control in Azure SQL und SQL Server bei Microsoft USA. In dieser Rolle leitete er den Entwurf des externen Autorisierungssystems, das von Purview-Policies und Azure database unter Fabric verwendet wird und ist außerdem verantwortlich für die rund 50 neue Permissions und neuen Server- und Datenbankrollen in SQL Server 2022.
Als einer von nur 7 Microsoft Certified Solutions Master für Data Platform (MCSM) weltweit ist er regelmäßiger Sprecher auf internationalen Konferenzen und war bis zu seinem Wechsel zu Microsoft Jahrelang aktiver MVP in der deutschen Data Platform Community.
Er ist der Gründer der auf SQL Server HA, Performance und Sicherheit spezialisierten Firma Sarpedon Quality Lab Deutschland und seit seinem Rücktritt bei Microsoft leitet er die US-amerikanische Partnerfirma Sarpedon Quality Lab LLC von seiner neuen Heimat in den USA aus.
Links
Area of Expertise
Topics
SQL Server under attack: SQL Injection
One of the most often successfully attacked targets is the data that resides in a database server and SQL Injection is still one of the most common attack types.
In this purely demo-based session, Andreas Wolter, former Program Manager for Access Control in SQL at Microsoft will show several real-life attacks, from mere reading up to disrupting service availability via various types of manuals performed SQL Injection, including an elevation of privileges attack to sysadmin level. If you have a database-server which is accessible by processes beyond your direct control or that even can be reached by some kind of frontend applications and you are unsure regarding the possible security implications to watch out for, this session is meant for you.
Practical Performance Monitoring & Troubleshooting SQL Server
You are in a DBA, developer or consultant role, supporting SQL Server databases and often someone asks you to take a look at a badly performing database application, certain queries or even “the whole server”. And over and over again you find yourself in the situation of “how to find the root cause in the least amount of time”.
This full-day precon with Andreas Wolter, a former Program Manager for SQL Server at Microsoft, will teach you techniques for general troubleshooting and performance analysis from start-up to advanced techniques.
Among them are:
• SQL Server architecture & internals – the fundament to understanding correlations
• Monitoring methodology, tools & techniques
o Windows Performance Monitor
o Dynamic Management Views (DMVs)
o Wait statistics
o Extended Events for workload & query-analysis
o Query Store
o Azure SQL database watcher (intro)
The above techniques will be used to:
• Identify the most impactful problematic queries
• Detect I/O latency problems
• Investigate Tempdb performance
• Analyze indexes & statistics
• Analyze locking & blocking and concurrency problems
• Identify query plan regression
While no one has evolved into a performance-tuning-master in one single day, you can be sure to learn valuable techniques and concepts to build upon for day-to-day work. And of course, we will also discuss possible solutions or even implement them live. So, at your next phone call “Help, the server is slow!” you know will where to start.
Expect lots of demos and a deep dive into core concepts of SQL Server.
Hands-on! – Attendees who want to directly try out some of the techniques shown can connect to the demo-server which is under a constant workload simulation live with SQL Server management studio themselves! (All that is required is to bring a laptop with SSMS installed and ability to connect to a SQL Server on the internet on a given port.)
Authorization for SQL database in Microsoft Fabric 101
Effective access control is essential for any database environment. In this session, Andreas Wolter, former program manager for security in SQL at Microsoft, who designed the authorization concept for SQL database in Fabric, will walk you in a demo-focused session through access control for SQL database in Fabric, to help you utilize it with maximum efficiency.
We will cover the difference between workspace and database roles and when to use each. The session will also dive into custom vs. built-in roles, the implications of using workspace roles in Fabric for SQL, and the introduction of granular permissions. Additionally, we’ll examine the various permission options for sharing a database in Fabric and highlight the differences in access control between Fabric, SQL Server, and Azure SQL. The goal is to align with the Principle of Least Privilege while ensuring that access control remains manageable.
Learnings from the latest breaches: Approaching security for SQL Server and Azure SQL strategically
SQL Server and Azure SQL provide many different functionalities and services which help you to protect your most valuable assets: your data. But features alone do not protect if not carefully thought through and working in siloed manners. Without a properly planned security strategy, it is too easy to miss gaps between security controls and finding oneself exposed when a serious attack occurs.
In today’s environment of “hacking as a service”, state-funded and orchestrated hacking groups, being properly prepared for all scenarios can become vital to a company’s survival.
In this session, Andreas Wolter, a former program manager for SQL security at Microsoft with over 2 decades of experience working with customers, will reflect on the current threat landscape and explain the most common breach-patterns as well as how to stop them from occurring.
Under an assume breach mindset we will look at various attack vectors, discuss what ransomware and data exfiltration attacks have in common and how that helps us to prevent or limit the blast radius.
We will look at how to strategically approach a security concept, which starts at the overall system’s architecture and does not end with encryption alone.
This session is aimed at security managers and architects who want to learn how to secure their SQL environments and data not just using the latest technologies and features but also how to approach it strategically.
Using Microsoft Purview to control access to SQL at scale
When working in large environments containing numerous Azure SQL instances and databases, relying on individually managed access for each server and database can become unwieldy. This is where Microsoft Purview steps in, allowing you to define access policies that can be applied efficiently to a range of Azure SQL resources, including SQL Server on Arc, in a highly scalable manner.
If you want to learn the art of managing access to SQL resources at scale using Purview, this session by Andreas Wolter is tailored just for you. Andreas spearheaded the external access control efforts within the SQL Security team since its inception. In this session you will learn the typical scenarios that Microsoft Purview supports, discover where it excels, explore its current limitations, and gain insight into future developments.
Unleashing the power of access control in SQL Server and Azure SQL
Access control is a fundamental aspect of securing a database system, especially when storing high-value data. On the other hand, navigating a rich permission system such as the one offered by SQL Server and Azure SQL can be overwhelming even for the most seasoned DBA. In this session, Andreas Wolter, Program Manager and long-time expert for access control in SQL Server, will explore the authorization capabilities of SQL Server/Azure SQL, explain the value of industry best practices such a “Role separation” and “Principle of Least Privilege”, and share insights from his many years working directly with customers.
Discover some of the hidden gems that can help you implement access control policies that are effective for a wide range of workloads.
Implementing the Principle of Least Privilege for administrative roles in SQL Server
In many enterprises security requirements have become increasingly strict and demand that no persona should have full power on the SQL server instance or database.
Join Sam Mesel (Microsoft Azure SQL Global Black Belt) and Andreas Wolter (MCSM Data Platform, former Program Manager for Access Control in Server at Microsoft) for an informative session on implementing the principle of least privilege for administrative roles in SQL Server.
Learn about the different approaches you can undertake to secure your databases even against administrative personas. Learn how to solve specific operational tasks without granting high privileges using a solution template published on GitHub. Explore the use of built-in permissions and roles, custom code, and break-glass processes. Don't miss this opportunity to learn about how to lock down access to your data in SQL!
From Locks to No Locks – Concurrency in SQL Server
In this session we take a look at essential mechanisms inside SQL Server, which influence administrators as well as developers and should be known thoroughly.
Why does SQL Server have to lock objects, which effects does this have (performance and data integrity) and how we can influence these things.
Specifically we will look at:
· Can indexes prevent locking?
· Why is NOLOCK not a good idea when dealing with critical data?
· When and what happens at Lock-Escalation?
· What does table-design have to do with blocking?
· Why everyone should know error number 1205 – how deadlocks can occur and what can prevent them?
· How is „optimistic concurrency“ implemented in SQL Server?
. How does In-Memory OLTP change the game?
As usual: lots of (code) demos
Access control in SQL Server & Azure SQL from zero to hero
You inherited a SQL Server or Azure SQL environment or are designing a new one. One of the fundamental tasks is to manage access to your SQL Server, databases and data objects within.
The almost 300 permissions that the SQL engine supports can be overwhelming. And sometimes permission is not sufficiently granular to implement according to the Principle of Least Privilege. What if you do not want to take care of all permissions yourself and instead delegate some of these tasks to someone else. How can you do that safely?
In this interactive training day, Andreas Wolter, Program Manager in the SQL Security team with 2 decades of practical experience of SQL Server will walk you through all the fundamentals of SQL servers’ hierarchical permission system including the latest additions and strategy behind them. Then you will look at special scenarios and possible solutions that you may encounter and need to solve at some point. Along the way you will learn about concepts like PoLP, role separation, SoD, impersonation, delegation, and ownership chains in SQL.
Data protection next level: what comes after access control
You may have taken care of proper authentication and authorization, and while these functionalities are absolutely essential, they are also just the foundation. When you are dealing with data that requires special protection, be it health-care-, identity-, IP-related or even concerning our defense, you really need to implement additional layers of security. In this session, Andreas Wolter, former Program Manager for access control in the SQL security team with over two decades of experience working with customers, will guide you through the additional security controls which SQL Server and Azure SQL have to offer. He will compare the use-cases and limitations of the various encryption methods that the SQL engine offers, as well as Ledger, data classification and Row level security. Be prepared for a demo-heavy session.
Deep dive in SQL access control using roles and permissions
Proper access control is the foundation of any database environment. In this session, Andreas Wolter, formerly Program Manager for access control in SQL at Microsoft, who led the work on access control for SQL Server, Azure SQL and SQL under Fabric, will dissect the permission system and built-in roles for you, to utilize it with maximum efficiency.
You will learn about the distinction between workspace and database roles and when to use what. You will explore when to use custom roles over built-in roles, understand the granular permissions the side-effects of using workspace-roles under Fabric for SQL and which pitfalls to avoid. The goal is to comply with the Principle of Least Privilege and at the same time keep access control manageable.
Troubleshooting Availability Groups with DMVs and XEvents
In this session, we look under the covers of availability groups. Various demos show how to analyze functionality and performance in relation to availability groups. This includes problem analysis during initial seeding and the subsequent synchronization traffic and its performance overhead on the workload. The aim is to provide a better understanding of the basic mechanisms and their impact on the chosen high-availability infrastructure as well as how to use the available, built-in tools for troubleshooting.
SQL server database under attack – live battle session
Be it a malicious insider or stolen credentials: once an attacker can run queries against a database, it comes down to the level of access. Depending on the actual permissions and configuration, there are many things the attacker can attempt to gain access to the data.
In this session, Andreas Wolter, former Program Manager for SQL security access control at Microsoft and Ralf Dietrich a veteran in system forensics will play a live battle of DBA vs attacker: in multiple rounds they will demonstrate common weaknesses and potential paths to privilege escalation, how an attacker can exploit them and how they can be fixed. While the focus is on permissions, we will also highlight complementary security controls such as auditing.
Expect an entertaining and demo-focused session and lots of valuable information from the field.
Quickstart into Performance Monitoring & Troubleshooting for SQL databases in Azure and Fabric
Having a consistent performance-experience is crucial for a successful business. If your role requires supporting SQL Server Databases you need to understand where to look and what to look for.
Depending on whether your SQL database is hosted on-prem, in Azure SQL or Fabric, there are some differences in what tools are available.
In this session, Andreas Wolter, former Program Manager at Microsoft with over 20 years of experience in the field as consultant will give you an overview over the available tools, explain where they overlap and where limitations require a different approach using built-in SQL functionalities.
Among the things you will be introduced to will be the database watcher, extended events, wait stats and DMVs.
So next time someone asks you to take a look at a badly performing database application, you know where to look.
Andreas Wolter
Data Architect, Security, Sarpedon Quality Lab
Phoenix, Arizona, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top