We are excited to announce that a few weeks ago we made Auditing for Azure SQL Database generally available. Auditing for Azure SQL Database tracks and logs all events that occur on your database, such as updates and queries against data. Auditing can be managed from the Azure Management Portal, the Preview Azure Portal or via Windows PowerShell commands. Dashboard views and reports in the Azure Management Portal provide at-a-glance insight into database events, while Auditing events are written to an audit log stored in the Azure Storage account you designate (Azure Storage rates apply).
You can easily use Auditing for the following key scenarios; records collection to support compliance policies, BI-driven security investigation to uncover potential issues, operational insight, and alternatively for basic SQL Database debugging and profiling.
The adoption for Auditing during preview has been exciting and we’ve enjoyed listening and learning from customers on how they are using Auditing to meet their unique needs or requirements. For example, companies like COPsync who are under strict policy to meet industry compliance regulations. “We provide a service that enables sharing of law enforcement information which means we are required to comply with various regulations, including the FBI Criminal Justice Information System (CIIS) Security Policy, which requires auditing at every layer of our architecture including the database,” stated Wade Powell, VP of Technology. “The new Auditing feature in Azure SQL Database, provides a simple way for us to audit all transactions in our databases and ultimately comply with regulations—in a relatively short period we’ve already logged hundreds of thousands of audit records and have noticed no performance degradation.”
Additionally, we listened to customer feedback during preview and are excited to introduce additional functionality to the general availability release. This functionality will make it easier to troubleshoot. The addition of the client IP and application name to the audit logs helps customers to more easily distinguish between their various Azure applications. Additionally, customers now have the Server Duration metric that can shed light on production operations that took longer than expected which may indicate activity associated with bugs in the application or a suspected attack.
Those familiar with on-premises database administration and data protection are accustomed to the effort of balancing the auditing tradeoffs between coverage, compute and storage impacts. With SQL Database this balance is practically eliminated and the cloud-based Auditing approach is more streamlined because the service has the ability to inherently scale resources transparently to help preserve performance. Also, the audit logs are simply stored in your geo-redundant Azure Storage account which offers near-infinite scale for a very low cost. Because Auditing in SQL Database tracks and logs all the events that occur on your database, it helps you meet strict compliance policies. Once enabled, Auditing captures the entire user request at the level of the TDS protocol and SQL Batch including the parameters for stored procedures and related data such as success/failure, error, number of response row, and processing duration.
Historically, customers have required Auditing as a ‘check box’ to meet compliance policies, then left the analysis to the auditors. With Auditing in SQL Database, we make it extremely easy for you to drive your own analytics. We designed the logs for easy consumption by self-service BI tools which removes the need to write code. Auditing also includes a pre-built report template that leverages Power View and Power Pivot which you can point to one or many of your database Audit logs. You can now take charge and very easily slice and dice data to look for anomalies and more quickly determine if there have been any breaches and take immediate action.