Moving databases and workloads to the cloud has never been easier. For Sql Server there is number of products that offer almost perfect feature parity. One of the last technical challenges is right security configuration. That's because security model in the public cloud is different and requires different approach, skillset and knowledge. This session covers governance, risk management and compliance in public cloud and specifically focuses on Azure Sql PaaS resources. It provides practical examples of network topologies with their strengths and weaknesses including recommendations and best practices for hybrid and cloud-only solutions. Explains orchestration and instrumentation available in Azure like Security Center, Vulnerability Assessment, Threat Detection, Log Analytics/OMS, Data Classification, Key Vault and more. Finally shows techniques to acquire knowledge and gain advantage over attackers like deception and chaos engineering.