SQL Server 2016 has quite a few new features and in this session we'll take a look at how security has been improved. We'll look at three different features: Always Encrypted, Dynamic Data Masking and Row Level Security. Always Encrypted enables you to easily encrypt your data so that only the client can decrypt it, meaning the keys don't have to be stored on the server and even the DBA can't decrypt it. Dynamic Data Masking masks the sensitive data in the returning result set from users that don't have enough privileges to see it. This is not encryption, only simple rule-based masking. Row Level Security gives the server ability to limit the returned data to only the result set the application has the permissions to see, without needing to make hard-core modifications to the application code.