Client Success: Fintech Scales Data Security Across Massive Redshift Clusters

Business and Business Risks

This Privacera’ customer is a global financial technology company dedicated to helping customers put more money in their pockets, eliminate unnecessary work, and empower customers to confidently make financial decisions. At the heart of their mission is a commitment to leveraging cutting-edge technology including artificial intelligence. 

The customer’s business strategy centers around solving customer problems and seizing new growth opportunities. By harnessing the power of their extensive data, investing in advanced AI capabilities, they are delivering transformative customer personalized experiences and creating a sustainable competitive advantage. Moreover, their investment in AI, GenAI, vast data assets, and world-class developer tools has laid a foundation for rapid productivity gains and scalable innovation. These capabilities enable the company to move with speed and agility, delivering benefit to their customers in a continuously evolving financial landscape.

Key to this strategy is an “all-in” approach to cloud computing, which began in 2013. By building upon external cloud vendors, the customer has been able to rapidly scale their operations globally. They have integrated cloud technologies into their infrastructure, machine learning, and data analytics capabilities to create best-in-class services. Currently, 67% of their revenue comes from mobile and online services, all of which are powered by cloud technologies. This deep integration of cloud and AI not only drives innovation but also ensures that the customer continues to lead in delivering seamless and advanced financial services.

The Business Issue

The customer’s franchise requires a commitment to being a responsible steward of customer data, guided by robust data stewardship principles that align the organization’s approach to collecting, using, and protecting personal information. Their practices aim to ensure compliance with the laws and regulations governing the handling of sensitive data, particularly within the financial services and tax sectors.

By necessity, the customer employs rigorous security safeguards to protect customer and workforce information from loss, misuse, and unauthorized alteration. They utilize a comprehensive set of technical, logical, and procedural measures which are designed to detect and prevent fraud and ensure customer information remains secure. Sensitive information, such as credit card details or tax data, transmitted through their websites or products are encrypted following industry standards, during transmission and storage. Regular system patches and security updates are applied to guard against unauthorized access, using a combination of commercially available security products and internally developed procedures.

The customer operates under federal, state, local, and international regulations. They host, collect, and retain a large volume of sensitive data. This includes credit card numbers, tax return information, bank details, financial transaction records, social security numbers, payroll information, and confidential business data. To support these operations, the customer relies on public cloud providers such as Amazon Web Services and Google Cloud Platform, ensuring scalable, secure, and reliable infrastructure for their online offerings.

However, this customer hit a scalability wall with its AWS infrastructure. With over 31 petabytes of data spread across 200+ interconnected AWS accounts, the company’s data was stored in large Amazon Redshift clusters, each allocated to different lines of business (LOBs). And Redshift is just one source. They use Open Source Spark, Amazon EMR, Flink, Amazon EMR Serverless, Databricks and others that adds to the complexity and management sprawl. These served separate business segments, ensuring that data was governed based on user roles and stringent regulatory requirements.

As the organization grew, the volume of data across thousands of tables ballooned, and manual governance processes became untenable. Relying on AWS S3 buckets to store objects introduced further challenges—S3’s coarse-grained access controls were overly permissive and difficult to manage, while managing and securing the complex data ecosystem became increasingly impractical. Over-privileged IAM roles compounded the problem, making it difficult to track and control who had access to what data.

The company faced a critical scalability issue as they exceeded AWS’s limits of user policy, group policy and role policy per IAM role.They were dealing with 2,800+ IAM roles, many with excessive privileges. To address this, they turned to Privacera for access management.  Instead of relying on numerous IAM roles to manage access to S3 objects, access management is controlled by a combination of users, groups, and attributes.  Identities are synchronized with Privacera through the FSI’s Identity Provider, and permissions are dynamically controlled based upon a user’s groups and attributes. 

The Solution

The customer has built a robust global presence with customer data and privacy at the core of their operations. The company’s customers place deep trust in the company, entrusting them with their most sensitive data, confident in their role as trusted stewards. The company’s goal for this reason is to provide what customers want: solving their problems faster and accelerating development, all while safeguarding their data.

To centralize data governance , the FSI’s Redshift clusters were onboarded to Privacera allowing security policies to be applied consistently across business lines. With Privacera’s open standards policy format, existing Redshift policies were exported, converted to Privacera policy format, and imported into Privacera.  This allowed a seamless transition with near zero downtime.  By eliminating error-prone manual processes, the company could now ensure seamless auditing, compliance, and access management across its expanding dataset.

Privacera’s architecture was built to scale, providing a solution that could grow alongside the company without compromising performance. The platform allowed the FSI to manage and govern access to petabytes of data effectively, solving the challenges that had previously limited their ability to scale. This transition enabled the company to continue its expansion with confidence, knowing its data governance infrastructure could handle the increasing demands of the business.

Business Impacts

To address the above challenges including scaling data governance and ensuring proper data security, the customer purchased Privacera’s Data Security Platform to streamline and secure their data access governance processes. By implementing Privacera’s platform, the company was able to achieve critical improvements to their compliance and business performance.

Automated Access Controls: Privacera enabled fine-grained access controls over the company’s Redshift clusters, ensuring that only authorized users could access specific datasets. This eliminated manual, error-prone governance processes, making it easier to scale data access securely across the organization.

Centralized Governance for Distributed Clusters: Privacera’s platform allowed centralized governance for all business lines, including consumer, small business, personal finance, and tax clusters. This ensured consistent application of security policies across the company, streamlining auditing and compliance efforts.

Comprehensive Data Visibility: The platform provided real-time visibility into data access, allowing governance teams to track who accessed what data and when. This enhanced transparency not only simplified regulatory reporting but also gave leadership confidence in the security of their critical data assets.

Scalable for Petabyte-Scale Data: With its scalable architecture, Privacera allowed the fintech firm to govern petabytes of data without sacrificing performance. This ensured that as the company grew, their data governance solution could effortlessly handle increased demand.

Enhanced Business Outcomes: Privacera empowered analysts to securely access sensitive data across thousands of tables, enabling quick generation of reports and insights. This improved decision-making across all business lines, enhancing customer experiences and driving stronger financial results. Real-time insights from analysts now play a key role in strategic decisions that impact company growth.

Since implementing Privacera’s platform, the fintech firm has seen tangible results: improved data security through automated governance, scalability in managing vast amounts of data, seamless regulatory compliance, and faster decision-making, which collectively drive better business outcomes.

Background on Privacera

Privacera works for customers at the intersection of data governance, security, and data privacy. Privacera’s unified data access governance platform maximizes the value of data by providing secure data access control and governance across hybrid- and multi-cloud environments. The Privacera platform centralizes access and natively enforces policies across multiple cloud services—AWS, Azure, Google Cloud, Databricks, Snowflake, Starburst and more—to democratize trusted data enterprise wide without compromising compliance with regulations such as GDPR, CCPA, LGPD, or HIPAA. Trusted by Fortune 500 customers across finance, insurance, retail, healthcare, media, public and the federal sector, Privacera is the industry’s leading data access governance platform that delivers unmatched scalability, elasticity, and performance. Privacera was founded in 2016 to manage cloud data privacy and security by the creators of Apache Ranger™.