Client Success: Internet Travel Company Unifies Governance Across Data Lakes

This story is part of our client success series. It showcases Fortune 100 and 500 customers across various industries that turned to Privacera to solve their tough data security, access, and governance challenges. Check out all the stories in this series. 

World travel is big business for this internet company, which holds a large portfolio of internet travel brands. It distributes and markets its products via the web, apps, desktops, mobile offerings, and alternative distribution channels. Its growth strategy aims to deliver the best travel opportunities for its customers, including travelers, travel suppliers and advertisers. Because travelers visit multiple sites before booking trips, this company banks on having a multi-brand strategy, increasing its chances consumers will visit one or more of its sites.

When the company merged its business groups, multiple data lakes formed, each with ineffective, manual, siloed, and unmanageable data governance controls. See how this company overcame its challenges by adopting Privacera to enable centralized, automated, and consistent data security governance.

Business Risks

This company recently unified its technology, product, data engineering, and data science teams to build services and capabilities for leveraging across each business unit. It had a goal to create more scalable, efficient services. By achieving its goal, all its businesses would benefit from a shared platform infrastructure, including customer service and support, data centers, search capabilities, payment processing, and fraud operations. 

Because of the consumer and sensitive data this company holds, it must comply with global consumer protections, privacy legislation, and payment regulations. Two sets of regulations in particular include:

• California Privacy Rights Act (CPRA) 
• European Union’s General Data Protection Regulation (GDPR)

Both of these data protection and privacy laws require enhanced data protection and add compliance complexity, risk, and cost to how the company runs its business.

Business Issues

The company needed to merge multiple data lakes due to changes in the company’s enterprise architecture and centralization of technology management. Because its business units were separate entities, they ignored governance, came up short on governance, or implemented rules too difficult to follow. Teams from each business unit oversaw governance, which created an inconsistent, unmanageable situation. 

When the machine learning and analytics team took over the Databricks effort, it  needed to find a coherent, consistent solution for data governance. From this point forward, IT governance—under the IT department, not security—managed overall governance. 

In working with each business unit, this team asked business-relevant questions, including: 

• Which job titles should have access to which data?
• Were there differences in requirements per business unit?
• Should everything be identical across the whole company?

Once the team had the answers it needed, it looked at Apache Ranger on Databricks. Because Apache Ranger doesn’t sufficiently manage policies on Databricks, the team evaluated other solutions, weighing critical factors, which included:

• System performance
• Column masking 
• LDAP/AD integration
• Automation to manage policies across different Databricks workspaces
• Integration with OKTA for Single Sign On (SSO)

Solution

This company chose Privacera for its ability to securely manage policies and users and enable access controls to multiple data sources while maintaining overarching governance and compliance requirements. Using Privacera, the team found it easy to add, revoke, and suspend privileges. And by centralizing governance on a single platform, the company could achieve its goal of moving from four groups to one group to oversee its data governance.

Likewise, the ability to centralize access management and audit modules made it easier for the internal data center of excellence to monitor compliance. The company also improved security by implementing a simpler, streamlined process for creating user and group access policies for multiple data sources. More importantly, it had a consistent way to meet regulatory requirements. A company representative said, “Role-based access governance is amazing. The ability to mask columns based on access is a real game-changer.”  

No matter how unique your data ecosystem, products, and processes are, Privacera can help future-proof your data security, access, and governance for greater scalability, connectivity, and competitive opportunities. Learn more in our whitepaper Data Security Maturity Model in 5 Steps. Read the whitepaper.