Extending AWS Lake Formation with Privacera

Extending AWS Lake Formation with Privacera. Stop Choosing. Leverage the best of both worlds.

With our latest private preview of the AWS Lake Formation connector, Privacera now extends AWS Lake Formation sources, capabilities, and environmental reach.

Our customers use a wide variety of data security governance products to provide fine-grained data access, as well as data masking, data discovery, and data classification for their data sources.

Privacera is a Unified Data Access Governance Platform, providing its own robust data security governance capabilities, such as fine-grained data access, data encryption, masking, discovery, classification, and centralized audit capabilities. Due to the complexity of modern data analytics infrastructures, and customers needing to use a variety of data access tools for myriad reasons, building a unified platform is key. With the mission of serving the entire enterprise, we understand the importance of native integration with other products, granting organizations’ a unified portal to create, manage, audit, and report on all data security governance needs across the entire organization.

AWS Lake Formation provides native fine-grained data access for several AWS services, including Amazon Athena, Redshift spectrum, and EMR, based on Amazon Glue. AWS Lake Formation also provides consistent data access policies across AWS accounts for supported services. The private preview of our AWS Lake Formation connector allows us to integrate natively with AWS Lake Formation and translate data access policies created in Privacera into AWS Lake Formation policies. This means organizations can extend the use of AWS Lake Formation to include other sources. They can integrate Privacra with AWS Lake Formation to take advantage of the benefits and capabilities of both solutions, creating a better-together value proposition.

Privacera natively supports all the AWS Lake Formation capabilities, such as table, column, row-level fine-grained access control, resource-based access control (RBAC), tag-based access control, and data masking. And since Privacera also supports consistent data access policies across AWS accounts, we also take advantage of AWS Lake Formation’s cross-account support. For those of you using or considering AWS Lake Formation, there are many reasons to use Privacera to extend capabilities, including:

  • Extended source support
  • Centralized auditing for all sources
  • Extended to hybrid and multi-cloud
  • Secure data sharing for all sources
  • Automated compliance
  • Fine-grained access control for semi-structured Amazon Simple Storage Service (Amazon S3) files
  • Data access policy simplification and automation
  • Attribute-Based Access Control (ABAC) support and integration


Value-Added Capabilities and How You Benefit

Extended source support: The most common scenario is the need to provide unified fine-grained data access for sources not supported by AWS, including sources that don’t use or support AWS Glue. Privacera supports over 50 data and analytics sources, including most AWS services and third-party data and analytics sources, such as Databricks, Snowflake, and Starburst, hosted on AWS. By adding Privacera to AWS Lake Formation, you can provide consistent fine-grained data access controls in a single interface to all your data and analytics sources and data access policies enforced by AWS Lake Formation—ensure consistency with other data access policies. You can also view sensitive data and audit capabilities in a single consolidated location.

Extended to hybrid and multi-cloud: Privacera supports a wide range of on-premises sources, as well as native and third-party Google and Azure sources. By adding Privacera to AWS Lake Formation, customers can manage all their data security governance needs for sources within AWS, as well as Google, Azure, and on-premises, from the unified Privacera data security platform running as SaaS on AWS or self-managed within a Virtual Private Cloud (VPC). This will allow customers to have a single data security interface for all their hybrid and multi-cloud sources, simplifying administration, providing greater visibility and agility, and delivering consistent data access security and policies across your entire data and analytics ecosystem.

Centralized auditing for all sources: We provide centralized data security audit and reporting capabilities for AWS Lake Formation and all other Privacera-supported data and analytics services, whether you’re using multiple services on AWS or incorporating services on other cloud providers or on-premises data sources.

Secure data sharing for all sources: Our platform allows IT to delegate data authorization to data stewards and owners, providing an approval workflow to streamline data requests and authorizations for data consumers. This removes IT bottlenecks, reducing the load on IT, while accelerating the process of data consumers gaining access to authorized data. In addition, our solution allows for data access to be granted for a specific analytical project, including the ability to stipulate a time frame, ensuring authorized data is used properly. By combining Privacera with AWS Lake Formation, these capabilities extend to all sources we support, including Lake Formation.

Compliance automation: We offer built-in workflows allowing for compliance automation for a variety of regulations such as General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and The Right to be Forgotten (RTBF). This enables organizations to more easily meet their compliance, auditing, and reporting requirements, while consistently applying compliance policies to all data across the enterprise.

Fine-grained access control for semi-structured S3 files: Privacera is the only solution that delivers fine-grained access control for semi-structured S3 files. By adding Privacera to your AWS Lake Formation deployment, you will gain greater data security for S3 data.

Quote from Privacera CEO Balaji Ganesan on the importance of access controls and automation to manage data governance.

Data access policy simplification and automation: Privacera adds a host of capabilities to simplify and automate your data access controls. By adding Privacera to Lake Formation, you can create policies that specifically deny access to sensitive data, which would take precedence over any data access grants. This allows for an even higher degree of security over your most sensitive data. Additionally, Privacera can grant data access using wildcards, so future data that follows a prescribed metadata taxonomy can be accessed by authorized users without any additional data access policy creation. This makes data access for authorized users instantaneous. 

Our solution also allows the creation of data access custom conditions. For instance, if an individual is authorized to access certain PII data, but only after completing PII training, a custom condition and workflow can be created. Upon the successful completion of the required training, the authorized data consumer would be automatically and immediately granted permission for the PII data. These capabilities dramatically reduce policy administration time and accelerate time to insights.

ABAC support and integration: You can integrate our solution with active directory and Lightweight Directory Access Protocol (LDAP) solutions such as Okta. User attributes from these tools can automatically incorporate within Privacera, and data access policies can be created based on these user attributes. This also dramatically reduces policy administration time and accelerates time to insights. Imagine onboarding a new user into Okta with that user immediately and automatically gaining access to authorized data based on their attributes. Lake Formation will seamlessly be able to take advantage of this capability when integrated with Privacera.

By combining Privacera with AWS Lake Formation, you can take advantage of the deep AWS integration and rich functionality of AWS Lake Formation, while extending to other sources, environments, and enhanced capabilities with Privacera. And as AWS Lake Formation expands source support and capabilities, our integration will also evolve, allowing you to take full advantage of new AWS Lake Formation capabilities, while continuing to benefit from our third-party source reach.

To see Privacera and AWS Lake Formation in action, request a demo today.


Contact Privacera for a Data Governance and Security Demo Today