How Privacera Enhances Amazon EMR Access Control Through Apache Ranger

As companies realize the importance of data security and governance in the cloud, access control is emerging as an important component of public cloud providers’ architectures. For example, Amazon EMR now offers authorization and audit capabilities with version 5.32 for Apache SparkSQL, Amazon S3, and Apache Hive through plugins that integrate with Apache Ranger 2.0. To learn more about this and how Privacera reinforces and extends these capabilities to our joint customers, read our blog.

Amazon EMR enables access control with Lake Formation through Secret Agent and Record Server. Apache Ranger is used to provide controls for users’ requests to access data for Apache Spark and Apache Hive workloads on EMR.

Enterprise-Grade Readiness with Privacera’s Extended Capabilities

Apache Ranger’s integration with cloud services like EMR provides a great starting point for companies to implement fine-grained access controls as they migrate their analytical workloads to the cloud. By connecting EMR’s Record Server to Privacera’s Ranger-based data access governance platform, companies have the ability to sync their existing policies with their EMR solution and extend Apache Ranger’s open source capabilities to take advantage of Privacera’s centralized, enterprise-ready solution.

With Apache Ranger Plugin provided by Privacera, customers receive comprehensive, fine-grained access control for SQL Tables at following levels:

• Table
• Column
• Column Masking
• Row Filtering
• Tag-based Policies
• View-based Access Control for Row Filtering & Column Masking

With EMR Record Server’s Apache Ranger plugin connected to Privacera’s Ranger-based data access governance platform, customers get broader coverage, administration capability, and support for high availability — resulting in more robust data privacy and data security. Privacera’s broadened capabilities include:

• Simplified user interface built on a modern framework to optimize the speed and performance of managing policies
• Secure installation and deployment of Privacera Platform as cloud-native containerized application in Kubernetes (in addition to VM)
• Support for high availability to minimize downtime and recover automatically from component or server failure
• Enhanced access audit reporting using a centralized Audit Server through which Audit Information can be streamed to messaging services such as Apache Kafka and also stored in object destinations such as S3, ADLS, etc. in optimized formats (e.g. ORC)
• Native support of multiple authentication frameworks including SSO to web UI via SAML, Azure AD, OAuth, OpenID Connect with Privacera Portal
• Privacera can sync users and groups with any repository that supports SCIM standard, in addition to LDAP, AD, and Linux (read our blog on this topic)
• Sensitive data discovery and classification with data dictionaries, patterns, and models in cloud stores like S3, ADLS, Snowflake, Databricks, Synapse, and others
• Comprehensive visibility of access governance process through pre-built reports and aggregated audit data across S3 and ADLS using a centralized Audit Server that publishes to services like Apache Kafka
• Tag-, role-, and attribute-based access policies
• Field- and column-level encryption, column masking, and row-filtering capabilities
• Privacera Encryption Gateway (PEG) that provides flexible encryption schemes, as well as policy-based encryption and decryption using NIST standards

Additionally, Privacera customers can take advantage of PrivaceraCloud–a fully-managed data access governance SaaS solution–to simplify their data governance capabilities across cloud services through a single unified interface. PrivaceraCloud alleviates manual installation or software upgrades and accounts can be configured in minutes.

To learn more about how the Privacera Platform extends Apache Ranger capabilities and provides a fully-automated data access governance solution for cloud, multi-cloud, and hybrid cloud environments, contact us.