Mar 17, 2022
Better Together: Data Mesh and Unified Data Access Governance, Part 2
Read More
While enterprises chase the data-driven dream, a few forward-thinking companies are unlocking benefits over their peers through self-service data access and governance. The challenge for architects today goes beyond how to collect, store, or process data. How do they provide safe and timely access to insights for analytic and data science teams? Implementing policies in an agile fashion is where secure data access often gets bogged down. Ignoring data governance leads to dire consequences.
Balancing Data Democratization with Security, Privacy, and Compliance Concerns
The growing list of privacy regulations and changes in consumer preferences are putting organizations on notice to use data responsibly. Balancing the demand for proper access to data within a centralized system pits different internal groups against each other, resulting in friction and a lack of analytical agility. Data scientists often demand rapid access to a wide swath of data, determining which portions are essential to discovering actionable insights. On the flip side, privacy and security teams often must insist no one should have access to personal identifiable information (PII) and other sensitive data without a full system of accountability. It doesn’t stop there though. There’s also the growing, diverse, and hybrid multi-service and multi-cloud data estate for which you need to manage and create data access policies. The makings of perilously fragile processes.
Data Security and Access Governance Defined
It comes as no surprise that data access governance is emerging as one of the next big disciplines organizations need to master in their effort to do data at scale while remaining compliant. In short, data access governance is part of the larger data governance landscape. For simplicity, one can describe this landscape in three parts:
- Data quality and reference data management: improving the quality of data and standardizing data elements.
- Data catalogs, data lineage, and data discovery: describing data to enable better understanding and knowledge of where data lives and what it means.
- Data access governance: identifying sensitive data as well as executing and enforcing data security and compliance policies for access, data masking, and data encryption.
Data Security and Access Governance Approaches
Most enterprises are already working on data access governance in some form. But a significant factor that separates leaders from the pack is automated execution. There’s a massive difference in your costs and outcomes when you automate your data security versus doing it manually. For example, what would it look like to have faster onboarding of new data or new users onto your platform? Or what if you had a 1,000-fold reduction in the number of policies your teams are maintaining?
Here are the approaches the market is evolving around this discipline:
| Approach | Description | Pro | Con |
| DIY: Native in Data Service (e.g. Snowflake, Databricks, S3, etc.) | Policy is coded in every technology by an IT admin function. | Native enforcement of policies as a start toward governance within single silos. | Slow, costly, inconsistent, and difficult to audit. Manual re-creation of one policy into every data source is prone to failure.Impossible to get a single auditable view. |
| DIY: Native in Cloud Platform | Part of your major data or cloud provider (e.g. AWS Lake Formation or Databricks Unity Catalog). | Native enforcement and fine-grained controls for some services on the cloud platform. | No outside enforcement for third-party sources.Often lack key capabilities such as discovery, tagging, ABAC, and RBAC. |
| Unified Data Security Platform | A unified platform that enables the creation of policies in a common UI. Enforces and executes policies across your entire data estate. | Design policies once, enforce and execute anywhere. Native policy enforcement in the underlying data service, including advanced tag-based, ABAC and RBAC policy creation. | Some architectural implementations could result in all queries processing via a proxy or virtualization layer, significantly impacting query performance. |
Unified Data Security and Access Governance
With a singular experience for creating, managing, enforcing, and executing policies, it’s clear a unified approach to data access governance has tremendous advantages for teams over outdated, manual, or platform adjuncts. A single view for audits and reports on the location of sensitive data, the policies in place, and the access events on related data make compliance much simpler and easier.
Here are key best-in-class considerations when selecting a unified data security platform:
- Universal data coverage: You want a platform that allows you to create policies centrally and then consistently and natively enforces those policies to reduce complexity across hybrid cloud multi-service data estates. Build once, deploy everywhere.
- Transparent to end users: There’s no impact to query performance and no need to make changes to end-user queries when you leverage native integration and enforcement of policies across diverse data services.
- Automated: Policies are created centrally and automatically translated into data service-specific commands. Built-in approval workflows automate access requests and new policy creation.
- Open standards: Based on open standards and leverages the proven Apache Ranger architecture to provide the broadest range of pre-built integrations with structured and semi-structured data sources as well as identity management solutions.
- Future proofed: Easily add new data sources. Built-in support for regulations such as General Data Protection Regulation (GDPR), System and Organization Control (SOC), California Consumer Privacy Act (CCPA), Payment Card Industry (PCI), Federal Information Security Modernization Act (FISMA), Gramm-Leach-Bliley Act (GLBA), HIPAA, LGPD, and others.
Why Select Privacera?
Privacera is a Unified Data Security Platform founded by the creators of Apache Ranger and Apache Atlas. Privacera has the engineering vision and leadership that started securing data at scale for Hadoop, and is now solving this for the new paradigm of the cloud-based modern data estate. See for yourself why leading organizations and Fortune 100 enterprises trust Privacera’s unified data access governance—request a demo today.
Author
