Privacera Platform on AWS overview
This document covers the features of Privacera Platform on AWS.
Note
The AWS IAM best practices resource is helpful for configuring your AWS Identity and Access Management to support the use of Privacera.
Privacera Platform provides the following features:
Fine-grained Access Management: Privacera leverages Apache Ranger to provide column and row-level access control.
Automated Discovery and Classification: Privacera automatically scans structured and unstructured data to identify and tag it.
Encryption and Masking: Privacera uses format-preserving and other encryption techniques to anonymize data at rest.
Monitoring of User Access: Privacera analyzes user access history to determine if sensitive data is uploaded, moved, or accessed inappropriately.
Privacera Platform Portal overview
Privacera Portal is the primary user interface for the Launch Pad and the Privacera Access Management.
Launch Pad overview
To view the Launch Pad page, on the Privacera home page, click Launch Pad. The Launch Pad page displays with the following features:
AWS Console: Login directly to your AWS Console through this menu option.
AWS CLI: You can access AWS CLI through a generated Privacera token.
Privacera Token: You can manage Privacera Tokens for access management.
Databricks: Databricks is required for accessing your assets such as UI, API, and Command-line interface (CLI).
Access Management
Access Management provides a robust policy management layer leveraging several architectural techniques to control access to data. Key benefits include providing:
Single pane of glass for all access policies.
Performance and scalability
Column- and record-level security for a variety of different Data Sources.
Application | Current State | Privacera Solution | Policy Enforcement Point |
|---|---|---|---|
PrestoDB | PrestoDB Authorization | Ranger - Column Level | Plug-In |
EMR - Hive | SQL StdAuthorization | Ranger - Column Level, Dynamic Column Masking, Dynamic Column Encryption/Decryption, Dynamic Row Level Filtering | Plug-In |
EMR - Spark | IAM Policies (Bucket level) | Ranger - File/Object Level | Data Access Server |
Databricks | Databricks Access Control and S3 IAM policies | Ranger - Column Level, File Level, Dynamic Column Masking, Dynamic Column Encryption/Decryption, Dynamic Row Level Filtering | Plug-In |
AWS S3 | IAM Policies (Bucket level) | Ranger - File Level | Data Access Server |
Redshift | Database Grant/Revoke | Ranger - Table Level, Column Level | PolicySync |
Athena | IAM Policies | Ranger - Column Level | JDBC Proxy |
DynamoDB | IAM Policies | Ranger - Column Level | Data Access Server / Role Mapping |
Kinesis / Firehose | IAM Policies | Ranger - Stream Level | Data Access Server / Role Mapping |
Lambda | IAM Policies | Ranger - Function Level | Data Access Server |