PrivaceraCloud provides access controls to secure data in the following cloud-native services and data warehouses:
EMR (Hive & Presto)
Azure Data Lake Storage (ADLS)
PrivaceraCloud supports access control of your data engines irrespective of where they are running as long as they are able to connect to PrivaceraCloud end-points, which is hosted in AWS Cloud. We are also working on creating a parallel PrivaceraCloud end-points in Azure Cloud.
Tenant Administrators can configure PrivaceraCloud to import users, groups, and roles from their company’s user directories (Active Directory or LDAP directory service) into PrivaceraCloud. Users, groups, or roles information is refreshed at a regular interval into PrivaceraCloud.
Yes, PrivaceraCloud is a multi-tenant solution, designed to keep the customer information (such as data access policies, user/ group/ role information) in a tenant-isolated data storage.
No, we do not store any of the customer data in PrivaceraCloud. PrivaceraCloud stores only metadata which is required to author access control policy information for customer’s data.
You can signup at https://privacera.wpengine.com/try-privaceracloud. You can use the sandbox tutorial to learn more about the PrivaceraCloud and how it can put you in control of your business data.
Privacera Platform typically runs on customer infrastructure where the customers download our (Privacera) software and install it on their on-premises hardware or customers cloud account. PrivaceraCloud is a hosted solution where the customer does not need to install, maintain or update the software. Using PrivaceraCloud’s multi-tenant end-points, customers are able to define and enforce secure data access policies for their data and analytics workloads.
There is nothing to install with PrivaceraCloud. Just signup as a tenant and start using it within 5 minutes.
We have taken the following function and solution steps to make PrivaceraCloud enterprise-grade.
Network Security: Native Cloud (Aws, Azure) Security
Authentication: Corporate Directory based Authentication
Access Control Framework: Role-based access control (RBAC) Attribute-based access control (ABAC)
Data at Rest: 100% tenant Isolation,Encrypted at REST (AES)
Data in Transit: TLS/SSL
Secrets Management: PrivaceraVault
Privacera works with over 50 file types, including structured types (Apache Avro, Apache Parquet, CSV), semi-structured types (JSON, XML), and unstructured types (documents, PDF).
Privacera enables you to configure confidence levels for discovery and classification. Depending on the confidence level, certain discovery results are surfaced for manual review. A data steward or a data owner can accept or reject the classification results. The Privacera classification engine learns from manual reviews and reduces the rates of false positives over time.
Governance and compliance teams can easily build custom rules or machine learning models for custom data types.
Privacera can help quarantine data or anonymize sensitive data if sensitive data is discovered in a specific system. Users can also create automated workflows for sensitive data based on predefined policies.
Privacera can integrate with your Active Directory, LDAP and can synchronize the user and group information for use in creating policies.
Privacera policy managers can use tags to create data access policies. Tags can be used as substitutes for file or table names.
Privacera policies can be easily created using REST APIs and can be incorporated into DevOps scripts for onboarding or cluster creation.
Encryption and Masking
Encryption uses keys and algorithms to create random pseudo characters for a given value. Encrypted values can be reversed with the key and by applying a decryption algorithm. Encryption can be used when data needs to be protected at rest and in use, while enabling certain users to reverse the encryption and get the original data back. Masking data is typically one-way and not reversible. Masking can be used to remove PII data altogether.
Privacera can store keys in the external hardware security module (HSM) or cloud-based key vaults.
Privacera does not replace IAM. Depending on the AWS service, Privacera can manage IAM roles and user assignments based on configured policies.
Privacera differs from other solutions that act as middlemen for managing data requests and accessing data on behalf of the service. Privacera’s lightweight access enforcement points adds minimal processing to an existing user request.
Privacera is implemented within the customer’s Amazon Virtual Private Cloud or AWS account.
Privacera and Databricks
Privacera plugins, based on Apache Ranger, can enforce fine-grained access management in Databricks and Apache Spark. Privacera plugins are automatically initiated when a Databricks cluster is started.
Privacera differs from other solutions that try to manage data requests from Apache Spark and access data on behalf of the service. Privacera’s lightweight access enforcement points quickly check a request and let it process if there is a corresponding policy granting access.
Privacera works across any metadata store for Databricks, including Hive metadata stores and AWS Glue. Privacera can also enable tag-based access policies based on data classifications.
Privacera and Azure
Privacera plugins, based on Apache Ranger, enforce fine-grained access management in Apache Spark, Apache Hive, Apache HBase as well as in traditional databases such as SQL Server. Policies are managed centrally in the policy UI and enforced using Privacera plugins or data server (proxy).
Privacera discovery engine constantly monitors Azure Storage for new files and databases for new tables. When new data is detected, the Privacera discovery engine is automatically triggered and scans the new file or table.
Privacera works across any metadata store for Microsoft Azure, including Azure Data Catalog. Privacera synchronizes and stores data classifications in its own metadata store and enables tag-based access policies based on data classifications.