Unified Data Security for AWS

Privacera partners with AWS to provide AWS customers with unified, transparent data security and access control across their AWS environment

Comprehensive data security for AWS with Privacera

Privacera provides a comprehensive, purpose built solution in cooperation with AWS. Privacera natively supports Unified Data Security Governance for over 20 data and analytic services on AWS, including S3, EMR, Athena, Redshift, Databricks, and Snowflake. In addition, Privacera has also integration with Amazon Lake Formation, providing two options for customers leveraging Lake Formation for data security governance for their AWS services. This means AWS customers can choose the solution that best fits their requirements.

For customers that are primarily using Redshift Spectrum and/or Athena and are using Amazon Lake Formation for data security governance, they can extend Lake Formation source coverage to Databricks and EMR using Privacera. They can, also, create and maintain access policies in one location in Lake Formation for Redshift Spectrum, Athena, EMR, and Databricks leveraging Privacera.

Alternatively, for customers that have a large number of diverse data services, but want to leverage Lake Formation for Redshift Spectrum and/or Athena, they can use Privacera to centrally create and maintain all access policies for all their data services with Lake Formation seamlessly extending Privacera for fine-grained data access for Redshift Spectrum. With Privacera and AWS, you can build a Unified Data Security Governance Solution that fits your needs.

Transform your data security and access governance with AWS and Privacera

Privacera in partnership with AWS delivers superior data security and access governance for organizations using AWS data and analytic services that delivers:

  • Greater data security.
  • Easier creation and management of compliance rules.
  • Ability to federate data security in order to allow data stewards to determine who can access what data for what purpose to remove IT bottlenecks, while having global data access and protection controls to maintain consistent data security and compliance.
  • Faster on-boarding of data and users.
  • Unified data security and access governance to build data security policies once, and deploy them to your multi-cloud and hybrid-cloud environments and data sources, simplifying and consistently applying data security governance policies across your entire data estate.

Increase your data security across your AWS environment

Data security and access control policies built in Privacera are natively enforced in AWS data and analytics services, such as S3, EMR, and even Lake Formation, as well as other services, such as Databricks and Snowflake running on AWS, to take advantage of Privacera’s advanced data security capabilities. Privacera delivers Attribute-Based Access Control (ABAC), Tag-Based Access Control (TBAC), Resource-Based Access Control (RBAC) with fine-grained access down to the table, column, and row level.

Privacera’s Unified Data Security Platform also delivers integrated data discovery and protection, allowing organizations to scan, identify, and tag or classify sensitive data that resides within AWS data and analytics services or other data services running on AWS and apply appropriate data masking and encryption, which can be integrated and used with ABAC, TBAC, and RBAC policies.

In addition, Privacera, data security and access control policies can be built with user attributes, which can be synced with IAM and active directory solutions, which allows organizations to define user attributes in a single system and use them with tag-based and resource-based data security and access controls, providing greater automation and security for your AWS services.

For instance, location attributes can be used to meet data residency rules or for geo-fencing data access, or if a data consumer changes functions or takes on more responsibilities, changes to their business function, department, or sensitive data access authorization can be immediately synced and captured in Privacera. Thus providing near instant updates to what data users have access to and what masking/encryption protections are applied to sensitive data that they are authorized to access.

Simplify creation and management of data compliance rules

Privacera allows for data privacy and compliance rules to be created once using our compliance workflows and applied across your AWS services, greatly simplifying implementation of regulations, such as GDPR, RTBF, CCPA, and HIPPA. And as rules evolve and modifications to security and access policies are needed, just update the relevant compliance workflow once and it is immediately applied across your entire data estate.

Federate data security and access governance

To remove IT bottlenecks and to streamline data security and access, Privacera supports a shared approach to data security and access governance, between security teams, data infrastructure owners and the business teams with deep knowledge about the data. With the Privacera and AWS partnership, a federated approach to data security and access governance can be implemented using Privacera and applied to your AWS data services.

Virtual business data domains can be created in Privacera, for instance a virtual marketing data domain. The benefits of a virtual business domain is that data does not need to be duplicated or moved, greatly eliminating the need for data proliferation. Privacera works natively with AWS services to ensures proper security, access, and ownership is enforced.

Data security and access responsibilities can be delegated to business data stewards or owners, thus allowing the business to implement business or functional specific security and access controls, as well as approval workflows, removing IT bottlenecks to data access and greatly enhancing data availability.

In addition, Privacera allows global data security and access controls to be centrally implemented, typically leveraging a combination of Attribute-Based Access Controls (ABAC), Tag-Based Access Controls (TBAC), and Resource-Based Access Controls (RBAC), which provide security and access guardrails to ensure that all corporate level data security and access policies are automatically enforced independently of the actions of data owners and stewards.

For instance, a data classification policy that only individuals with a certain classification level can access certain sensitive data in the clear, while it will be masked or encrypted for everybody else, can be created at a global level, ensuring that the sensitive data is always protected from unauthorized access. This applies even if a data steward grants access to an unauthorized data consumer. The Privacera AWS solution provides a secure federated approach to data security and access, allowing organizations to get the most value out of their data, while maintaining a robust data security framework.

Support for multi-cloud and hybrid-cloud environments

Privacera delivers greater data security and access governance to your AWS environment at every point in your data stack including S3, but many organizations have complex data and analytics ecosystems that may include multi-cloud and hybrid-cloud environments.

Privacera as a Unified Data Security Platform supports all 3 major cloud providers with over 50 data, governance, and security connectors and integrations, which allow you to create data security and access policies once and apply them across your entire multi or hybrid-cloud data ecosystem, simplifying data security and access management, while ensuring consistent application of data security and access controls across your entire data estate.

Global policies using user attributes and data attributes (tags and classifications) can be applied no matter what source or cloud ecosystem the data resides in and data stewardship virtual business data domains can be created across diverse data ecosystems, allowing a data stewardship model to be applied no matter where the data resides. And Privacera data discovery and masking/ encryption works across diverse data services and environments. By allowing consistent data tagging and classification rules, polices and controls can be applied consistently. With Privacera’s Unified Data Security Platform you can manage data security and access governance easily across your entire data estate.

On-board new data and users into AWS

When you are using Privacera to manage data security and access governance across your entire data estate, on-boarding new data and users into AWS services is greatly accelerated, since existing data security and access policies can simply be applied to the new data and users. There is no need to create new policies or controls. New data is automatically scanned for sensitive data, and tagged or classified, allowing for sensitive data policies to be applied.

In addition, since Privacera is based on open standards, any legacy systems that manages data access via Apache Ranger can simply lift and shift data access policies from Apache Ranger to Privacera. This removes access policy migration out of the critical path for any data modernization, migration, or on-boarding initiative. Privacera can even accelerate on-boarding or migration of data and users from one cloud environment into AWS, since existing data policies for data services in one cloud environment can be simply applied to data services in the AWS environment. When new users are added, Privacera accelerates their time to insights, by allowing existing data security and access controls to be applied to the new user, which can be automated using user attributes synced directly with identity access management or active directory solutions.

Related Resources

Accelerate Hadoop Migration to Amazon EMR with Privacera
Read More
Secure Your Data Mesh Architecture on AWS
Watch the Video
Privacera Achieves AWS Data and Analytics Competency Status
Read More