Unified data security and access governance for Databricks Unity Catalog and non-Unity Catalog Datalakes
Privacera natively connects to both Unity Catalog and non-Unity Catalog Databricks workspaces, allowing Unified Data Security and Access Control across workspaces and across Databricks Unity Catalog and legacy Databricks environments, so data policies can be created once and applied easily and consistently across your entire Databricks environment. Privacera’s native connections means that all data policies created in Privacera are enforced by Unity Catalog or the underlying Databricks service, eliminating any single points of failure, or any potential latency or scalability concerns.
Supercharge your data security and access governance with Databricks and Privacera
Privacera, in partnership with Databricks, delivers a superior data security and access governance solution by allowing organizations using Databricks with or without Unity Catalog to provide advanced data security capabilities that allow:
- Greater data security.
- Easier creation and management of compliance rules.
- Ability to federate data security in order to allow data stewards to determine who can access what data for what purpose to remove IT bottlenecks, while having global data access and protection controls to maintain consistent data security and compliance.
- Faster on-boarding of data and users.
- Unified data security and access governance environment to build data security policies once, and deploy them to all your Databricks and non-Databricks data sources, simplifying and consistently applying data security governance policies.
Increase your Databricks data security
Data security and access control policies built in Privacera are natively enforced in Databricks and allows Databricks environments to take advantage of Privacera’s advanced data security capabilities. Privacera delivers Attribute-Based Access Control (ABAC), Tag-Based Access Control (TBAC), Resource-Based Access Control (RBAC) with fine-grained access down to the table, column, and row level no matter if you are using Databricks with or without Unity Catalog.
Privacera’s Unified Data Security Platform also delivers integrated data discovery, allowing organizations to scan, identify, and tag or classify sensitive data that resides within Databricks, which can be integrated and used with TBAC policies.
In addition, Privacera, data security and access control policies can be built with user attributes, which can be synced with IAM or active directory solutions, which allows organizations to define user attributes in a single system and use them with tag-based and resource-based data security and access controls, providing greater automation and security to the Databricks environment.
For instance, location attributes can be used to meet data residency rules or for geo-fencing data access, or if an data consumer changes functions or takes on more responsibilities, changes to their business function, department, or sensitive data access authorization can be immediately synced and captured in Privacera. Thus providing near instant updates to what data users have access to and what masking/encryption protections are applied to sensitive data that they are authorized to access.
Simplify creation and management of data compliance rules
Privacera allows for data privacy and compliance rules to be created once using our compliance workflows and applied across your Databricks environment, greatly simplifying implementation of regulations, such as GDPR, RTBF, CCPA, and HIPPA. And as rules evolve and modifications to security and access policies are needed, just update the relevant compliance workflow once and it is immediately applied across your entire data estate.
Federate data security and access governance
To remove IT bottlenecks and to streamline data security and access, Privacera supports a shared approach to data security and access governance, between security teams, data infrastructure owners and the business teams that have deep knowledge about the data. With the Privacera and Databricks partnership, this federated approach to data security and access governance can be implemented in Privacera and applied to your Databricks environment.
Virtual business data domains can be created in Privacera, for instance a virtual marketing data domain. The benefits of a virtual business domain is that data does not need to be duplicated or moved, greatly eliminating the need for data proliferation, while Privacera working natively with Databricks ensures proper security, access, and ownership is enforced. Data security and access responsibilities can be delegated to business data stewards or owners, thus allowing the business to implement business or functional specific security and access controls, as well as approval workflows, removing IT bottlenecks to data access and greatly enhancing data availability.
In addition, Privacera allows global data security and access controls to be centrally implemented, typically leveraging a combination of Attribute-Based Access Controls (ABAC), Tag-Based Access Controls (TBAC), and Resource-Based Access Controls, which provide security and access guardrails to ensure that all corporate level data security and access policies are automatically enforced independently of the actions of data owners and stewards. For instance, a data classification policy that only individuals with a certain classification level can access certain sensitive data in the clear, while it will be masked or encrypted for everybody else, can be created at a global level, ensuring that the sensitive data is always protected from unauthorized access. This applies even if a data steward grants access to an unauthorized data consumer. The Privacera Databricks solution provides a secure federated approach to data security and access, allowing organizations to get the most value out of their data, while maintaining a robust data security framework.
Unify data security for Databricks and your entire data estate
Privacera delivers greater data security and access governance to your Databricks environment, but many organizations have complex data and analytics ecosystems that contain other data services. Privacera as a Unified Data Security Platform supports over 50 data, governance, and security connectors and integrations, which allow you to create data security and access policies once and apply them across your entire Databricks and non Databricks data ecosystem, simplifying data security and access management, while ensuring consistent application of data security and access controls across your entire data estate.
Global policies using user attributes and data attributes (tags and classifications) can be applied no matter what source the data resides in and data stewardship virtual business data domains can be created across diverse data services, allowing a data stewardship model to be applied no matter where the data resides.
And Privacera Data Discovery and masking/encryption works across diverse data services as well, allowing consistent data tagging and classification rules to be applied consistently, as well as consistent application of data protection rules. With Privacera’s Unified Data Security Platform you can manage data security and access governance easily across your entire data estate.
On-board new data and users into Databricks, faster
When you are using Privacera to manage data security and access governance across your entire data estate, on-boarding new data and users into Databricks is greatly accelerated, since existing data security and access policies can simply be applied to the new data and users, no need to create new policies or controls.
New data can also be automatically scanned for sensitive data, and tagged or classified, allowing for sensitive data policies to be applied. In addition, since Privacera is based on open standards, any legacy systems that manages data access via Apache Ranger can simply lift and shift data access policies from Apache Ranger to Privacera, removing access policy migration out of the critical path for any data modernization, migration, or on-boarding initiative.
Privacera can even accelerate your legacy Databricks to Databricks Unity Catalog migrations, since existing data policies for legacy Databricks environments can be simply applied to Unity Catalog and Privacera’s native integration means that Unity Catalog will enforce those policies on the newly migrated data. When new users are added, Privacera accelerates their time to insights, by allowing existing data security and access controls to be applied to the new user, which can be automated using user attributes synced directly with IAM or active directory solutions.