Many organizations take a centralized approach to data security and access management, which creates a massive burden on IT to not only understand every security and compliance rule, but who should access what data and for what purposes. Other organizations take a decentralized approach to data security and access management, which leads to data, security, and access silos. Both of these approaches lead to people not being able to get the data that they need with adverse business impacts and security and compliance gaps due to inconsistent application of data security and compliance rules across the enterprise. Privacera allows organizations to take a federated approach to data security and access management, removing IT bottlenecks, making data highly accessible, while improving data security and compliance.
- Shared Data Security Ownership Model
- Creating Global Data Security Policies
- Promoting Data Stewardship for Business Specific Policies
- Streamlined Data Access
A federated approach to data security removes IT bottlenecks by allowing the creation of centralized global policies that are applied across your entire data ecosystem to ensure consistent application of data security policies, while delegating local data security to the teams that understand the data the best, data owners and stewards.
Shared Data Security Ownership Model
Create a data security model that allows data owners and stewards the ability to implement local data security rules and manage who can access their data and for what purpose, while maintaining global security guardrails. Privacera enable the creation of virtual business data domains that can be assigned to data owners/stewards, allowing them to set business specific data security and compliance controls, and grant access to users requesting data via built-in or external approval workflows. The benefits of a virtual business domain is that data does not need to be duplicated or moved, greatly eliminating the need for data proliferation. In addition, data security and access controls can be set up globally, ensuring that data stewards do not inadvertently provide access to data that violate company data security policies. This federated approach to data security ensures business ownership and agility, while keeping data secure.
Creating Global Data Security Policies
Privacera allows global data security and access controls to be centrally implemented, leveraging a combination of Attribute-Based Access Controls (ABAC), Tag-Based Access Controls (TBAC), and Resource-Based Access Controls (RBAC), which provide security and access guardrails to ensure that all corporate level data security and access policies are automatically enforced across your entire data estate independently of the actions of data owners and stewards. For instance, a data classification policy that only individuals with a certain classification level can access certain sensitive data in the clear, while it will be masked or encrypted for everybody else, can be created at a global level, ensuring that the sensitive data is always protected from unauthorized access. This applies even if a data steward grants access to an unauthorized data consumer.
Creating Local and Business Specific Data Rules
Data stewards can create local and business specific data security and access rules. For business and local specific security and compliance rules, they can use data attributes (data tags and classification) that were auto generated using Privacera sensitive data discovery, tag/classifications imported by third party systems, or manually created tags/classification to create data security and access controls across their entire business domain, with a build one data access policy and apply it across your business data domain approach. They can also combine user attributes (ABAC) with data attributes and compliance workflows to further simplify and automate data access control creation and management. Data Stewards can also apply specific data security and access policies to specific files, tables, columns and rows, in an easy to use interface, providing fine-grained control over who can access what data and how it is protected.
Streamlined Data Access
Privacera has a built in data request and approval workflow, but can also be intgrated with 3rd party workflows. A data consumer can request access to data with the request going to the data owner/steward. Upon appropriate approval(s) for access, Privacera automatically creates the access control with no manual access control authoring required, making access to the data near instantaneous. Data access can be created for a specific purpose and for a specific time to further ensure proper use of data. The solution can also be integrated with data catalogs, like Collibra or Alation and integrated into their workflow greatly streamlining the data access process. So, if access is granted, using Collibra Data Marketplace, Privacera would automatically create the access control and provision access to the data consumer, no need to create JIRA tickets and burden the data steward or IT with the time and effort required to manually create the access controls, which might span multiple data systems and business data domains. This approach greatly streamlines data access, which is a cornerstone to a data driven organization, while maintaining robust data security and compliance.