Security & Governance in Action
Security and governance are top of mind in an era where data is everywhere and bad actors are trying to steal it. But it’s not just hackers we need to worry about. Providing inappropriate data access to people inside the firewall can be just as damaging to our customers and our company’s reputation. There are a myriad of tools dedicated to keeping our data safe. In today’s post, we’ll focus on data governance and security and making sure that your business users and data scientists have governed access to the data they need.
The Data Governance Control Plane
We hear a lot about software tools that scan and catalog your data assets for metadata tagging and policy management. These are great tools for organizing your data assets and defining workflows for enhancing it with metadata, definitions and access rules. However, there’s not much talk about enforcing those definitions and access rules. What good is it to have a well organized catalog of data if anyone can subvert it with a simple Excel worksheet, Tableau report or errant SQL query? As a virtualized data abstraction layer, AtScale can do more than just present a single source of truth for your data assets. As a single analytics control plane, AtScale can be the single point of entry for every analytical query so you can enforce those policies you so carefully curated.
The Front Door
The era of tool specific authentication systems is over. It’s simply not feasible for an enterprise to manage a security layer for every entry point into their data universe. AtScale can be that front door that secures access to your data whether it’s on-premise in a traditional data warehouse, in a data lake or in the cloud. AtScale will make sure that whoever knocks on that door, whether it’s a BI user, a data scientist, an application or SQL query, will see the same data and play by the same rules.
See how AtScale integrates with your SSO via Active Directory, LDAP or SAML (2 minute video):
Controlling Who Sees What
In this era of privacy and regulation, it is critical to enforce rules to keep certain data safe. One obvious example is personally identifiable information, or PII. The fines for mishandling PII can be prohibitive and exposing it to the wrong people can permanently damage your company’s reputation. But these consequences go far beyond just PII. For example, exposing certain financial information in a report or spreadsheet can make employees subject to insider trading rules. It’s imperative to enforce rules broadly and consistently in a scalable fashion to prevent unwanted data sharing. With AtScale’s single semantic layer and Perspectives features, data fields are explicitly screened and filtered for access according to a centralized set of rules. These rules apply to everyone, whether it’s a business user, data scientist or an application.
See how AtScale applies column level security using Perspectives (1 minute video):
Metadata Is Not Enough: Dynamic Filtering
So far we’ve locked the front door (SSO authentication) and put up some window shades (Perspectives). This is a good start but we need to take our governance and enforcement a step further. In many scenarios, we may need to exclude entire sets of data from access. For example, if I’m a sales executive with a territory in the East, I may not have access to see sales in the West. In this example, we need to apply user-based, data filtering rules dynamically at query time. In AtScale, we use Security Dimensions to apply this type of “row level” security. With Security Dimensions, users can define data driven rules that will dynamically generate a SQL “WHERE” clause and apply it to every query where appropriate. Security Dimensions drastically simplify data access rules and eliminate unnecessary data copies.
See how you can apply row level security through AtScale (3 minute video):
If you’re like me, your data universe is rapidly expanding. Data is on-premise, in the cloud, in data lakes and in files. There are more tools that need access to data than ever before. The time is now to invest in a centralized, data governance control plane to manage and enforce data access for all.
To learn more about how AtScale helps you secure and govern data once, company-wide, download our white paper Big Data and Governance.