AtScale December Office Hours December 2018: Security with Matt Baird

AtScale December Office Hours December 2018: Security with Matt Baird

When you brushed your teeth this AM - 19,280 data records were lost or stolen in those 5 minutes.

Performance and Agility mean nothing if your data isn’t secure. AtScale is the only no-data-movement, multidimensional analytics solution that respects all platform specific security technology while layering on business class dataset, row, column and even cell level data protection.

In this month’s AtScale Office Hours we will have a 30 minute interactive discussion with AtScale CTO, Matt Baird, on how AtScale protects your data, provides data lineage and governance support in today’s hyper-complex enterprise environments. We will discuss how to think about the trade off between Opportunity and Risk when creating a self-service analytical data service.

Key Points

Table stakes

  • Certain standards for internet applications must be followed, specifically around encryption and protocols.
  • End to End TLS is line level encryption to avoid Man in the Middle and sniffing/listening attacks
  • LDAPS is the secure protocol for Active Directory and LDAP

Following the Standards

  • Supporting standards vs creating custom security. Security is tricky and by supporting standards you know you are using something that has been vetted by security experts
  • JWT, CORS, REST, etc all represent the current state of the art in API security


  • Authentication and Authorization represent who can login and what rights they have in the AtScale Role Based Access Control (RBAC)
  • Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet.
  • Multifactor Authentication for Business Intelligence tools in use cases that span cloud, on prem and secondary network analytics consumers.

No Data Movement

  • The minute you move data out of your enterprise repository either by loading it into an intermediary server, or by data extracts that feed Tableau or Excel you are entirely bypassing all the controls built to protect your data.

Enterprise Integration

  • Integration with enterprise standard technologies used to secure data is essential to a successful self service platform
  • Seamless, transparent support for platform level security technologies as well as with 3rd party solutions such as Blue Talon and Immuta.
  • Don’t Repeat Yourself - That means you shouldn’t replicate authorization systems, they need to either consult the first party or have an automatic synchronization.

Entitlements, Governance, Lineage and Regulations

  • AtScale’s True Delegation™ capabilities ensure that every query executed on the data warehouse is associated with the end-user who generated the query and satisfies the most stringent data governance and access auditing policies. The Platform works seamlessly with most data warehousing technology, and with Apache Sentry, Apache Ranger within the Hadoop Ecosystem. True Delegation fully supports LDAP, Active Directory, and Kerberos.

Business Security

  • Platform and data warehouse specific security often does not have the ability to model security at the business level.
  • AtScale provides row level, column level and cell level security that maps to the querying user’s groups in their - Active Directory or LDAP server.
  • AtScale provides a transparent filtering mechanism called a “security dimension” which ensures that security is straightforward to configure, automatically applied and optimized for high performance.

    Matthew Baird BIO Matthew is the CTO and a founder of AtScale. Prior to AtScale, he was CTO of Inflection, an enterprise trust and safety software platform, where his team developed Archives, acquired by He has built software and managed teams at PeopleSoft, Siebel Systems and Oracle.