This webinar is part of the series: Data Virtualization Packed Lunch Webinars: https://goo.gl/W1BeCb
Security, data privacy, and data protection represent concerns for organizations that must comply with policies and regulations that can vary across regions, data assets, and personas.
Attend this session to learn how to employ data virtualization for:
Customizing security policies in the data abstraction layer,
Centralizing security when data is spread across multiple systems residing both on-premises and in the cloud, and
Controlling and auditing data access across different regions.
Agenda:
DV for Security and Governance
Product Demonstration
Summary & Next Steps
Q&A
Watch entire webinar on demand here: https://goo.gl/ipOQmW
Centralize Security and Governance with Data Virtualization
1. DATA VIRTUALIZATION PACKED LUNCH
WEBINAR SERIES
Sessions Covering Key Data Integration Challenges
Solved with Data Virtualization
2. Centralize Security and Governance with
Data Virtualization
Paul Moxon
VP Data Architectures & Chief Evangelist, Denodo
Phoebe Bakanas
Sales Engineer, Denodo
3. Agenda
1. Security and Governance in a Modern Data Architecture
2. Security and Governance with a Data Abstraction Layer
3. Security in a Hybrid Environment
4. Product Demonstration
5. Q&A
6. Next Steps
3
6. The Solution – A Data Abstraction Layer
6
Abstracts access to
disparate data sources
Acts as a single repository
(virtual)
Makes data available in
real-time to consumers
DATA ABSTRACTION LAYER
“Enterprise architects must revise their data
architecture to meet the demand for fast data.”
– Create a Road Map For A Real-time, Agile, Self-Service Data
Platform, Forrester Research, Dec 16, 2015
7. Different Data Sources – Different Security Models
• Databases/EDW – Mature RBAC model
• Hadoop – Kerberos
• Cloudera – Apache Sentry and Knox
• Hortonworks – Apache Ranger and Atlas
• Cloud – OAuth 2.0 (?)
• Files – Binary – Read access or none
• Web Services – Multiple models
• In many cases, the consumer has to deal
with these different security models and
technologies
7
10. Abstracting Data Source Security
• Data Virtualization layer abstracts different data source security
models
• Provides single data model to consumers
• Role-based Access to data on need basis
• Removes data silo security
• Hides complexity of different security models and maturities
• Supports well-known model (RBAC) with fine grained controls
• Row, Column, Value level of access control
• Data access and privacy rules enforced ‘on the fly’
10
11. Abstracting Data Source Security
• Data Virtualization layer provides
single point of control
• Implement security constraints once
• Integrate with existing authentication
system (e.g. LDAP/AD)
• Single point for monitoring/auditing
• Who, what, when, how, …
• Ensure compliance with corporate
policies
11
12. Example: Patient Data
12
• HIPAA Safe Harbor rules dictate what data can be shared and what
must be de-identified
• e.g. zip code masking, patient age limits
• Rules can change over time e.g. new census data
• With single point of control for data access and protection
• Easy to change rules – adopting to regulatory changes
• ‘On the fly’ enforcement means never having to ‘re-do’ privacy rules
on previously replicated data
15. Cloud Data and Security
• Moving data to Cloud can exacerbate security and privacy
problems
• SaaS and Cloud data sources often have different security models
• Not integrated to corporate authentication mechanisms
• Potential for recreating authentication model in Cloud
• Data Virtualization abstraction layer means Cloud sources can use
same security mechanism and access controls as on premise
sources
15
16. Customer Use Case - Asurion
• Growing internationally, moving into different privacy and data
protection jurisdictions
• New products – need for different data types and sources
• Mixing structured, multi-structured, streaming, text, video, voice,
geo-location, etc.
• Moving to Cloud for increased speed and agility
• Easier to spin up new virtual servers for new data sets
• Competing pressures for securing data and providing access to
data sets
16
17. Customer Use Case - Asurion
17
Security Constraints
Geographical
Constraints
Contractual
Client
Obligations
PII Protection
Departmental
Restrictions
Fast Changing Hadoop & Cloud Technologies
Hive, Spark,
Redshift
Maintaining
different code
base
Discover, Co-relate, Enable
Predictive Analytics
Text, CSV, Voice, JSON,
Streaming, 3rd Party
Data
60TB+ structured,
200TB+ telemetry &
unstructured data
19. Customer Use Case - Asurion
• After implementing hybrid Data Virtualization layer, Asurion was
able to:
• Control security across entire infrastructure from a single
point
• Easily meet regional security and privacy requirements
• Keep client data separate as contractually required – but allow
analytics over all (anonymized) data
• Perform complete audits of data access, as needed
• Quickly add new, compliant data sources to system
19
21. 21
• Centralized security across
multiple consuming
applications
• Over multiple sources
• Role based privileges
• Integrated with existing
LDAP AD
• Column and row level
restrictions applied
• Redaction
• Masking
Demo – Overview
22. 22
Demo – Overview
• Employee view consumed via Tableau and web service (REST)
• Show representation of data from perspective of three end users:
• Marketing Employee
• Marketing Director
• HR Administrator
• Depending on user’s privileges, representation of sensitive fields change
• Redacted Salary
• Masked SSN
24. Summary – Key Takeaways
• Data Virtualization layer can abstract different security models and
mechanisms
• Provides single point of security and governance
• Integrates with existing authentication mechanisms
• e.g. LDAP or AD
• Extends single point of control across Cloud and on premise
architectures
• Brings Cloud systems (SaaS and data sources) under unified control
24
26. Next steps
Download Denodo Express:
www.denodoexpress.com
Access Denodo Platform on AWS:
www.denodo.com/en/denodo-platform/denodo-
platform-for-aws
Download Solution Brief “Seamlessly Comply with
the GDPR”:
http://www.denodo.com/en/document/solution-
brief/seamlessly-comply-gdpr
27. Next session
Accelerate Self-service Analytics with
Universal Semantic Model
Thursday, May 18, 2017 | 11:00am PT | 2:00pm ET
Paul Moxon
VP Data Architectures & Chief Evangelist, Denodo