When I meet with security leaders to explain what Satori does, and they realize that they will now be able to set access and security policies on data in a way that’s decoupled from the data stores themselves, I can see the “wow effect”.
For security teams, having the ability to set security policies on a consolidated platform is a gamechanger. In this article, I’d like to share some of the feedback my colleagues and I received from CISOs, security engineers, and security architects about this concept. I believe that adopting this approach can decrease data security risks for any organization, especially those with a large amount of changing sensitive data, being accessed by many different users and teams.
What’s a Consolidated Security Platform?
A large part of what security teams do is risk reduction. There are plenty of different methodologies and processes, but the end-game is to lower risk.
One of the best ways to reduce risk is to have clear and deterministic security policies. Examples of these policies include employee remote access, incident response, data access, and more.
Having a consolidated control platform means that you can manage and enforce security policies for an entire topic in a single location. This reduces both operational overheads and is more efficient in terms of risk reduction, as we will see below.
A Consolidated Policy Platform For Data Access
One of the crucial places to implement security policies is on data access for data stored in different data stores (databases, data warehouses, and data lakes). There’s no argument about this process, as in most cases such data contains within it sensitive data (such as PII, PHI, and more types of sensitive data). Such sensitive data is risky in nature and its exposure can be a showstopper.
Besides data exposure, there are other risks, such as compliance risks from failing audits, data manipulations, fraud, and more.
And yet, setting data policies on data access is complex, despite the logic being usually very clear. Let’s take a typical example of a security policy stating that “access to customers’ PII will only be allowed for authorized teams”. This policy is simple and clear to understand, but in most scenarios is hard to execute. Why? Because of its building blocks or dependencies. Let’s break it down:
- We need to know what types of data we consider as PII for this policy.
- We need to understand where we have PII across our different data platforms (for example our RDBMSs, our data warehouses, etc). Not only do we need to know on which asset we have data types, but we need to know the specific locations and the different types of sensitive data. This knowledge has to be up to date.
- We need to enforce some sort of anonymization on that data, such as applying data masking. In many cases, the anonymization process has to be applied to multiple different technologies (such as your data stores of multiple technologies and your BI tools).
- We need to be able to effectively audit & monitor that data access, both from a security and compliance standpoint.
As you can probably guess, such policies, while appearing simple, can transform into multi-month projects, occupying both security and data teams.
A consolidated policy platform for data access should resolve this complexity. It should be able to input the security policy and apply it. This not only simplifies and shortens the time it takes for you to reduce your risk level but also enables security teams to control data security in data stores without having to rely on data engineering teams to perform security projects.
Penetrating The “SQL Blackbox”
In several discussions with security leaders, they referred to access controls in data stores as a “blackbox”, or an “invisible barrier”. Some of them said it’s a huge problem, as the most sensitive data is stored there, yet they have the least control over it.
The reason is that in many companies, the actual security policies are “translated” into SQL objects (such as views, procedures, or functions) or other data engineering codes. These codes are managed by data engineering teams. The security teams can only give the requirements and are limited in their ability to act on their own or lack the visibility to make sure things are working as planned.
By having a consolidated policy platform, this black box becomes more transparent and responsibility can be transferred to the security teams.
Visibility and Clarity
Not only can policies be set in one location, but their results can also be seen in one central location. Let’s take the above example of a simple PII access control policy. Without a consolidated platform, it may be executed as data engineering code on multiple platforms.
Not having a single location where the security team can see useful information is insufficient. The security team needs up-to-date information, the following questions are a good example, to make changes and decisions as quickly as possible.
- How many attempts were done to access sensitive data at any given time, on which data stores, and by which teams or users?
- What did “User X” (who is leaving the company, or had their endpoint hacked) do across all data platforms?
Emphasis on Sensitive Data Protection
The emphasis in a consolidated platform is on controlling sensitive data because accessing it is a risk. When you can apply security policies and control access, and have visibility over sensitive data being accessed, all from a single location, you can make the best decisions, and correct security and privacy issues in minutes, not weeks.
In addition to the added control for security teams, managing all data access and security policies from a single location improves operational efficiency. Instead of implementing thousands of database objects on multiple platforms, then maintaining them, you only need to make changes in a single location. This reduces complexity, thus improving operational efficiency.
Managing security and access policies from a consolidated platform makes sense when an organization has a high amount of data use, platforms, and users. It simplifies processes and increases visibility and clarity. Most importantly, it lets security teams control security and access sensitive data efficiently.
For more information about how Satori can help you with a platform that does exactly that, book a demo with one of our experts.