How Data Security Platforms Facilitate Data-Driven Decisions

In January 2024, Gartner published its first Market Guide on Data Security Platforms, a recognition of the growing importance of combining data security controls, business logic and fine grained authorization. These are fundamental traits which allow businesses to unlock the potential of all their data assets and use them to drive decisions.

Data security is not a new revelation, but a well-known imperative. In the past, these controls had been implemented as an afterthought and in a siloed manner that has hampered timely and secure access to corporate data. However, organizations are now prioritizing data security and implementing it in a structured manner. It is no surprise to see Gartner report that the number of calls related to data security grew 70% between 2021 to 2022.

While ChatGPT unleashed the potential of AI transforming our organizations, a much bigger opportunity lies ahead in the shape of personalized AI stack. This stack takes the generic large language models and converges them with corporate data so that the results are based on real-life business-relevant data. With this power, businesses can truly leverage the hidden potential of vast amounts of structured and unstructured data. And by grounding the results in carefully curated corporate data, they can reduce hallucinations and increase trust in the outcomes of generative AI workloads.

However, to achieve this state of zen enlightenment, aka Satori, one must ensure that corporate security guidelines and all relevant regulatory compliances are first met. This requires a sophisticated data security platform (DSP).

Like brakes in a car, data security is not meant to slow one down, but allow them to accelerate with trust and confidence. They help create guardrails against intentional or unintentional use of the data infrastructure. The goal is to ensure that the right people have access to the right data when they need it to drive business decisions and gain competitive advantage.

A solid data security platform consists of three building blocks as shown in Figure 1.

The first iteration of big data, started by Hadoop, turned data lakes into data swamps because of a lack of understanding of the data. In the rush to make data available for analysis, the critical step of understanding the data was skipped. And that included sensitive data.

A modern DSP should have the ability to connect to the source systems and determine the nature of data. Whether data is sensitive or not is hidden in the context of data. Once sensitive data is discovered, it must be tagged according to the corporate security guidelines and applicable regulatory compliances. This data may be personally identifiable information (PII), personal health information (PHI), financial data, intellectual property, or trade secrets. 

Your DSP should be able to connect to all the relevant data sources and detect sensitive data using multiple approaches:

• Profile source data: data scanning and profiling often uses a sample but must have the ability to scan a complete set of data. However, the latter can put load on operational systems. This option requires permissions to access source data.
• Profile responses: To overcome some of the barriers mentioned above, responses can be profiled and classified. For example, it can detect emails, social security numbers and other PII information.

Tagging of data can be manual but most often it uses sophisticated ML inference algorithms. Also, this process should be continuous as data changes in real-time. Hence, the need for the observability capabilities in your DSP.

The next step is to have the ability to define fine-grained policies and rules for data security, like authorization and encryption. Data stewards should have the ability to author governance policies in an intuitive and self-service manner and not use some of the older approaches that are prevalent in the identity and access management systems. The most common approach is to use a user interface with drop down options. For example, there may be options for encrypting or masking data or tags.

Newer systems allow policies to be inferred and auto discovered. Automation of policy creation also helps when a user leaves the company and all the relevant policies must be deleted. In order to achieve this capability, it is important that the DSP integrates with the rest of the data governance infrastructure such as data catalogs. For example, an integration with a data catalog allows users to shop for data and see what is available, request access, capture intent and consent, and finally grant access. The product must maintain access history and audit logs.

The final capability is the ability to execute data security policies with minimal overhead and latency. Role-based access control (RBAC) should be used to assign access rights based on the user’s role in the project. Attribute-based access control (ABAC) should be used to grant access based on a combination of user attributes, data attributes, and environmental attributes, providing more granular control. 

Some of the important considerations for policy enforcement include:

• Consistency: security policies should be enforced on data irrespective of where it resides, like cloud data warehouses, operational systems, object stores, or lake houses.
• Low latency and scalable: the data security overhead should add minimal overhead to the queries. It should also be able to scale with the growth of the workloads. 
• Dynamic: ABAC is preferred as it is dynamic and adjusts as users’ environment changes. 
• Agile: your data security product should be transparent to the end-users. Ideally, the user should go to an endpoint or use an API which automatically executes security policies and does not require changes to the schema or queries.
• Deployment: Modern security products are deployed as either SaaS tools or within a private cloud orchestrated with Kubernetes. 

Seamless policy enforcement helps build trust in data and increases its utility. It allows organizations to expand their options to share data with consumers, like deploy data marketplaces.

To learn more about Satori’s Data Security Platform, book a demo with one of our experts.