Introducing Universal Audit for Cloud Data Stores
We are announcing a new service to audit data access activity across all cloud data stores with unlimited retention and built-in data classification today. This launch allows Satori customers to obtain complete, uniform, and searchable data access audits for all cloud data repositories with full user, access, and data context. Thus, our customers can now monitor data access, generate compliance reports, investigate incidents, and conduct access reviews for all data stores from the Satori management console.
With the new Universal Audit capability, data engineering and security teams will no longer need to run ad-hoc scripts, assemble disjointed and disorganized logs, or implement costly log collection and analysis processes in their SIEM in order to monitor sensitive data access for privacy, legal, and security reasons. With Universal Audit, data and security teams can use a single tool to continuously monitor data access completely, uniformly and coherently. Universal Audit makes answering questions such as “Who is accessing PII in our data lake?” or “Who is modifying PHI in our data warehouse?” immediate, simple, and thorough.
Universal Audit is now available for anyone using Satori.
“Everytime an urgent data access question comes up, either triggered by an auditor, our incident response team, or by a compliance requirement, we need to stop everything we’re doing and allocate engineering resources to manually mine access logs and add user, access, and data context in retrospective. With Satori’s Universal Data Access Audit we just login to the Satori Management console and are able to get a complete account of data access. Since Universal Audit is integrated with Satori’s built-in classification feature, we’re able to get an instant report of all users who accessed the specified data, whether it’s PII, PCI or PHI across all our cloud data stores. It takes a minute and saves us weeks.”
The Universal Audit screen in Satori's Management Console
How Does It Work?
Satori functions as a layer between your data consumers and data stores, similar to a proxy. It inspects every transaction, classifies the type of data being accessed, adds identity context through integrations with IAM solutions, and provides granular access control policies and centralized analytics across all cloud data stores. Once Satori is implemented, it records all transactions including the user, role, and the type of data accessed. Audit records are obfuscated and securely stored on Satori’s cloud service which allows users to log in to the Satori management console and generate audit reports across all of their data stores. The solution helps users easily answer questions like, “Which marketing analyst accessed PII data in the last month?”.
How to Get Started?
In the navigation menu on the left hand side of the screen, you will find a new item named ‘Audit’. Once you navigate to it, you can select the time frame, the data stores, and additional filters like users, roles, and data classification tags. The table will display all records matching the filter selection as well as the data access record timestamp, user, and a preview of the data types. By expanding a specific line, you will be able to see additional information such as the query itself and detailed information about the types of classified data.
Universal Audit is also available as a drill-down option from the '# of queries' metric in the Analytics dashboard, so customers who are analyzing a specific aggregated data flow can drill down to the underlying audit information:
An expanded Universal Audit record
As we are looking to offload data privacy, security, and compliance requirements from data engineering teams, we are focused on continuing to add more capabilities to simplify day-to-day activities for those responsible for company data privacy and security. Adhering to compliance requirements such as SOC2, GDPR, and HIPAA requires that internal users have data access on a need-to-know basis. Once you have a full data access audit at your disposal, you can distinguish between users who access data they need and those who access data they do not need. Therefore, we are currently working on adding a new masking capability that will allow Satori customers to define circumstances in which data should be masked or not, eliminating the need to replicate source data for anonymization. Stay tuned!
Interested to learn more and try it for yourself? Schedule a demo and get started in no time.