Introducing Universal Masking

We’re thrilled to announce the launch of Universal Masking by Satori Cyber, a new column-level security service to protect data in Snowflake, Google BigQuery, AWS Redshift and other data stores! With this launch, we’re helping data teams deliver sensitive data sets to users without having to create anonymized copies or duplicating data pipelines. This means less time spent on building security and privacy controls and more time generating insights from data.

Universal Masking is now available to all Satori customers.

Universal Masking = Data Classification + Dynamic Masking

Satori is building the world’s best policy engine for data access, enabling organizations to decouple their security and privacy controls from their data stores and making it easy to deploy complex access control capabilities. This focus has enabled us to appreciate the pain involved in deploying dynamic masking solutions and maintaining them over time. The need to define a masking policy for each and every column  requires a continuous and intensive effort to keep it current has never been sustainable, nevermind that data engineers are often left without a clue of where these columns are. 

 

With Universal Masking, Satori bridges this gap by using data classification in conjunction with dynamic masking. Specifically, with Universal Masking, customers can define which transformations they wish to apply on any data type, in any data store, instead of columns. For example, instead of defining a masking policy on each column in the database where an email address is stored, Satori customers can define that once and for all by specifying how they want email addresses to be masked. This significantly reduces the burden on maintaining a masking solution.

 

Universal Masking

 

To make it even easier to use, Satori provides a set of out-of-the-box profile templates that customers can use to create their own masking profiles.

 

Universal Masking

How We Did It

Satori’s proxy serves as the key enabler for universal masking by classifying and masking data in real time as it passes through. Under the hood, this takes place through the transformation of diverse datastore formats into a canonical one represented by an Apache Arrow object affectionately called Sarrow (Satori-Arrow).

As new data stores are introduced to the platform, users will simply need to  transform their native database protocol to and from Sarrow objects, making all of Satori’s feature-set instantaneously available for all data platforms.

Universal masking can be used in any of the growing number of data store platforms supported by Satori, and will be automatically supported for the new data stores that we add to that list. 

I Want This

Ready to get started? We’ve made sure that launching Universal Masking is as straightforward as possible: simply log in to the Satori management console (if you don’t have an account, click here to start a 30-day free trial) and create a new masking profile. 

Next, use the following example of setting a masking rule to all users of a particular identity provider group (i.e. analyst)

- name: Mask PII for Analysts
  action:
    type: mask 
    profile: 7ddc148f-2fed-4897-8163-ef174d885192
  identity_tags:
    - identity.idp.group::analyst
  data_tags:
    - customer_data
  priority: 2

 

For more information on how to use Universal Masking checkout the docs.

What’s next?

As we are looking to simplify data privacy, security, and compliance for data engineering teams, we remain committed to adding additional capabilities to make the day-to-day activities for those responsible for data governance as easy as possible. Therefore, we’re working on adding a new Data Catalog capability that will allow Satori customers to identify where sensitive data resides in synchronicity with actual data usage and regardless of data movement or location—without any need for additional configurations, setups or input of DB credentials. Stay tuned!