Satori selected as a representative vendor in the Gartner Market Guide for Data Security Platforms →

Data Security

Revolutionizing Data Security: Visibility and Enforcement Combined

|CTO and Co-Founder

Data security has changed fundamentally in the last few years. We discussed that in From Chaos to Control: Solving the Data Security Puzzle. This article will take you through how we’re building Satori to make sure security teams are able to keep data safe in the current landscape.

 

Let’s start with a recap of the changes in data consumption and security: according to IBM’s 2024 Cost of a Data Breach Report, customer data is involved in 43% of breaches. That must be concerning if you are a security team member protecting your customers’ data. As online services adopt better security solutions to protect their users (stronger passwords, MFA, biometric logins and passkeys), real, authentic personal information is exactly what hackers need to launch next-generation attacks to steal identities and infiltrate organizations. 

 

Take, for example, a recent cyber attack on customers of a well-known cloud-based data warehouse vendor, which resulted in massive data leaks for several global brands. While the platform itself was not vulnerable to these attacks, the weak link was how customers were configuring and using it, despite having mature data security programs and large teams working around the clock to ensure data is protected.

 

This phenomenon is not limited to the Fortune 500. Today, we all use various online services for digital banking, payments and money transfers, healthcare, and numerous other day-to-day activities. These services serve millions of consumers just like us and store highly valuable and sensitive data on us, making them the perfect target for hackers. The security teams tasked with protecting the data in these organizations are lean but still responsible for protecting data in a highly complex environment. 

 

Engineering teams responsible for building these online services often follow a micro-services architecture, where each service has its own technology stack comprising of an API server and a database, leading to sensitive data stored in dozens of different database technologies across hundreds of database instances. That data is then transported to the data lakehouse, where data engineering teams build data products for analysts and data scientists. Recently, data has started moving out of the lakehouse to vector databases to support Response Augmented Generation (RAG) capabilities for GenAI-based applications.

Visibility and Then Enforcement?

On the surface, securing customer data sounds simple, and any data security program typically involves these three steps:

Get the latest from Satori

Step 1: Know your data

Discover where all your data is, and classify it to see what type of data you have. Common classification categories include financial data, personally identifiable information (PII) and protected health information (PHI).

Step 2: Understand who has access to your data

Understand who has access to what data – map all permissions to see who’s using what data, identify overprivileged access to data and address it.

Step 3: Control access to the data

Put controls in place to ensure compliance with regulatory and contractual requirements, and to reduce the risk of a data breach. These typically include:

 

  • A process to review, approve and document any new access to data
  • Monitoring of data activity to detect and mitigate potential threats
  • Policies to ensure sensitive data is used on a need-to basis

 

For most organizations, this is a multi-year plan that often gets stuck in the first step because there isn’t one solution that can address all three steps. As new data and data stores are constantly introduced, security teams are busy focusing mostly on discovery and classification, never getting around to enforcing controls.

 

And that is where Satori comes in.

Visibility and Enforcement

At the core of Satori’s Data Security Platform lies the data store object. It represents a database, a data warehouse, a data lake, or even a data-driven API such as a GraphQL server or a GenAI service. The system was built from the ground up to enable organizations to enforce data access controls as quickly as possible. Let’s see how the system helps security teams go beyond just discovery and classification.

Visibility

Satori combines all visibility capabilities required by security teams to secure customer data. This includes data discovery and classification, data access governance and data security posture management of the data stores across the entire organization.

 

Data stores are discovered automatically by scanning cloud accounts or added directly in the management console, via API or with Terraform. Once discovered, data stores are continuously monitored to produce a full inventory of the data assets they contain, classified to the column level with a broad set of out-of-the-box or customer-built classifiers. A mapping of the permissions structure is performed to clearly show which users have access to what data assets. Finally, any risky misconfiguration that may degrade their security posture are detected, with alerts produced for the relevant teams to remediate.

Control

To secure the data in those data stores, security teams can immediately start enforcing controls on select use cases without impacting anyone else using the data. Using a unique proxy-based technology for databases typically found in the production environment, security teams can deploy Satori in front of the databases by pointing users or applications to connect to those databases via Satori, by simply changing the hostname of the connection string. For data stores with advanced built-in security controls Satori uses an API-based integration to push the permissions and policies directly to the data store.

 

In addition to deploying Satori only on select flows, Satori supports fine-grained enforcement of permissions and policies, which means security teams can even control access separately for users on the same flow. This is done by defining datasets that include or exclude data assets from policy enforcement.

Alternative Solutions

Several approaches are typically considered when designing a data security program.

DIY

In the do-it-yourself approach, security teams partner with engineering to build the above capabilities, tailoring them to the organization’s specific needs. At the very least, this approach involves configuring federated authentication across several types of database platforms, collecting query audit logs (where available) to a centralized log management solution, and building processes to manage users and permissions on databases.

 

This becomes another engineering project that needs maintenance, with limited flexibility and attention to changing needs. The infrastructure costs alone of log collection can become a barrier.

DSPM Solutions

Data Security Posture Management solutions are great at discovering and classifying data, as well as surfacing any configurations that can be improved to reduce the risk of a security breach. Most of their value is in the first step of a data security program, and that’s also where many companies get stuck. After the initial phase of scanning and addressing the high priority issues, the impact these tools bring is decreases.

Narrow-Focused DSPs

There are other Data Security Platforms in the market but most of them are focused on a very narrow set of supported data stores. Typically these are data stores with already advanced native data security capabilities, where it’s straightforward to orchestrate them to deliver effective controls, making DIY a reasonable alternative.

Gong Automates Access to Customer Data

To illustrate the impact of Satori’s approach to data security, let’s take a closer look at Gong, a company that helps organizations maximize the value of customer interactions. The Gong Revenue AI Platform™ captures and analyzes customer interactions, delivering insights at scale and enabling revenue and go-to-market teams to determine the best actions for repeatable winning outcomes.

 

Satori enables Gong to assert control over their data and data access and ensure that sensitive customer data is secured. Satori’s data security platform provided Gong with just-in-time automated access control through the data portal to ensure secure and timely access controls to increase productivity. Further, Satori’s platform enabled Gong to generate audit data transparently and simply, to meet security and compliance requirements in days, across a complex landscape of hundreds of PostgreSQL, Snowflake, OpenSearch, and MongoDB data stores with integrations for Okta, Tableau, DataGrip, and other tools.

Conclusion

In today’s evolving data security landscape, visibility and enforcement are essential for protecting sensitive information. This article explored how Satori empowers security teams to go beyond discovery and classification to implement effective, scalable controls. By providing comprehensive visibility and enabling precise enforcement, Satori addresses the complex challenges faced by modern organizations, ensuring customer data remains secure in an increasingly dynamic environment.

Learn More About Satori
in a Live Demo
Book A Demo
About the author
|CTO and Co-Founder

Yoav Cohen is the Co-Founder and Chief Technology Officer of Satori Cyber. At Satori, Yoav is building the company’s technology vision and leading the research and engineering teams that build the Secure Data Access Cloud. Prior to founding Satori Cyber, Yoav was the Senior Vice President of Product Development for Imperva, which he joined as part of the acquisition of Incapsula, a Cloud-based web applications security and acceleration company, where he was the Vice President of Engineering. Before joining Incapsula, Yoav held several technology leadership positions at SAP.

When he isn’t glued to his laptop or on a whiteboard, Yoav can be found traveling with his wife and four kids in an RV, playing electric guitar or doing laps at the pool. He is still dreaming about building his own Operating System.

Yoav holds an M.Sc in Computer Science from Tel-Aviv University and a B.Sc in Computer Science and Biology from Tel-Aviv University.

Back to Blog