When we began our quest to make data more accessible and secure, we envisioned the benefits that companies would gain by adding security in a simple manner to their data operations. Satori non-intrusively adds a security layer to a new or existing data stack without slowing down the business.
At first, we began with the top analytic data platforms such as Amazon Redshift, Snowflake, and other databases.
However, our customers still experienced data access challenges with their MySQL and MariaDB data access that our product did not address at the time. The main challenges customers experience are:
- Controlling access to MySQL when it is used as an analytics data store in a streamlined way.
- Managing engineering access to production data.
- Establishing a common access layer to manage access and security policies across many data stores from a single pane.
And so, today, we are announcing MySQL support in Satori to help companies secure their data access for MySQL and accelerate data growth.
MySQL requires no introduction, it has enjoyed massive popularity for decades. MySQL holds over 44% of the relational database market.
MySQL users frequently grapple with the following questions related to data security:
- How can we apply security policies, including fine-grained access control for data access, in a simplified way? A typical example is allowing access while limiting the visibility of sensitive data by applying dynamic data masking.
- How can we enable access to the data in a controlled manner by security teams, data owners, or data stewards without requiring a long process involving DBA? The involvement of DBA or data engineering typically slows down time-to-value by weeks.
- How can we simultaneously apply security policies across many MySQL instances (and other data stores)? Applying security across many data stores is time-consuming and introduces additional security and compliance risks in many cases.
- How can we allow secure ad-hoc access to MySQL servers? A good example of doing so is engineering users who require access to a production server to perform emergency operations or debugging.
- How can we discover sensitive data in our MySQL deployments without disrupting our production environments?
- When MySQL is used as a data warehouse, how can we configure it to have the same data access policies and discovery as our other warehouses?
Some of these challenges are often solved in ill-suiting ways, especially for a production transactional database. For example, creating an abstraction layer of views to enforce certain access restrictions can be complex to implement and may incur performance degradation. Also, manually scanning a production environment for sensitive data poses operational risks for engineering teams.
How We Solve These Challenges
Satori’s support of MySQL servers solves such challenges in a fast and non-disruptive way. Satori is a security layer that controls access to data without requiring any changes to the data itself. Satori does not create objects on your MySQL servers, such as additional tables, views, or functions. In addition, you do not need to make any agent or driver changes.
This means that you can connect your first MySQL server to Satori within minutes (feel free to test us on that using our test drive!).
By applying Satori as a data access control for MySQL, you gain the following capabilities.
Continuous Sensitive Data Discovery
When you connect users to your MySQL servers using Satori, you gain instant visibility into the sensitive data across your MySQL servers. You can even set security policies based on the sensitive data discovered (e.g., dynamically masking PII to all users unless they are in a specific group).
Streamlined Access to Sensitive Data
Instead of wasting weeks in legacy data access processes, with Satori, you can streamline access to sensitive data. For example, data owners can provide access to users without needing data engineering resources or DBA interference.
Automated Ad-Hoc Data Access Workflow
As discussed above, in many cases, you want to allow engineering teams to access production time for a limited period and in a controlled manner. Satori allows you to do so, including by facilitating automated approval if only a business justification reason is required. Data stewards can provide data access temporarily which is configured to expire automatically after a specific amount of time or when it is no longer in use.
All data access changes and all database queries across all of your data stores are logged in an audit trail.
Applying Security Policies On All Data
Finally, Satori significantly reduces the complexity of managing a large data platform. Satori allows you to manage all data access, even across thousands of data stores, from a single location. Managing access and security is performed in policies rather than SQL commands to accommodate non-data teams.
MySQL (as well as MariaDB) support is available to all Satori customers as of today.
Onboarding MySQL is as simple as onboarding other data stores to Satori by following these steps:
- In Satori’s management console, go to “Data Stores”
- Click “Add.”
- Choose “MySQL.”
- Fill in your details, as per the below specification.
- Use the Satori-provided hostname instead of the direct hostname.
For complete documentation, visit our documentation portal.
What’s Coming Up
We are already working on additional capabilities to help companies access data quickly and securely. These developments are working to support more data platforms and also continuing to make it easier to accelerate secure and compliant value from data.