The Rise of the Data Security Platform

It’s 2023, and no one should manually GRANT anything to anyone anymore…

We meet with a lot of organizations that are starting their data security journeys. These organizations often fall into one of two categories. On one hand, there are organizations that have not spent too much time thinking about what data they have and how to secure it. They usually tell us something like: “We are a billion-dollar company but anyone can run a SQL query and get a million email addresses.” Scary, right?

On the other hand, we sometimes see very mature organizations investing significantly in securing their data. They tell us things like “I have an army of people creating users, roles and views in a myriad of different data stores. But by the time they are done, it’s already outdated.”

What both of these extremes have in common is that their inadequate security controls are either increasing their risk exposure, making it harder for them to meet compliance; or their overly complicated and manual security controls grind productivity to a halt. This is primarily driven by the fact that it’s so complex to implement proper data security controls in the modern data stack that organizations either give up by not even trying or spend a disproportionate amount of time and money but end up with outdated band-aid solutions.

Data security cannot be ignored; we know it is a preeminent concern for many data leaders. Many data leaders state data security as the most significant barrier to becoming more data-driven.

The market has reacted to this problem with new solutions that make it easier for organizations to implement data security capabilities by converging disparate solutions into Data Security Platforms, to help reduce the risk, simplify compliance, and increase productivity. However, Data Security Platforms come in many different shapes and sizes, and each originates from a different philosophy about what type of controls organizations should implement. The result is, there’s still no clear playbook on how most organizations should approach their data security initiatives.

Data Security Platform providers are often divided by the point at which to implement data security controls. We at Satori believe that the most efficient and practical way to implement data security controls is by protecting the point of access to the data using late-binding controls. By late-binding, we refer to controls that are enforced as late as possible in the data access lifecycle.

For example, consider the difference between static and dynamic masking. In static masking, sensitive data is desensitized on the database itself by cloning the original dataset. When users need access to non-sensitive data they query the desensitized dataset, and when they need access to sensitive data they query the original dataset. Static masking is an early-binding control. Conversely, in dynamic masking, a late-binding control, users query the same dataset but only have access to data based on their level of permissions. For most organizations, dynamic masking makes more sense as it’s more flexible to changing requirements and data.

We chose to secure access to data with late-binding controls because of three main reasons:

1. That is where you have the most context about the user, the data they access, the application they are using and their purpose for accessing the data.
2. That is where you have the most control – you can deny access to the data, apply a policy or mask sensitive data.
3. You don’t need to plan for every access pattern upfront – no need to create copies of the data or maintain views for each use case.

Late-binding controls further benefit the organization by reducing the impacts from change management and streamlining secure access to data.When deploying data security controls requires changing datasets or definitions at the data layer, it’s like replacing the tires on your car while driving 60 miles per hour. When you protect the point of access to data, you can be selective about who uses what point of access, and can safely and gradually roll out controls without impacting the business.

An additional benefit of implementing a Data Security Platform is increasing the productivity of your data engineers. When data security controls are implemented manually on each data system, data teams essentially become security engineers, spending much of their time on non-core security and compliance projects instead of delivering more data to more consumers. Data Security Platforms can offload that activity away from busy data engineers and encapsulate the security, privacy and compliance work in a separate part of your modern data stack.

Satori is a data security platform that secures access to data. Satori connects to your cloud accounts to discover all the data stores and data assets you have and helps you understand where you have the most risk. You then use Satori to define who should access what data and for how long. With Satori you can give your users a store-like experience to access data without having to worry about over privileged access since Satori enforces row and column level controls using a RBAC and ABAC policy engine. Lastly, Satori provides all the controls and information you need to meet your compliance requirements.

What separates Satori from other Data Security Platforms is our broad support for data technologies and use cases including databases, data warehouses, data lakes, BI tools and database clients, as opposed to tools that only focus on one type of data technology. Satori can be deployed anywhere in both SaaS and customer-hosted environments, catering to the security, compliance and operational needs of any organization. But the most significant advantage of Satori is how easily and quickly our customers implement the solution and reach a state where access to their data is secure, ensuring their data consumers get a streamlined experience.

Should you implement a data security platform? Ask yourself these questions:

• Are you operating more than one type of data platform?
• Are your users having a hard time getting access to the right data?
• Are your admins spending too much time granting/revoking access to data?
• Is your organization processing sensitive data like personal, patient, or financial information?
• Are you operating in a regulated environment?

The Satori Data Security Platform facilitates the implementation of data security controls on databases, data lakes, and data warehouses by security and engineering teams. Using Satori is easy, as it differs from other security solutions that manage security controls on the underlying data stores. Satori does not necessitate any modifications to your data, schema, or user interactions with data.

• Book a Demo with one of our experts. 
• Read: How Automating Access to Data Enhances Customer Engagement & Trust
• Read: Still Giving Constant Data Access? Consider Using Temporary Authentication