Table Of Contents
More and more organizations want to monetize, share, or exchange their data, but lack the resources they need to manage governance. Laws and regulations like GDPR in the European Union, various data protection laws in the United States, and Canada’s PIPEDA all exist to keep personal and sensitive data protected in various situations of movement and transfer, but these, along with local laws and specific laws for different industries (e.g., HIPPA for healthcare) can be difficult to follow as regular changes and updates are made.
This need for continuous monitoring adds another layer of complexity to the data governance problem: even if an organization makes the initial investment to ensure that its data governance follows all regulations and laws, it isn’t necessarily something that can just be revisited annually or biannually; constant monitoring and maintenance is necessary.
Because of the perceived complexity of managing data security, access, and privacy while at the same time ensuring that regulations and laws are followed, many organizations end up feeling that they need to make a sacrifice somewhere along the way: either risk getting fines because keeping up with changing laws and regulations is too difficult, or slow their data operations to ensure that they are indeed being compliant.
As a data marketplace solution, Revelate allows the entire data fulfillment process, from source to target, to be automated, providing a one-stop solution for organizations wanting to sell, share, or exchange their data internally and externally. At the same time, Immuta, allows automated data governance to follow every step of the automated fulfillment process that Revelate provides.
This article explores the Immuta data security platform and outlines the specific partnership that Immuta has with Revelate as well as other data fulfillment platforms, to make data monetization, sharing, and exchange easier for organizations through data automation.
Unlock Your Data's Potential with Revelate
Revelate provides a suite of capabilities for data sharing and data commercialization for our customers to fully realize the value of their data. Harness the power of your data today!
What is Immuta?
Immuta was founded in 2015 and is headquartered in Boston, MA. Since then, they’ve won awards, received funding, and partnered with the industry’s top data fulfillment and marketplace organizations.
As one of the market leaders in data security solutions, Immuta provides one effective security platform to discover and secure data, as well as monitor data usage and analyze data for risk factors and compliance with regulatory standards and laws.
The Immuta platform does this through automation, ensuring that data security is consistent across an entire organization. The Immuta follows the NIST cybersecurity framework, which is comprised of five essential functions: identify, protect, detect, respond, and recover. This framework illustrates how the Immuta platform centralizes and unifies different security processes so data security needs are maintained holistically with one platform.
- Identify — The first step to managing cybersecurity risk for an organization is to develop an understanding of how cybersecurity impacts systems, people, assets, and data in a business context. This also means understanding critical functions in the organization and the resources that are available to support those functions. From this understanding, a cybersecurity framework can be developed that is consistent with the organization’s business needs and existing risk management strategy.
- Protect — Safeguards should be developed to secure critical infrastructure with the aim to limit or contain the impact of a potential cybersecurity event. This includes factors such as Identity Management and Access Control, as well as training, processes, and procedures.
- Detect — By being able to detect a cybersecurity event as quickly as possible, action can be taken to facilitate a response to these events. Accurate detection depends on defining the activities that are likely in a cybersecurity event, understanding the potential impact that these events may have, and the effectiveness of protective measures in limiting the impact of these events.
- Respond — Once a cybersecurity event has been detected, a response must happen to contain the incident. Effective response relies on effective communication, analysis after the event, and support and recovery.
- Recover — Recovery plans should be in place for resiliency and to have a framework in place for restoring capabilities and services that were impacted due to a cybersecurity event. This framework should include planning, processes, and procedures that support the restoration of systems to normal operations.
Immuta Architecture
Behind the scenes of the data security automation that Immuta provides is a robust architecture. This architecture is comprised of several major components:
Immuta Architecture Component | Description |
Web Service | Handles all web-based user interaction with the Immuta platform, metadata ingest, data fingerprinting, and supporting the Query Engine, Spark partition server, and NameNode plugin. The fingerprinting functionality runs as a separate service and can be independently scaled from the rest of the system. |
Metadata Catalog | The Immuta data catalog uses a small amount of data from the objects registered so that the system can provide responsive access while also allowing dynamic policies to be created on the objects themselves. |
SQL Query Engine | This service interprets client SQL queries, pushes those queries to connected business databases, applies policies, and returns the query responses to the SQL clients. |
HDFS Layer (optional) | This allows Immuta to enforce data access policies within your Hadoop infrastructure. |
Spark Context (optional) | As a subclass of SparkSQL, Spark Context allows enforcement of row and column level controls on data in HDFS, which backs impala or Hive tables during processing in SparkSQL. |
The architecture of the Immuta platform combines several approaches to meet the data security needs of modern organizations. These approaches include:
- Scalability. It’s inevitable that increasing amounts of data will move through an organization, especially with more businesses embracing the potential for insights provided by big data sources. For a standard deployment, minimal administrative effort is needed to manage scaling beyond adding nodes to the system. Although scaling can also happen in non-standard deployments, more resources are required from administrators. The different architecture components listed in the table above can be scaled horizontally to meet the needs of an organization.
- High Availability. Immuta’s standard deployment comes equipped with an external load balancer, which, combined with the platform’s ability to scale horizontally, allows high availability at all times. Even if the master internal database fails, recovery begins happening in seconds.
- Security. Immuta can leverage your existing identity management system, which allows the system to benefit from existing work your data security team has done to validate users, protect credentials, and define roles and attributes. Because Immuta encrypts data with TLS, data is protected while it’s in transit. Persistent copies of data are also not made by the system.
Immuta Ecosystem
As a native plugin that is designed to integrate with the major cloud data platforms, as well as security and data governance tools, Immuta is a fully centralized source to maintain data security across all systems in the organization.
- Separation of policy and computing allows for flexibility in policy creation and management to support ever-changing workflows. It also allows scalability as more data and more users need to be managed. Through a single, centralized control point, it’s much easier to manage multiple platforms, policies, and users.
- Native cloud integrations that connect each cloud platform that an organization uses allow Immuta to enforce policies dynamically, which reduces the number of user roles needed. Processing is done completely in these underlying platforms, which helps ensure high performance. Because data isn’t copied or moved, the overall risk is reduced.
- Policy orchestration and enforcement combine three elements: granular data security features, dynamic data masking, and attribute-based access controls (ABAC).
How ABAC Works
Immuta uses a technology called ABAC, or attribute-based access control, to dynamically enforce data access policies when queries are run. The results of the checks and entitlements verifications are logged automatically.
Specific features with Immuta’s ABAC include:
- Data security enforcement at query runtime
- Creation, verification, and management of policies can be done by a non-technical team
- The need for data duplication is eliminated
- The identity management system provides inherit attributes
- No data is stored. Instead, metadata is leveraged
- Reports are provided that state who accessed data and when, and how policies may have changed over time
Immuta Tool Solutions
To ensure that the platform can perform effectively even when presented with complex data access and security challenges, Immuta provides a variety of tools that work seamlessly together as a holistic data security solution. The table below provides a high-level overview of each Immuta tool, and specific use cases and solutions are provided in more detail beyond the table.
Immuta Tool | What it Does |
Data Access Control |
|
Data Sharing |
|
Data Regulations |
|
Data Modernization |
|
Data Security |
|
Data Privacy |
|
Immuta Data Security Platform Overview
The Data Security Platform is comprised of three distinct pillars: Discover, Secure, and Monitor. These pillars function independently and together to provide authoring, orchestration, and privacy capabilities.
1. Discover: Sensitive Data Discovery
The purpose of the discovery pillar is to allow organizations to be aware and stay in control of their sensitive data. Since data is often distributed across multiple cloud-based sources, managing it in compliance with regulations and laws can be challenging. This pillar facilitates several processes that make managing sensitive data easier:
Scan and classify sensitive data
Immuta automatically scans the cloud-based sources that your organization uses, detects the sensitive data, and generates standardized tags across multiple compute platforms. This allows full visibility into the organization’s sensitive data and helps establish universal data access control while at the same time eliminating manual security processes that have a higher probability of errors occurring.
Schema change monitoring
Schema Monitoring and Column Detection can be activated by a Data Owner to detect when a new table has been added and automatically create a new data source. Further, this feature monitors servers for schema and table changes, including new additions, and notifies the Data Owner.
The Data Owner can also select certain users to monitor schema changes, and in the event that more than one user is needed, a data source will be created for each user.
Identity metadata synchronization
With Immuta’s IAM system, Identity Managers are used to providing authentication and granular user entitlement. Each Identity Manager can configure things like user mapping, permissions, groups, and attributes. Configuring an external IAM in Immuta is also possible, for example, if applications need to communicate with Immuta for the aforementioned authentications.
The IAM can be used as a complete authentication and authorization solution. The group and attribute values within IAM can be used to manage access to projects and data sources and to inform policies. The IAM is enabled in Immuta by default.
Catalog integration
Immuta offers two options when it comes to data catalog tools. The first option is to use Immuta as an all-in-one solution, where it can provide data access control, search and discovery, metadata curation, automated data intelligence, and facilitate collaborative data use. This enables democratized, self-service access to data, while at the same time ensuring full data governance.
The second option is to use Immuta in integration with other cloud data platforms, such as Databricks, Snowflake, and AWS. Immuta can act as a centralized location for all data assets in collaboration with these platforms.
2. Secure: Security and Access Control
The secure pillar enables simplified data governance and access control with the ability to write, edit, and dynamically enforce data policies.
Plain language policy editor
Data policy can’t be effective if it can’t be understood by everyone in an organization who interacts with data. Immuta’s policy editor focuses on presenting data policy in natural language instead of presenting these policies in code form or through complex policy builders like Ranger. This ensures that people outside of data engineering and technical teams can gain a full understanding of data policies and assist with verification as well.
Further, Immuta’s architecture is built in such a way that fewer data policies are needed, so combined with an enhanced policy understanding helps ensure that governance is still robust but streamlined and understandable.
Dynamic access control enforcement
Enterprises often use multiple cloud-based platforms. These platforms all have their own user access policies and governance. This makes it difficult not only to manage access and security effectively but multiples risk, cost, and maintenance in ensuring robust security. Immuta offers a centralized security and access framework that spans multiple cloud ecosystems, reducing risk, lowering costs, and allowing better access to data.
Federated data governance
The purpose of federated data governance is to centralize data policy and data governance management. Immuta provides this, allowing the ability to delegate data ownership to relevant stakeholders (typically supervisors, department managers, or other business leaders) that understand the data’s context and business use.
Advanced privacy controls
Data anonymization features such as data masking can be applied dynamically, accelerating internal and external data sharing.
3. Detect: Data Use Tracking and Remediation
For data security to be effective, continuous monitoring is required. Immuta’s Detect pillar gives timely insights into risky user data access behavior. This enables data security posture management and remedies risks above policy thresholds.
Access behavior analytics
Data access logs are consolidated, so it’s easy for data security teams to monitor and detect changes in user behavior. This includes queries run over time, sensitive data indicators, and configuration and classification changes.
Agile risk severity scoring
Provides a benchmark for understanding the level of risk and sensitivity of a particular dataset with detailed visuals. This allows the creation of proactive safeguards to be put into place to mitigate future threats.
Sensitive data views and indicators
Provides a detailed analysis of individual user data and activity across several factors, including a time frame, data access events categorization, most active data sources, and sensitive data indicators.
SIEM integration
Security Information and Event Management (SEIM) integration are a set of tools that provide real-time analysis of security alerts, allowing Immuta to consolidate and streamline data security posture management effectively.
Think of Immuta’s data access platform as a symphony orchestra, where each group of instruments (wind, string, brass, and percussion) is grouped together and performs together, each playing a unique role (e.g., in the string group, there may be violin, harp, and cello players) but each contributes to the group as a whole. Meanwhile, the conductor is positioned centrally to the groups of players and is responsible for directing each of the players to ensure their timing and playing are seamless with the rest of their group and the orchestra as a whole. With Immuta’s platform, the Secure pillar is the conductor, enabling policy authoring, orchestration of security measures (e.g., data masking and policy enforcement), and ensuring that the privacy of data is maintained while being supported by the other pillars to ensure that the flow of data, like music performed by an orchestra, is seamless even though there are multiple processes happening at once.
Immuta Partnerships
Immuta has partnered with several data fulfillment organizations and marketplaces, including Databricks and Revelate, to provide the best data security experience.
Databricks Immuta
The integration of Immuta with Databricks enables access protection to tables, including managing row, column, and cell-level controls, all without having to enable table ACLs or credential passthrough. These policies are applied to the Spark plan that is built for a user’s query and enforced live on-cluster.
The Databricks Immuta integration overall simplifies and automates Databricks data security by enabling data teams to manage who has access to what data at scale. This allows enhanced access control and governance for BI and data science initiatives across data storage in the Databricks Lakehouse.
- Policy management can be easily scaled by security and privacy control automation in sensitive environments
- Policy stakeholders can manage data policies without the need for specialized engineering resources
- Compliant data use can be easily proven to essential stakeholders
Revelate Immuta
As a fully-automated data fulfillment platform, Revelate helps address the challenges that many organizations face with effective data sharing and monetization, including safely and securely moving data from any source to any target. In partnership with Immuta, Revelate is able to provide users with the tools needed to add efficiency, streamlining, and scale to their data distribution efforts while at the same time consistently enforcing data compliance and data governance policies.
Immuta provides a quick video overview of how data governance is conducted through a typical data transaction on a Revelate marketplace. The video gives an example of a credit card provider that sells branded credit cards, with the scenario that a company wants to purchase their data to see how their credit card is being used. With this scenario, Immuta shows how sensitive data can be filtered out without increased effort or storage costs.
Revelate’s data marketplace solution supports internal or external data access, and Immuta provides the technology to provide marketplace operators with a fully configurable data security and governance environment to control and enforce granular access rights.
Unlock Your Data's Potential with Revelate
Revelate provides a suite of capabilities for data sharing and data commercialization for our customers to fully realize the value of their data. Harness the power of your data today!
Conclusion
Data marketplaces allow organizations to effectively democratize access to their data, but without a robust data governance solution, it can be difficult to ensure compliance with ever-changing laws and regulations, as well as organizational data access policies. The Revelate and Immuta partnership offers organizations a fully automated data sharing, monetization, and exchange marketplace solution alongside fully automated data governance and data access controls.
Discover how Revelate can help your organization unlock the potential of your data. Start a Free Trial today.