Q&A with Satori on what data teams should look for in a Data Security Platform
Security teams are responsible for keeping sensitive company data secure and compliant. However, it’s often the data teams in the organization that end up with the task of applying security policies, through the use of complex roles, permissions, and customizations on their data stores and BI platforms. This results in data teams spending a lot of time manually meeting requirements that don’t scale, while security teams still lack control over security and access to sensitive data across the different data stores.
So how can organizations keep their data secure and compliant, without taking up data teams’ time with access requests?
Chief Scientist at Satori
This is where a data security platform comes in, providing a single platform for data teams to manage data access and security across all their data stores. We’re thrilled to have had the chance to sit down with Ben Herzberg, Chief Scientist at Satori, the Data Security Platform that helps data teams stop wasting time on manual data access and compliance. Ben is an experienced tech leader and book author with a background in endpoint security, analytics, and application & data security. Ben has previously filled roles such as the CTO of Cynet, and Director of Threat Research at Imperva. In this Q&A, Ben delves into detail on data security platforms, and how they can help data teams not just manage their data, but win with data.
So what actually constitutes a data security platform?
The term ‘data security’ can be confusing, since all cybersecurity involves data in one way or another. But when we talk about data security platforms, or DSPs, we’re talking about a single, comprehensive solution designed to protect organizations’ analytical and transactional data, especially sensitive customer data like PII and PHI.
Data security platforms consolidate several features that are used by data teams to manage and protect sensitive data, including data discovery, classification, access control, masking, audit and monitoring features, and posture management.
What are the main data security challenges faced by data teams today?
As companies grow, they typically see an increase in users, use cases, and the volume of data in their environment. This significant growth results in complexities that go beyond what can be managed manually. As a result, data professionals tend to spend a lot of their time on tasks that could be automated.
Often we find data stored in different places, like databases, lakes, warehouses, and cloud environments. This dispersion creates a huge challenge when trying to consistently manage security policies and control data access across all these environments. Some data storage solutions have native features for enabling role-based access control (RBAC) or row-level security (RLS), but these can be difficult to integrate or apply with other data stores.
In larger companies, especially those in highly regulated sectors such as finance or health, each data access request goes through a time-consuming approval process. Too many such requests can become a bottleneck for data engineers and add to their challenges.
This situation can create tension in businesses that handle sensitive customer data. Quick access to vast amounts of data is key for getting valuable insights, which are necessary for staying competitive. However, the requirement to protect customer data while complying with data privacy regulations can eat into the productive time of data engineers.
Without a Data Security Platform (DSP), many companies feel like they have to choose between giving their users too many privileges, potentially putting customer data at risk, or limiting data access and slowing down their data teams. In complex data environments, it can be challenging to maintain visibility- knowing who is accessing what data, when they are accessing it, and why. This lack of visibility can make compliance audits difficult, further requiring resources that could have been used for innovation.
What issues do data teams face when managing data security policies in a modern data platform?
In today’s data-centric world, managing security policies for data has become a pressing issue. Old methods, linking policies to the application or the database, are not keeping up with the times. Importantly, these methods often struggle with scalability, especially when we look at the potential of modern data platforms. Up-to-date data security solutions need a fresh perspective. This involves breaking down the problem into three main parts: storage, computation, and policy.
Earlier systems depended heavily on keeping storage and query processing on the same platform. However, due to technological progress and growing complexities in data, this method is no longer viable. Progress-driven companies like Snowflake have set a new path by separating the policy from the data, an approach that Satori has embraced and further developed.
Satori introduced a groundbreaking strategy by creating a separate place outside the database for applying security policy. This strategy allows for monitoring data usage at a very detailed level and enables the creation of custom policies for specific situations. By separating the policy from the data, we can achieve a flexible and scalable way to manage security while not compromising top-quality performance.
If I’m on a data team that’s dealing with these data security challenges, what should I know about selecting the right Data Security Platform?
When it comes to implementing a data security platform, I focus mainly on three aspects: technical integration, turning business logic into action via a sound policy, and laying out a reliable cadence for ongoing monitoring. Getting this right the first time is crucial to avoid potential pitfalls down the road. I cannot emphasize enough the competitive edge conferred by ease of use—it certainly presents a pathway to expedite project timelines and mitigate implementation risks.
Another consideration is the platform’s capacity to adjust to data fluctuations. Not only does an adaptable data security platform foster trust, but it also cultivates an enriched discourse with the security department.
Seeing through the lens of all potential data use cases can sometimes be challenging. That being said, the ultimate goal is to render data usage as free and straightforward as possible, even in the absence of detailed instructions or predefined patterns.
Consider the main competencies of data security platforms—access control, data security, and compliance. An ideal platform offers coverage on all three fronts, thereby ensuring a safe and accessible data platform that adheres to requested privacy rules.
Looking at the bigger picture, data security platforms play a massive role in protecting sensitive data. There’s a critical need for data classification, control application, and auditing for transaction tracking and meeting regulatory requirements. At the end of the day, security must be ingrained in the core of a data platform—IT architecture and DevOps alike should champion security in their respective workflows.
What advice would you give to a data team that’s recently adopted a data security platform?
Firstly, maintain robust monitoring within your company. Even with stringent security protocols, someone always has the potential to access sensitive data. Employees should all be aware that their actions at work are under surveillance, and that data misuse has serious repercussions.
If an employee in your company has been offered a hefty payment for data exfiltration, they might weigh the option if they think there won’t be any penalties. However, if the risk of their actions being uncovered and resultant consequences are known, most people wouldn’t sacrifice their professional standing and freedom for monetary gain.
My second piece of advice is to optimize the data access workflow to be as effortless as possible. If an employee needs to use data they don’t have rights to, they should be able to easily request it from the respective custodian. The procedure for request and access granting should be so intuitive that the thought of a workaround never crosses their mind. For some teams, for example, incorporating an access request workflow into platforms like Slack is very helpful.
Complex processes encourage people to find workarounds. They might borrow credentials, manipulate the system, or discover alternative avenues for access. It’s human nature to seek easier solutions, so ensure the processes laid down are simple to follow.
And lastly, steer clear of vendor lock-in. The world of data tools is ever-evolving, and what makes up an enterprise data stack today can completely change in a few years. Leave room to adapt swiftly with the introduction of new technologies and avoid committing to a specific vendor or feature. Data teams enjoy experimenting. We are engineers, after all, who love to try out new things and choose the best tool for the task at hand. Most of us don’t subscribe to the philosophy of ‘one tool to rule them all’.
Any closing words?
As technology continues to evolve and our dependency on data grows, the data security landscape is under constant transformation. Companies will face new challenges in securing data in artificial intelligence and machine learning systems, safeguarding data across different cloud services platforms, and managing data sprawl. In these scenarios, the role and flexibility of Data Security Platforms will remain essential. Interested in learning more about automating data access and security? Book a demo with one of our experts.
Related Categories