Article

How to Enforce Policies on Data Platforms with Alation & Immuta

Immuta is the modern data access control and security solution that gives data engineering and DataOps teams the power to leverage metadata to build and automatically enforce data access policies and apply dynamic data masking techniques at query time. Many Immuta customers have adopted Alation, an Immuta partner, as their enterprise-wide data catalog solution. Immuta allows customers to maximize their existing investment in Alation by enabling metadata operationalization for safe data analytics use.

Why do Alation customers adopt Immuta?

Data stewards working in Alation are primarily responsible for creating and maintaining policies, but the onus is on data architects and engineers to ensure implementation of the necessary controls to continuously enforce these policies on their cloud data platforms (such as Databricks, Snowflake, AWS, and others) for compliant data use. Additionally, enforcing policies on data access needs to account for real-time changes to data, roles, purposes, or other dynamic attributes.

Immuta provides a data access control layer that can be integrated with metadata from Alation to provide automated security and privacy controls to enforce the enterprise policies for data analytics use. That way, if there are assets or elements that should not be used or leveraged by certain analysts, those analysts are not necessarily fully blocked from the data; instead, they are able to query a resource that provides an appropriate level of insights while still retaining, masking, or obfuscating objects that should not be accessed or viewed. All of this is done automatically at query time, so that analysts still receive quality data, with the caveat that it is amended for their specific needs and permissions.

With this fine-grained access control, organizations leveraging Immuta with Alation are able to accelerate safe, self-service access to data without burdening multiple parties throughout the organization with policy implementation management. What specific capabilities does Immuta offer to data platform and engineering teams looking to operationalize metadata in Alation?

You can watch an example of how Immuta and Alation work together in production in this on-demand webinar presented by the Director of Enterprise Architecture at Aon. Below is a representation of how Aon leveraged the two platforms together from the webinar.

How is Immuta implemented with Alation?

  • Metadata is integrated from Alation and registered with Immuta.
  • Data engineers/architects create access control policies using the integrated metadata from Alation.
  • When users query data, Immuta uses Alation’s metadata to automatically apply the appropriate access controls based on attributes specific to the data, user, environment, and purpose.
  • Data consumers are only able to access/use data at the level appropriate for their user entitlements.

Steps to integrate Alation as an External Catalog with Immuta

1. Click the App Settings icon in the left sidebar.

2. Click the link in the Configuration panel to navigate to that section.

3. Click External Catalogs, select ID as Alation, and enter the URL and API Key to test the connection.

Identity Management & External Masking in Immuta

4. Create data access control policies driven by Alation metadata that are enforced transparently for data consumers using their favorite cloud data platforms, such as Databricks, Snowflake, Starburst, Amazon Redshift, Google BigQuery, Azure Synapse, and more.

databricks-and-immuta-integration-screenshot-f

How can data-driven organizations benefit from Alation with Immuta?

Within Alation, metadata and data usage are mutually beneficial: The more data consumers use Alation, the better its metadata becomes, and the better its metadata becomes, the easier it is for users to find data. Adding Immuta to that cycle helps ensure that the right data is accessible to the right people at the right time, based on metadata-informed access control policies.

Leveraging metadata to automatically enforce these policies at query time removes the burden on data engineers and architects, as well as other stakeholders throughout the organization, to manually monitor policy implementation. Now, data users will not be prohibited from accessing data that doesn’t map to their role, but rather will see data with the appropriate level of insight based on dynamic attributes like usage purpose, data type, time, and more. This continuous enforcement on cloud data platforms applies to any data consumer, whether accessing data from data science notebooks, analytical tools, or through Alation Compose, and it further reduces the need to use manual workflow steps to request or deny access to sensitive data.

Immuta and Alation’s proactive approach to data access control simplifies the responsibilities of data engineering and operations teams while making data access seamless and secure for all users.

Ready to get started?

Request a Demo