Article

A Single, Self-Service Access & Control Point for All Your Organization’s Data

A common reaction to data governance issues is to keep data in silos and adopt ad hoc access control measures for each silo, in hopes that doing so will reduce unwanted uses. Such an approach, however, tends to be overly restrictive, leads to duplication of effort and, above all, makes monitoring burdensome and costly. Immuta allows you to simultaneously unlock the full potential of your data and streamline compliance by creating a single, self-service access and control point for your organization’s data, ensuring a high degree of protection for all types of restricted data.

Figure 1. A depiction of Immuta’s architecture.

Figure 1 depicts Immuta’s underlying architecture. At the bottom, raw data is virtually exposed to Immuta. The Immuta platform is represented in the gray box in the middle of the diagram, where dynamic data masking tools like differential privacy, k-anonymization and more are enforced dynamically as data is accessed. At the top of the diagram, data consumers can access that data through a variety of access patterns. Immuta’s access patterns include an Immuta SQL connection, a virtual file system, Hadoop Distributed File System (HDFS) and Spark. In each case, the data consumer will connect to Immuta using their tool of choice and only view the data they are permitted to see within Immuta. Immuta is a read-only system, meaning that the integrity and location of the original, raw data is never altered and remains fully protected.

A few major features of the Immuta platform include:

Agnostic platform: Immuta sits between your data sources and third party applications. Crucially, Immuta is both data-source and third-party-tool agnostic, allowing data owners within your organization to connect as many data sources as they want to the platform. This also allows data scientists to connect an unlimited number of third-party tools to access the data. Importantly, since Immuta is read-only, it prevents unwanted modification, copying or loss of the raw data. Data integrity is thus secured at all times.  

Layered approach: Immuta enables you to fully control your data environment through data policies that can be applied at a global level (for all data sources) or at a local level for selected data sources. Immuta relies upon a tripartite role allocation: data consumers, data owners and governors. Both data owners and governors are able to set policies for the data sources they own or govern. Two types of data policies can be set: subscription policies governing who can access data sources, and policies that impact the way the data appears to data consumers. Data policies can include masking attributes, hiding attributes, minimizing the size of the data set, making the data differentially private and restricting the purpose for which the data can be used. This layered approach is grounded on two pillars: seamless data access control and virtualization, which together remove unnecessary movement of data.

Ongoing monitoring: Once policies are set for each data source, data audit trails enable both data owners and governors to monitor data usage, generate reports and audit processing activities. This feature is essential for demonstrating compliance. Within Immuta, for example, data engineers can seamlessly create a report that states who has accessed a specific data source, for what purpose and when.

Effortless customization:  Organizations and business units across sectors have different needs and requirements. Immuta’s strength lies in its high degree of flexibility at every layer, enabling compliance with the strictest rules and regulations on data.  

As organizations become increasingly reliant on data-driven insights, a single, self-service access and control point for data is critical to reducing the burden on data engineers to operationalize influxes of data, and also to democratizing data and increasing data consumers’ speed to access. To find out more about how Immuta can help protect your organization’s data – even the most sensitive data – request a demo today.