5 Tools for Secure Data Analytics in Okta

More organizations than ever are leveraging the power of multiple cloud data platforms for business-driving analytics. In fact, 93% of organizations have a multi-cloud strategy for analytics and data science, and 87% have a hybrid cloud strategy. In the next two years, the trend toward diverse cloud data ecosystems will continue, as more than half of organizations plan to adopt two or more platforms.

But in today’s ever-changing data environment, capitalizing on the strengths of advanced capabilities — like modern cloud data warehouses and analytics platforms — often comes at a price for data engineering and operations teams. Managing cloud-based or hybrid analytics architectures can create technical and operational roadblocks when each data platform’s tools are handled disparately, which in turn increases the risk of security breaches and data privacy violations as a result of human error.

To help data teams overcome these challenges, Immuta natively integrates with Okta to provide cross-platform identity management and authorization, a secure active data catalog, fine-grained data access control, and dynamic data masking. Together, Immuta and Okta allow data teams to automate data access, accelerate data delivery, simplify administration, reduce risk, and unlock data-driven outcomes across multiple cloud data platforms. This frees data teams from having to move or copy data, manually identify and remove sensitive information, and manage complex user roles across platforms. 

Immuta and Okta’s native integration maximizes data’s utility and security with five core features:

1. Okta Lifecycle Management Workflows

One stumbling block for data initiatives is often time to data access. When it takes weeks or months to access data sets, the value of that data diminishes and projects stall. A significant contributor of slow time to data access is coding. When data teams are forced to write custom code for various applications and functions — and the rest of the organization relies upon them — it requires substantial time and resources that hinder overall productivity.

Together, Okta and Immuta mitigate this issue by enabling no-code processes. Okta’s Lifecycle Management Workflows allow administrators to automate identity-centric processes without code. Simultaneously, Immuta’s policy-as-code approach enables all data security stakeholders — not just data engineering and operations teams — to author policies in plain English once and scale them across all cloud data platforms. By automating processes without code, Okta and Immuta help accelerate time to data access while also giving non-technical users the ability to contribute to data access and security.

2. Okta SCIM

As work and technology began moving toward the cloud, Okta proactively developed its System for Cross-domain Identity Management (SCIM). This open standard, which enables automated user provisioning, was far ahead of the cloud adoption curve. 

As cloud platform usage accelerates and organizations increasingly shift to diverse cloud environments, Okta SCIM eliminates the burden of maintaining multiple passwords and manually signing into each individual platform. With SCIM, a single Okta identity can authorize access to multiple cloud services. 

On its own, this could pose a potential security and privacy risk. For instance, if an attacker guessed a user’s password, they hypothetically would have unlocked unauthorized access to that user’s data access permissions within each cloud platform. Immuta eliminates this risk by natively integrating with SCIM and extending authorization to cloud data sources, including Immuta’s expanding partner network of leading cloud data platforms such as Snowflake and Databricks.

3. Dynamic Policy Creation

The Okta Identity Cloud provides a universal directory in which to store and manage all users, groups, and devices. Immuta can use this collection of identities and user attributes to easily create data policies — without having to start from scratch.

Immuta’s dynamic data policy creation capabilities leverage Okta identities and user attributes to federate cloud identities and authorization in cloud data sources. This is particularly powerful and scalable in a cloud data ecosystem because it saves data teams substantial time and effort, without compromising data security. 

With Immuta, it’s no longer incumbent upon data teams to manually update roles and policies, a time-intensive task liable to slip through the cracks. Now, when Okta identity attributes change, Immuta’s data policies automatically and dynamically update, empowering data engineers and architects to use their time to curate robust, accessible, and secure data pipelines.

4. Fine-Grained Access and Security

In diverse cloud or hybrid analytics environments, legacy and role-based access control (RBAC) approaches often fall short due to insufficient security measures and unscalable implementation processes.

Not only is it difficult to manage the number of data sources and users in any organization comprising more than a handful of people, but role changes require manual updates, which is an added burden on data teams. The “role explosion” RBAC causes requires data engineers and architects to copy data and maintain complex libraries of user roles to ensure strong security and compliance. As a result, the potential for human error introduces the imminent threat of unauthorized data access. 

Immuta solves this problem for Okta users with dynamic, attribute-based access control (ABAC) and purpose-based access control (PBAC) models. This allows users to build intelligent data policies that dynamically adapt data views — at the row-, column-, or cell-level — based not just on user role, but on the data itself or the purpose for analysis or data modeling. Since Immuta’s data policies are global and scalable, data engineers and architects also don’t have to separately apply data access controls to each cloud platform.

Fine-grained access and security was particularly important to The Center for New Data, a coalition of science, technology, and policy experts using data to develop a coordinated response to COVID-19. The Center needed to provide researchers secure access to highly sensitive personal data as soon as possible to identify potential virus hotspots and suppress outbreaks, without violating regulatory or compliance standards. Using Okta and Immuta, they achieved that goal. 

“Our platform brings together massive amounts of sensitive data to help analysts track the spread of COVID-19 and help shape public policy and the health response,” said Ryan Naughton, Co-Founder and Co-Executive Director with The Center for New Data. “Due to the incredibly sensitive nature of our data, we needed a robust identity management solution that extends authorization not just to the database level, but to the row, column and cell-level. The combination of Okta and Immuta allows us to confidently authenticate a diverse set of users and authorize different levels of analyses, while preserving privacy and ensuring compliance with regulations and contractual data rights.”

5. Auditing and Reporting

When it comes to data use, simply putting sensitive data discovery tags and data access controls in place is not enough. In today’s highly regulated environment, data teams must also be able to audit data use and prove compliance. 

Immuta’s rich audit logs and reporting, combined with Okta’s identity and authorization, provide total transparency into who accesses what data, when, and for what purpose. In a diverse cloud data ecosystem, Immuta’s unified audit logs pull this information into a centralized policy tier so data, compliance, and legal teams can easily monitor data access and usage across platforms. 

Immuta’s auditing and automated reporting also shows how data has been changed over time. This enables data teams to create data science and analytics reporting to share with compliance teams and to prove adherence with internal data usage rules, privacy regulations, third-party contractual requirements, and more.

The ability to audit data use based on purpose is important for regulatory requirements like CCPA and GDPR, which require sensitive data use to have a clear and intended purpose. With Immuta’s comprehensive data audit reports, these standards can be easily met and eliminate concerns of personal liability for noncompliance. 

The future of data use and analytics lies in a cloud-based strategy. But, without the right tools, data teams’ impact — and the impact of the data itself — may be stifled. Immuta’s native integration with Okta solves the most common challenges of cross-platform data access that data engineers and architects face by simplifying the management of user identity, authorization, and fine-grained data access in cloud, multi-cloud, and hybrid environments. 

To find out more about how Immuta integrates with Okta, request a demo today.


Related stories