About the Entertainment Company
The company has one of the world’s largest streaming services, with millions of subscribers worldwide, and uses customer analytics to generate individualized recommendations that personalize and enhance the customer experience.
In a category with several major players — not to mention billions of hours of content — providing a top-notch customer experience that attracts viewers, retains them long-term, and elicits maximum engagement, is essential to staying competitive.
Challenge
While data collection and analytics is a key driver of success for this global media company, ensuring subscribers’ data remains secure and private is paramount. Instances of data leaks related to subscription data have been well documented, albeit damaging, as the use of streaming services has exploded in recent years.
Meanwhile, the service’s data and legal teams must keep up with new and evolving data use regulations at both the federal and state level, including COPPA and CPRA, in addition to existing laws like GDPR, to ensure their policies sufficiently satisfy all requirements and standards.
This highly popular service adopted Databricks and Snowflake to house and analyze subscriber data. However, a broad swath of rules exist for accessing this data that dictate how it can be used and shared across regions and partner networks, as well as for marketing purposes. Native platform access controls were unscalable, particularly as the service’s subscriber base grew exponentially.
This led to role bloat, views, and copies of anonymized data for each region or partner network, which introduced potential risk to the data’s security, quality, and maintenance, and made monitoring and auditing data access and use on-demand nearly impossible.
To keep up with demand without sacrificing security or customer experience, the streaming service needed a solution capable of seamlessly handling complex data access rules on massive troves of data across its entire data ecosystem.
Solution
The streaming service chose Immuta to automate access control over all of its data across Databricks and Snowflake, with Azure AD providing identity management.
With Immuta, the service’s data team is able to:
- Implement dynamic, attribute-based access control (ABAC) to scale user access by safely restricting data within the user’s geography based on Azure AD attributes, without having to manage roles and views.
- Deliver safe data access across the environment more efficiently than ever using Immuta, where all data processing is done natively in Snowflake and Databricks.
- Apply advanced data security and privacy controls with Immuta’s privacy-enhancing technologies (PETs) across Snowflake and Databricks. Dynamic data masking capabilities, such as k-anonymization and differential privacy, enable the DataOps team to consistently anonymize subscriber data containing personally identifiable information (PII) based on user attributes.
- Eliminate the need to copy data by dynamically enforcing access controls consistently across platforms, and avoid a proliferation of views and tables.
- Extend the control plane to additional cloud services, such as Starburst or Trino (formerly PrestoSQL), so they are able to create global policies once and enforce them across the entire data ecosystem.
Results
Since implementing Immuta, the streaming service has:
- Automated data classification and enforcement across platforms, allowing the data team to consistently scale and secure data access for all users without the risk of a data leak.
- Reduced risk of customer re-identification using mathematical guarantees provided by Immuta’s dynamic PETs.
- Eliminated the proliferation of data copies, views, and roles across services, thereby reducing complexity, bottlenecks, risk, and compute costs.
- Improved the data team’s productivity by freeing them of manual processes that delayed speed to data access, so that users now always have up-to-date data.
- Successfully scaled and maximized the value of its data as customer demand continues to grow — with no data leaks or breaches.
