Written by
Jason Zerbe, Enterprise Solutions Architect, Immuta

Comprehensive data discovery is necessary for a holistic, successful data security practice. When organizations power their data security based on data identification, ensuring that the identification process itself is secure is critical.

With Immuta, you can maximize their investment in Alation by operationalizing metadata for secure data analytics. In this guide, we’ll present the current best practice we’ve seen in the field for leveraging Immuta’s capacity to import Alation Custom Fields for secure data identification.

Security at All Levels of Data Access Maturity

Every modern company resides somewhere on the data access maturity spectrum. On one end are organizations just beginning their data journey. These teams likely start with most of their systems either completely closed or open. As they begin to mature, their data governance team is likely to step in and make more informed decisions about who gets access to what kinds of data.

On the other end of the maturity spectrum is birthright access – an access model where data users are authorized based on what attributes and groups are part of their user identity. When combined with a data stewardship practice, including the empowerment of subject-matter-experts, this enables teams to provide specifically targeted access to their various data assets.

Regardless of your level of data access maturity, it’s important that you have an idea of the types of data your team possesses, where they reside, and how they are accessed and used. Alation offers powerful data cataloging capabilities to help you identify where your organization’s sensitive data resides in your data ecosystem. With Immuta, non- and semi-technical data stewards are enabled with self-service data access at scale across  databases, schemas, and tables. Immuta’s fine-grained data authorizations protect data down to the cell level, striking a balance between utility and security.

To enable this kind of self-service access, you first need to comprehensively identify your data. Alation Tags and Custom Fields play a key role in this process.

What are Alation Tags and Custom Fields?

Alation has two primary ways of allowing data stewards to apply metadata to data assets:

1. Tags: Tags are a single word or phrase which can be attached to most Alation objects by nearly anyone. For instance, users can add a PCI tag for financial data, as shown in the screenshot below.

2. Custom Fields: Custom Fields are key-value pairs which may only be attached and removed by authorized users. In the example below, you can see how a Custom Field, DK_STEWARD, can have multiple values associated with a single key.

The Value of Using Alation Custom Fields in Immuta

When Alation and Immuta are first deployed, often a few data governors are logging in on a regular basis to classify data and author policy. As the team’s data journey continues, more employees within the organization – or an external partner – may receive access to these powerful tools. In the beginning, allowing anyone who has access to Alation to identify data through Tags may be feasible, but eventually you may opt to move to Custom Fields to put more fine-grained controls on your data classifications.

The choice between using Alation Custom Fields or Tags should be an open conversation between your Alation and Immuta account teams, in order to best support your business processes and company goals. The good news: regardless of your choice, Immuta supports both Tags and Custom Fields.

One mutual Alation and Immuta customer in the biopharmaceutical industry began their journey using Alation Tags to help quickly crowdsource the bootstrapping of their data practice. Later in their journey, this team chose to migrate to Alation Custom Fields in order to secure their data classifications. Now, Custom Fields are powering their organizational data policies. By securely handling HIPAA data, this customer was able to  prove to the FDA’s auditors that the terms of the Corrective and Preventive Action had been met and was granted premarket approval.

How to Implement Alation Custom Fields

Interested in using an Alation Custom Field in your Immuta policy? In the following demo, we’ll show you how to:

  1. Create an Alation Custom Field
  2. Add permissions to your Custom Field
  3. Apply your Custom Field to tables and columns
  4. Sync your Custom Field into Immuta
  5. Build policy based on the Custom Field



To learn more about Alation + Immuta, check out How to Implement Immuta with Alation.