Automate Data Access & Privacy Controls Across Cloud Data Platforms

As data teams modernize data stacks for the cloud, it’s becoming more difficult to control enterprise-wide data access across cloud data platforms. Each platform has its own native access controls, which multiplies the risks, costs, and maintenance as new platforms are added. Immuta is the modern data access control solution for cloud data ecosystems, enabling data teams to accelerate data delivery, simplify administration, reduce risk, and safely unlock more data.

Common Data Access Control Scenarios:

  • Enable Local and Regional Data Segmentation
  • Access Data Across Multiple Cloud Platforms
  • Centralize Data Policy Management

Centralized Data Access Control

Using Immuta’s plain language policy builder, data teams can centralize and automatically enforce data access and security policies across multiple cloud data platforms through modern, fine-grained, attribute-based access controls (ABAC).

Cloud Data Discovery and Classification

With Immuta’s sensitive data discovery, data teams can auto-detect sensitive data and generate standard classification and tagging across cloud data platforms to deliver consistent policy enforcement for all data consumers – from BI analysts to data scientists.

Consistent Data Privacy Controls

Immuta’s powerful data masking and anonymization capabilities help data teams scale access protection with techniques that are backed by math and centrally enforced across cloud data platforms, without copying or moving data.

Unified Data Access Audit Logs

Immuta monitors and logs data access across your cloud data ecosystem. Track requests and access to data, policy changes, how data is being used, and more – all from a centralized policy tier.

By incorporating Immuta’s automated governance and privacy capabilities, we have enhanced our overall strength and security of the platform. We look forward to continued innovation from Immuta to help Aon with our data and analytics initiatives.

Steve Petrevski SVP & General Manager, Data & Analytics Services at AON

Frequently Asked Questions

What are access controls by definition?

Data access controls, by definition, are the processes and techniques implemented to permit or restrict who can view and/or use data within a specific environment. For organizations that leverage any type of data, access controls are fundamental in executing a data security strategy that minimizes risk without hindering utility.

What are the four main access control types?

The four main types of access control are discretionary, mandatory, role-based, and attribute-based. With discretionary access control (DAC), users create rules to determine who has access to the data through access control lists (ACLs) and capabilities tables. Mandatory access control (MAC), often regarded as the strictest type, takes a hierarchical approach to data access in which a systems admin regulates data access based on varying security clearance levels, and is widely used in the government and military. Role-based access control (RBAC) depends on a systems admin to grant access permissions based on a user’s role within the organization. Unlike RBAC, attribute-based access control (ABAC), enables data access based on attributes of the user, object, action, and environment, creating a dynamic system that vastly reduces the number of policies needed to enforce access control and avoids the need to create new roles for all changes to a data environment.

Is RBAC considered granular access control?

No, RBAC is not considered granular access control; instead, it is an example of coarse-grained access control. This is because RBAC makes access decisions based solely on users’ roles, which are generally broadly defined and static. As a result, access decisions are relatively binary and lack nuance. On the other hand, granular access control, such as ABAC, take a multi-dimensional approach to permitting or restricting access to data. This approach makes context-aware decisions based on factors related to the user, as well as the data object, environment, and intended action. Therefore, granular access control is a more flexible and dynamic methodology.

What is the difference between role-based access control vs. mandatory access control?

Role-based access control (RBAC) grants data access to users based on their role or function within the organization. This type of access control works for small organizations with few data sets and data users, but as roles, users, and rules change, data teams are forced to create new roles to accommodate organizational evolutions. As a result, a system may contain hundreds or thousands of roles that are difficult to manage and scale as organizations grow, which can lead to increased risk of data leaks and breaches.

Mandatory Access Control (MAC) is considered the strictest access control model. Primarily used by the government and military, this form of access control takes a hierarchical approach to regulating data access. Security labels, denoting both classification and category, are placed on the available resources by system admins and cannot be changed by any other users. The same labels are attributed to the system’s users, so only those with the proper security credentials are able to access certain resources within the system.

What is the purpose of data governance?

The purpose of data governance is to ensure the right frameworks and processes are in place to manage data security and access throughout the entire ecosystem. Data governance systematically determines the standards, policies, and people involved in keeping data secure and accurate, so that users enterprise-wide are able to access, use, and trust data without putting the information or the organization at risk.

Have 29 minutes?

Let us show you how Immuta can transform the way you govern and share your sensitive data.