Today, modern data platforms are growing in complexity. These are to meet the changing needs of data users. People need faster access to data but the data scientists are stuck with IT, security and governance.
As a result, Data scientists are unable to figure out how to provide data in a secure and standardized way. Let’s discuss about 5 steps for scaling Universal data and authorization
Step#1: Move To Attribute-Based Access Control (ABAC)
Many organizations used to create access control policies with role-based access control (RBAC). And, it is useful for simple use cases. But, as the data platform develops in scale and complexity there will be a situation as “role explosion”.
For this reason, ABAC is so critical. Because it allows organizations to monitor dynamic data authorization policies.
Thus, consolidating from multiple systems to make a context-aware approach to grab the data access.
Step#2: Create And Enforce Dynamic Access Policies
Because, most of the existing policy enforcement still requires maintaining multiple copies of each dataset. However, this will also increase the cost of maintaining it.
In this case, you will need to develop an enforcement engine to dynamically filter and transform the data. For this, the people choose to apply data transformations. Such as Tokenization, anonymization, masking and other techniques such as differential privacy.
Thus, dynamic enforcement would be essential for access policies without increasing complexity in the overall data system. And, it is also helpful for organizations to be responsive to changing governance requirements.
Step#3: Develop A Unified Metadata Layer
Metadata layer is simply the online engine’s fuel. It is to provide visibility to what and where the organization’s datasets require to create access control policies.
So, a rich layer of metadata would help to enable organizations to develop more granular and relevant access policies with it. Moreover, there are four areas to consider for structuring the metadata lifecycle:
- Access: To enable access via API, to leverage metadata for policy decisions.
- Unification: To develop a unified metadata layer.
- Metadata Drift: To ensure either metadata is up to date
- Discovery: To discover new business and technical metadata.
Thus, each analytical engine would require its own technical metastore to maintain data access and classification.
Step#4: Ensure Distributed Stewardship
It is one of the matters of concern that when a data access enforcement was not properly architected, it could be a bottleneck. And, a lack of an access model would enable non-technical users to manage the data policies.
In this case, an effective data access management would be required to ensure distributed stewardship. Then, this system will be concerning two key areas.
Firstly, to offer the management of data and access policies to the people in the lines of business such as data stewards and administrators. Because, they will replicate the data and governance standards across the groups in the organization.
Secondly, this system must have to ensure that changes are propagating continuously throughout the organization.
Step#5: Develop A System Of Easy Centralized Auditing
It is all about knowing where sensitive data lies, who is accessing it and also about who could have the permission to access it.
A system of centralized auditing is a must for generating reports on how data is being used. It will also enable data breaches alerts through a single integration with the SIEM.
However, organizations are finding different solutions that audit log schema to enable governance teams to answer audit questions. Thus, a centralized audit system will let you know what data you have and how the people are using it.