What is Access Control?
Summary
TLDRJared Hillam discusses the evolution and importance of access control in data security. As organizations grow, access control becomes crucial for managing who can see what data, reducing irrelevant information and ensuring sensitive data protection. With the rise of cloud data platforms, centralized data requires flexible access control, necessitating a shift from traditional BI tools to embedding security in the data architecture itself. This approach allows for consistent access across various tools and ensures data is relevant to the audience, promoting a loosely coupled architecture for independent upgrades and business continuity.
Takeaways
- 🔒 Data security is not only about external threats like hackers but also about internal access control to ensure sensitive information is protected and irrelevant data is not unnecessarily exposed.
- 📈 As organizations grow, access control becomes increasingly important to manage the visibility of data across different segments of the organization.
- 🚧 The traditional approach to access control, which was tied to business intelligence (BI) tools, is no longer sufficient for modern, large-scale data architectures.
- 🗂️ The shift towards centralizing data in data warehouses and data lakes has necessitated a reevaluation of where and how access control is implemented.
- 💡 Access control should be an integral part of the data architecture itself, not just an afterthought in the BI layer, to ensure flexibility and scalability.
- 🔄 The move towards cloud data platforms has enabled scalable querying of centralized data sets, which in turn requires a more dynamic and decentralized approach to access control.
- 🔗 Loose coupling is a key architectural principle that can be facilitated by embedding access control in the data architecture, allowing for independent upgrades and interchangeability of analytics tools.
- 🛡️ Deep access controls are essential for ensuring that data is segmented and relevant to the audience consuming it, regardless of the tool used to access the data.
- 👥 Large organizations may have multiple BI tools and diverse audiences interacting with data, necessitating a more granular and centralized approach to access control.
- 📝 Active governance, auditability, and sustainable standards are crucial for managing roles and data segment grants in complex cloud data architectures.
Q & A
What is the primary concern with data security beyond hacking and theft?
-The primary concern with data security beyond hacking and theft is access control, which defines what segments of data internal parties can see.
Why is access control important in large organizations?
-Access control is important in large organizations because it not only protects sensitive data but also minimizes noise by ensuring that only relevant data is accessible to specific organizational parties.
How has the approach to data consumption changed over the past 20 years?
-Over the past 20 years, data consumption shifted from one-off business intelligence reporting applications to more centralized data warehousing, and then to cloud data platforms that allow scalable querying of centralized data sets.
What was the traditional location for access control in data architectures?
-Traditionally, access control was located in the business intelligence layer, even after data had been centralized in a data warehouse.
Why did the approach to access control need to change around 2015?
-The approach to access control needed to change around 2015 due to the advent of cheap storage methods, which led to further centralization of data and a need for more flexible data access across a growing number of tools and audiences.
Why can't access control be tightly coupled with reports and dashboards in modern data platforms?
-Access control cannot be tightly coupled with reports and dashboards in modern data platforms because organizations may use multiple business intelligence tools and have various audiences interacting with data directly, necessitating a more flexible and decentralized approach to access control.
Where should security be implemented in modern data architectures to ensure flexibility and consistency?
-Security should be implemented back into the architecture as an aspect of the data itself, ideally at the data lake level, to ensure that any access to the data can be segmented and relevant to the audience consuming it.
What is the benefit of pushing access control back to the data lake?
-Pushing access control back to the data lake allows every point of data to be served to every user with no concern about the tool issuing the query, meeting the expectations of business stakeholders for a flexible data architecture.
What is the key to successfully implementing deep access controls in a data architecture?
-The key to successfully implementing deep access controls is active governance, auditability, and sustainable standards, with administrators being highly aware of roles and grants for data segments.
What is the title of the white paper mentioned in the script that discusses potential issues with access control?
-The title of the white paper mentioned is 'How to Botch Your Snowflake Deployment in Three Easy Steps.'
Outlines
🔐 The Importance of Access Control in Data Security
Jared Hillam discusses the critical role of access control in data security, emphasizing its significance beyond just preventing data breaches. Access control is crucial for defining which segments of data internal parties can see, which is particularly important as organizations grow. The necessity for access control arises not only from the sensitivity of data like salaries but also to minimize irrelevant data exposure, reducing 'noise' within the organization. Hillam points out that the placement of access control logic has significant implications for data architecture, and it has become a major challenge in recent years. Historically, access control was managed through business intelligence (BI) tools, but with the advent of cloud data platforms and centralized data storage, a more flexible approach is needed. The video suggests that access control should be integrated into the data architecture itself, ideally at the data lake level, to ensure consistent and relevant access for various tools and audiences.
📚 Access Control Challenges and Solutions
The second paragraph introduces a white paper that addresses common pitfalls in access control, specifically within Snowflake deployments. The paper, titled 'How to Botch Your Snowflake Deployment in Three Easy Steps,' is available in the video description. Additionally, the paragraph offers viewers the opportunity to connect with a specialist for personalized advice on their data security situations. The video suggests that while the ideal of flexible, accessible data architecture is clear, achieving it requires active governance, auditability, and sustainable standards. It also highlights the expertise of Intricity in implementing cloud data architectures for large organizations, indicating their experience in navigating the complexities of access control in modern data environments.
Mindmap
Keywords
💡Data Security
💡Access Control
💡Centralized Logic
💡Data Warehouse
💡Data Lake
💡Loose Coupling
💡Business Intelligence (BI) Tools
💡Scalability
💡Active Governance
💡Auditability
Highlights
Data security involves not only preventing hackers from acquiring sensitive data but also managing access control within organizations.
Access control is crucial as organizations grow, to manage who can see different segments of data.
Data may be irrelevant to certain organizational parties, emphasizing the need for access control to minimize noise.
Access control's placement can lead to either enablement or chaos in large data architectures.
20 years ago, data was primarily consumed through business intelligence reporting applications.
Centralized logic in data warehousing became more prevalent as organizations sought to centralize data.
Access control initially resided in the business intelligence layer, even with data centralized in a warehouse.
Around 2015, cheap storage led to a centralization of data, changing data consumption patterns.
Cloud data platforms have enabled scalable querying of deeply centralized data sets.
Organizations need flexible data access for a growing number of tools and audiences.
Tightly coupling access control to reports and dashboards is no longer suitable for modern data platforms.
Security should be integrated into the data architecture, closer to the base data lake where centralized data resides.
Deep access controls ensure consistent and relevant data access for any tool or audience.
Loose coupling in architecture is promoted by housing security in the data architecture, allowing interchangeability of analytics tools.
The end goal is to serve every point of data to every user without concern for the querying tool's modality.
Achieving this requires active governance, auditability, and sustainable standards.
Administrators must be aware of roles and grants for data segments, which can be complex in cloud platforms.
Intricity has experience implementing cloud data architectures and offers insights in a white paper on avoiding access control pitfalls.
Transcripts
hi i'm jared hillam when it comes to
data security
most people think of hackers and hoodies
trying to acquire sensitive data
and while this is a very important side
of security
there's also a practical side to data
security and that's
access control access control
is what defines the segments of data
that internal parties can actually see
and the larger an organization gets the
more important access control becomes
now this isn't just because some data is
sensitive like people's salaries
but because data might be completely
irrelevant
to certain organizational parties
so simply for the benefit of minimizing
noise
being able to isolate data through
security is a super important function
but the question becomes where should
the definition
of this access control occur if you
recall from one of our previous videos
that asks
where should logic live we learn that
the answer to that question
has massive downstream impacts when it
comes to access control
it can be the difference between
enablement or total
chaos in recent years access control has
become a
primary stumbling block in large data
architectures
now let me give you some contextual
history to explain why
20 years ago data was mostly consumed
through one-off
business intelligence reporting
applications
these systems housed all the complex
queries
for producing formatted reports however
organizations began to see
that the data itself needed more
centralized logic
this was the time where wider adoption
of data warehousing
came into the picture access control
still
mostly lived in the business
intelligence layer
even though the data had been somewhat
centralized in a warehouse
in those early years any consumption of
the data
outside of the data warehouse and bi
layer was often considered
as a rogue query but this all began to
change around
2015. this is because cheap storage
methods
ushered in a centralization of data
in more recent years cloud data
platforms have now made it possible to
scalably query these deeply centralized
data sets
with all this centralization
organizations need their data to be
flexible to an ever-growing number of
tools and audiences
this means they can't just tightly
couple all the access control into some
reports
and dashboards and then call it a day
large organizations may end up having
10 business intelligence tools due to
acquisitions and different end user
needs
additionally they may have dozens of
different audiences that interact with
the data directly and not through some
sanctioned analytics tool so having
access control
nested into the bi layer no longer is a
proposition
that can suit today's large modern data
platforms
instead security needs to go back into
the architecture as an
aspect of the data itself and this
doesn't mean the data warehouse
but rather even further back into the
base data lake
where all the core centralized data
resides
this is the only way to ensure that any
access to the data can be segmented
and relevant to the audience consuming
it
additionally this makes it possible for
any business intelligence
analytics data science or reporting
layer
to plug into the environment and get
consistent access
based on credentials and do so no matter
if they queried the data warehouse
or the data lake another important
reason for setting up these deep access
controls
is loose coupling if you recall from our
video titled
what is tight coupling the correct
practice in any architecture is to
loosely couple
each component so they're independently
upgradeable
by housing the security in the data
architecture
the analytics tool becomes highly
interchangeable without impacting the
business
the end result of pushing access control
all the way back to the data
lake is the ability to serve up every
point of data to every user
with no concern about the modality of
the tool issuing the query
this ultimately is what business
stakeholders expect from their data
architecture
in the first place but delivering on
this is much
easier said than done but it is doable
and worth it
the key here is active governance
auditability
and sustainable standards administrators
need to be highly aware of
roles and grants for data segments which
can be tricky for some of these cloud
platforms now intricity has spent a lot
of time with this topic
as it is implemented hundreds of cloud
data architectures for large
organizations
we recently wrote a white paper diving
into some of the critical points that
can go wrong with access control
titled how to botch your snowflake
deployment in three easy steps
we've included a link to that white
paper in the video description
also if you'd like to talk with a
specialist about
your specific situation you'll see a
link for that as well
تصفح المزيد من مقاطع الفيديو ذات الصلة
Access Controls with Unity Catalog
Security Standards - CompTIA Security+ SY0-701 - 5.1
What Is Data Fabric | How Data Fabric Works | Data Fabric Explained | Intellipaat
CompTIA Security+ SY0-701 Course - 2.5 Mitigation Techniques Used to Secure the Enterprise
Cloud Computing - Overview
Lec-7: What is Data Independence | Logical vs. Physical Independence | DBMS
5.0 / 5 (0 votes)