What is Access Control?

ness-intricity101

12 Jan 202105:20

Summary

TLDRJared Hillam discusses the evolution and importance of access control in data security. As organizations grow, access control becomes crucial for managing who can see what data, reducing irrelevant information and ensuring sensitive data protection. With the rise of cloud data platforms, centralized data requires flexible access control, necessitating a shift from traditional BI tools to embedding security in the data architecture itself. This approach allows for consistent access across various tools and ensures data is relevant to the audience, promoting a loosely coupled architecture for independent upgrades and business continuity.

Takeaways

🔒 Data security is not only about external threats like hackers but also about internal access control to ensure sensitive information is protected and irrelevant data is not unnecessarily exposed.
📈 As organizations grow, access control becomes increasingly important to manage the visibility of data across different segments of the organization.
🚧 The traditional approach to access control, which was tied to business intelligence (BI) tools, is no longer sufficient for modern, large-scale data architectures.
🗂️ The shift towards centralizing data in data warehouses and data lakes has necessitated a reevaluation of where and how access control is implemented.
💡 Access control should be an integral part of the data architecture itself, not just an afterthought in the BI layer, to ensure flexibility and scalability.
🔄 The move towards cloud data platforms has enabled scalable querying of centralized data sets, which in turn requires a more dynamic and decentralized approach to access control.
🔗 Loose coupling is a key architectural principle that can be facilitated by embedding access control in the data architecture, allowing for independent upgrades and interchangeability of analytics tools.
🛡️ Deep access controls are essential for ensuring that data is segmented and relevant to the audience consuming it, regardless of the tool used to access the data.
👥 Large organizations may have multiple BI tools and diverse audiences interacting with data, necessitating a more granular and centralized approach to access control.
📝 Active governance, auditability, and sustainable standards are crucial for managing roles and data segment grants in complex cloud data architectures.

Q & A

What is the primary concern with data security beyond hacking and theft?
-The primary concern with data security beyond hacking and theft is access control, which defines what segments of data internal parties can see.
Why is access control important in large organizations?
-Access control is important in large organizations because it not only protects sensitive data but also minimizes noise by ensuring that only relevant data is accessible to specific organizational parties.
How has the approach to data consumption changed over the past 20 years?
-Over the past 20 years, data consumption shifted from one-off business intelligence reporting applications to more centralized data warehousing, and then to cloud data platforms that allow scalable querying of centralized data sets.
What was the traditional location for access control in data architectures?
-Traditionally, access control was located in the business intelligence layer, even after data had been centralized in a data warehouse.
Why did the approach to access control need to change around 2015?
-The approach to access control needed to change around 2015 due to the advent of cheap storage methods, which led to further centralization of data and a need for more flexible data access across a growing number of tools and audiences.
Why can't access control be tightly coupled with reports and dashboards in modern data platforms?
-Access control cannot be tightly coupled with reports and dashboards in modern data platforms because organizations may use multiple business intelligence tools and have various audiences interacting with data directly, necessitating a more flexible and decentralized approach to access control.
Where should security be implemented in modern data architectures to ensure flexibility and consistency?
-Security should be implemented back into the architecture as an aspect of the data itself, ideally at the data lake level, to ensure that any access to the data can be segmented and relevant to the audience consuming it.
What is the benefit of pushing access control back to the data lake?
-Pushing access control back to the data lake allows every point of data to be served to every user with no concern about the tool issuing the query, meeting the expectations of business stakeholders for a flexible data architecture.
What is the key to successfully implementing deep access controls in a data architecture?
-The key to successfully implementing deep access controls is active governance, auditability, and sustainable standards, with administrators being highly aware of roles and grants for data segments.
What is the title of the white paper mentioned in the script that discusses potential issues with access control?
-The title of the white paper mentioned is 'How to Botch Your Snowflake Deployment in Three Easy Steps.'

Outlines

00:00

🔐 The Importance of Access Control in Data Security

Jared Hillam discusses the critical role of access control in data security, emphasizing its significance beyond just preventing data breaches. Access control is crucial for defining which segments of data internal parties can see, which is particularly important as organizations grow. The necessity for access control arises not only from the sensitivity of data like salaries but also to minimize irrelevant data exposure, reducing 'noise' within the organization. Hillam points out that the placement of access control logic has significant implications for data architecture, and it has become a major challenge in recent years. Historically, access control was managed through business intelligence (BI) tools, but with the advent of cloud data platforms and centralized data storage, a more flexible approach is needed. The video suggests that access control should be integrated into the data architecture itself, ideally at the data lake level, to ensure consistent and relevant access for various tools and audiences.

05:00

📚 Access Control Challenges and Solutions

The second paragraph introduces a white paper that addresses common pitfalls in access control, specifically within Snowflake deployments. The paper, titled 'How to Botch Your Snowflake Deployment in Three Easy Steps,' is available in the video description. Additionally, the paragraph offers viewers the opportunity to connect with a specialist for personalized advice on their data security situations. The video suggests that while the ideal of flexible, accessible data architecture is clear, achieving it requires active governance, auditability, and sustainable standards. It also highlights the expertise of Intricity in implementing cloud data architectures for large organizations, indicating their experience in navigating the complexities of access control in modern data environments.

Mindmap

Keywords

💡Data Security

Data security refers to the protection of data from unauthorized access or corruption. In the video, it is highlighted as both the prevention of external threats (like hackers) and the internal management of data access. The focus here is on access control, ensuring that only the right people within an organization can access certain data.

💡Access Control

Access control is the process of defining which individuals or systems are permitted to view or use specific data. In the video, this is presented as a critical element of data security, especially in large organizations. It ensures sensitive data, like salaries, remains restricted, and irrelevant data is hidden from certain users to reduce noise.

💡Centralized Logic

Centralized logic refers to the idea of centralizing key data functions (such as queries and access control) rather than scattering them across multiple layers of a data architecture. The video explains how centralizing logic in a data warehouse allows for more controlled access to data across various tools, which becomes increasingly necessary as organizations grow.

💡Data Warehouse

A data warehouse is a centralized repository where data is stored and organized for analysis and reporting. In the video, it is discussed as the traditional place where centralized logic and access control were managed. However, modern data architectures have outgrown this model due to increased data centralization needs.

💡Data Lake

A data lake is a centralized storage system for raw, unprocessed data, often used in modern data architectures. The video mentions the shift toward implementing access control within the data lake rather than only in the business intelligence layer. This allows for more flexible and scalable access control across different tools and audiences.

💡Loose Coupling

Loose coupling refers to a design principle where system components remain independent and easily upgradeable. The video emphasizes that access control should be loosely coupled from business intelligence tools to avoid dependency on specific platforms, allowing organizations to switch tools without disrupting access control.

💡Business Intelligence (BI) Tools

BI tools are software applications that process data to generate reports, dashboards, and other analytics for decision-making. The video highlights how many organizations use multiple BI tools and explains why access control should not be embedded in these tools but instead be part of the deeper data architecture.

💡Scalability

Scalability refers to a system's ability to handle growing amounts of work or data efficiently. The video discusses how cloud data platforms have enabled scalable queries on centralized data sets, but stresses the importance of scalable access control to handle the growing number of tools and audiences interacting with the data.

💡Active Governance

Active governance refers to the continuous monitoring and management of data access policies and controls. The video suggests that active governance is necessary to ensure that access control remains effective, as organizations face evolving challenges in managing roles, grants, and data segments in complex cloud environments.

💡Auditability

Auditability is the ability to track and review who accessed data and what changes were made to it. In the video, auditability is mentioned as part of ensuring effective governance in modern data architectures, where administrators need to know who has access to data and how it's being used to maintain security and compliance.

Highlights

Data security involves not only preventing hackers from acquiring sensitive data but also managing access control within organizations.

Access control is crucial as organizations grow, to manage who can see different segments of data.

Data may be irrelevant to certain organizational parties, emphasizing the need for access control to minimize noise.

Access control's placement can lead to either enablement or chaos in large data architectures.

20 years ago, data was primarily consumed through business intelligence reporting applications.

Centralized logic in data warehousing became more prevalent as organizations sought to centralize data.

Access control initially resided in the business intelligence layer, even with data centralized in a warehouse.

Around 2015, cheap storage led to a centralization of data, changing data consumption patterns.

Cloud data platforms have enabled scalable querying of deeply centralized data sets.

Organizations need flexible data access for a growing number of tools and audiences.

Tightly coupling access control to reports and dashboards is no longer suitable for modern data platforms.

Security should be integrated into the data architecture, closer to the base data lake where centralized data resides.

Deep access controls ensure consistent and relevant data access for any tool or audience.

Loose coupling in architecture is promoted by housing security in the data architecture, allowing interchangeability of analytics tools.

The end goal is to serve every point of data to every user without concern for the querying tool's modality.

Achieving this requires active governance, auditability, and sustainable standards.

Administrators must be aware of roles and grants for data segments, which can be complex in cloud platforms.

Intricity has experience implementing cloud data architectures and offers insights in a white paper on avoiding access control pitfalls.