Embed Size (px)
Citation preview
Okera Dynamic Access Platform
Use Data Responsibly with Universal Data AuthorizationMaximize the value of all your data to accelerate innovation, while preventing inappropriate access toconfidential, personally identifiable, and regulated data.
Complexity is the enemy of security. Simplify and scalefine-grained data access control with Okera.
Every database, analytics, and cloud vendor is developing fine-grainedaccess control (FGAC). FGAC is necessary to comply with evolving dataprivacy regulations and data security mandates. But there’s a problem:silos. Businesses struggle to resolve platform incompatibilities andmanage complexity as they move from proof-of-concept to production.
Modern universal data authorization is needed for complete andconsistent enforcement across all your data.
Use Okera Dynamic Access Platform (ODAP) to standardize and simplifypolicy management, enforce policies consistently and at scale, andcapture data usage intelligence.
The business can define, monitor, and update FGAC policies using a simple webUI. Okera dynamically enforces a single policy across multiple data sources,decreasing complexity and cost, and increasing data utility.
PLATFORM HIGHLIGHTS
FINE-GRAINED ACCESS CONTROLDynamically filter, hide, mask, andtokenize sensitive data as it’s queried.Grant fine-grained access at the column,row, and cell level with conditional logic.
ABAC: ATTRIBUTE BASED ACCESSCONTROLScale policy enforcement usingmetadata, user attributes, and real-timecontext, not physical resource names.Leverage machine learning toautomatically identify and classify data.
DATA PLATFORM AGNOSTICDefine policies based on businessrequirements. Okera enforces a singlepolicy consistently across platforms.
DISTRIBUTED STEWARDSHIPAdministrators configure the platform.Data registration and policymanagement can be delegated to thebusiness.
OKERA nSCALE™ for BIG DATA inthe PUBLIC CLOUDIsolate direct data access to nScale sopublic cloud compute frameworks onlywork with authorized data. On-clusterco-location delivers speed and elasticscalability.
API FIRSTUse Okera APIs to automate workflowsand build custom integrations.
© 2021 Okera, Inc. All Rights Reserved. Okera is a registered trademark. All other trademarks are property of their respective owners.
Architecture and Key Capabilities
OKERA DYNAMIC ACCESS PLATFORMAs users query data, requests are dynamically and immediately authorized by Okera. Policy enforcementis optimized for different data platforms and is completely transparent to the user.
Universal Policy Management:Simplify and standardizepowerful fine-grained accesscontrol policies: write once,apply anywhere.
Dynamic Policy AuthorizationEngine: Enforce data securityand privacy policies with everyquery. Simple, fast and reliable.
Data Usage Intelligence:Accelerate compliancereporting and discover andremediate inappropriate datausage. Know who has access tosensitive data, and how andwhen they used it.
Universal Client Access: Okeraprovides native client libraries, aBI gateway for JDBC/ODBCconnectivity, and a REST API forprogrammatic enforcementrequests.
Intelligent EnforcementPatterns: Okera can push policyenforcement instructions tocompute engines, or delegateenforcement to Okera nScale™for process isolation.
Active Metadata Registry:Integrate with your data catalogor ML-based discovery tool, oruse Okera to automaticallydetect and classify sensitivedata. Dynamically retrieve userattributes for row-level security.
© 2021 Okera, Inc. All Rights Reserved. Okera is a registered trademark. All other trademarks are property of their respective owners.
SUPPORTED SYSTEMSOkera can be deployed in the public cloud or on-prem. Below is a representation of supported systemsand technologies. Please contact us to learn more.
Platform Deployment Authentication Client Access Policy Enforcement Patterns
Kubernetes, including:● Amazon AWS | (EKS)● Microsoft Azure | (AKS)● Google Cloud | (GKE)● Self-managed Kubernetes
● oAuth, SAML (Okta, Ping, etc)● Microsoft Active Directory
(AD) | LDAP● JSON Web Tokens (JWT)● Kerberos
● Direct integrations● BI Gateway (JDBC/ODBC)● REST API
● Push-down query rewrite● Native plugin integrations● Data access isolation○ Colocated: nScale○ Independent cluster: OASP
Cloud Data Analytics (SaaS) Virtualization | Query Engines Traditional RDBMS1 Data Science
● Amazon Athena● Amazon Redshift● Azure Synapse● Google BigQuery● Snowflake
● Denodo● Dremio● Starburst● Trino (PrestoSQL)
● MySQL● Oracle● PostgreSQL● SQL Server
● Pandas (Python)● Amazon Sagemaker● Databricks● Dataiku● Domino● Jupyter
Hadoop Frameworks Open Source Compute Data Lake / Object Storage Supported File Formats
● Amazon EMR● Azure HDInsight*
● Google Cloud Dataproc*
● Cloudera CDH, CDP*Coming soon
● Spark & SparkSQL● Hive● PrestoDB● Impala
● Amazon S3● Azure ADLS● Google Storage GS● HDFS
● Avro, CSV, TXT● Parquet, ORC● JSON● Hudi● Delta Lake
Secrets Management Audit & SIEM Integration Encryption Support
● AWS Secrets Manager● AWS Systems Manager
Parameter Store● Azure Key Vault
● Google Cloud SecretManager
● Kubernetes Secrets
● Open and API-backed logformat: JSON
● Reporting & analytics: SQL,exposed as system tables
● SIEM integrations: any, e.g.,Splunk, Datadog, Sumo Logic
● TLS / SSL● AWS: SSE-S3 and SSE-KMS● Azure: SSE
Microsoft-managed keys● Google Cloud: default● Cloudera: HDFS Transparent
Technical Metadata Catalog Business Catalog & DataDiscovery
User Attributes APIs for Workflow Automationand Custom Integrations
● Hive Metastore● AWS Glue Data Catalog
● Alation● BigID● Collibra
● Microsoft Active Directory(AD) | LDAP
● Custom Script
● Python (PyOkera)● Java● REST
1 Includes cloud-native relational databases, e.g., Amazon RDS, Azure SQL, Google Cloud SQL
© 2021 Okera, Inc. All Rights Reserved. Okera is a registered trademark. All other trademarks are property of their respective owners.
Okera Dynamic Access Platform
Use Data Responsibly with Universal Data Authorization
Only universal data authorization gives the business a clear understanding ofhow sensitive data is actually used. Use Okera’s built-in reporting or yourpreferred SQL tool to build your own compliance reports and dashboards.
“With Okera, we save millions
per year in AWS service fees
and data engineering costs
and billions on GDPR and other
regulatory exposures.
“Most importantly, we now
have the agility to pursue new
business opportunities that
we could not have achieved
otherwise.”- F100 Apparel Manufacturer &
Mobile App Developer
CONTACT US FOR MORE INFORMATION | www.okera.com
Okera HQ600 California Street, 15th FlSan Francisco, CA 94108+1 415 741 3283
Seattle Office600 1st Ave, Suite 600CSeattle, WA 98104
/okerainc
@okerainc
© 2021 Okera, Inc. All Rights Reserved. Okera is a registered trademark. All other trademarks are property of their respective owners.
