Watch full webinar here: https://bit.ly/3Sr04r9
Security of data in an organization is becoming more and more important. With a plethora of tools for storing and accessing many different data sets, securing an organization's data assets can quickly become a daunting task. Not only will this be hard on database administrators and data engineers, but it could also lead to mistakes and in the worst case data breaches. An efficient way to simplify the security of the data is to make decisions based on semantic information related to the data sets, instead of each data set itself; having additional information about use or sensitivity of the data can quickly identify for which users the data should (and should not) be accessible. Leveraging semantics for this purpose instead of the normal element by element restrictions removes the requirement for permissions and access control to be linked directly to each data set, and allows for these access policies to be applied based on real world attributes and applications of the data.
Join us in this session with Carson Blinn, a Senior Data Engineer at Denodo, who will discuss the importance of security policies based on semantic qualities of the data, and how this can be implemented using the Denodo Platform. By the end of the session, you will have an understanding of how tags and global security policies fit into the architecture of the Denodo Platform, and how they can be used to classify and secure data assets.
Watch On-Demand and Learn:
- The importance of data semantics and how the Denodo Platform is well-positioned to leverage semantic attributes of data.
- An introduction to tags in the Virtual DataPort server.
- The functionality of global policies, and how they can be configured to provide organization-wide access control.
- A demonstration of common scenarios where global policies could be used, and how they can simplify and strengthen the security model of the organization.
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Surpassing Element by Element Access Control: Semantic-Based Security Policies
1. Denodo TechTalks
Product Deep-Dive Series
A product deep-dive, webinar series covering
the critical capabilities of Denodo’s modern
data virtualization
2. Carson Blinn
Senior Data Engineer | Denodo
Surpassing element by
element access control:
semantic based security
policies
3. AGENDA
1. The importance of data semantics.
2. An introduction to tags in the Virtual DataPort server.
● Demonstration of tagging functionality.
3. The functionality of global policies.
● Construction of a Global Policy.
4. An example of how Global Policies can be applied in
the real world.
● Complex applications of Global Policies.
5. Q&A.
5. 5
▪ Semantics in general is the specific meaning of a word
or phrase.
▪ In the context of data, semantics allow users to
understand the content, relationships, or other
important information about the data that they are
retrieving.
What are semantics?
Why are semantics important?
6. 6
Gartner Top 10 Strategic Technology Trends for 2020, Gartner, 2019
Data Democratization and sharing is an important topic highlighted by analysts…
Why are semantics important?
7. 7
…as well as business and technology leaders:
Why are semantics important?
The case for building a data-sharing culture in your company, MIT
Management, Sloan School, 2021
What Is Data Democratization? A Super Simple Explanation And
The Key Pros And Cons, Forbes, 2017
8. 8
▪ Data Democratization is the act of making data more
available for different kinds of users, which allows
many more people to make data driven decisions.
▪ Large amounts of data sets make understanding the
data more confusing, so providing accurate semantic
information helps users to more quickly understand
and leverage it.
Data Democratization and sharing is an important topic in the data industry:
Why are semantics important?
9. 9
▪ Semantics allow users to connect data to business
entities.
▪ Data can be labeled according to use, accuracy, as
well as being endorsed or supplemented with
additional information.
▪ It allows for communication about the use of the data
between users.
How do data semantics address the issues?
Why are semantics important?
10. 10
▪ The Denodo Platform provides both metadata, and
the ability to retrieve the data.
▪ This positioning allows for both a complete
description of the use of the data, as well as for
actions to be taken based on the provided
descriptions.
▪ This also allows for citizen data consumers to more
quickly gain an understanding of the content of the
data that they are retrieving, and then immediately
query the data.
Why is the Denodo Platform the best place for semantics?
Why are semantics important?
12. 12
▪ Virtual DataPort tags are tags for views and columns
in the Virtual DataPort server.
▪ They include a name, and a description.
▪ Views and columns can be found based on the
assigned tag.
Virtual DataPort tags are not the same as Data Catalog
tags!
What is their function?
What are Virtual DataPort tags?
13. 13
Tags in the Virtual DataPort server can serve many
purposes:
▪ To classify content based on project or grouping.
▪ To indicate data quality.
▪ To relate views and columns to business entities.
▪ To implement or identify security policies.
▪ To label the version of the data.
And many more.
What can they be used for?
What are Virtual DataPort tags?
16. 16
▪ Global Security Policies allow for security restrictions to be defined that that apply to specific
users and views verifying certain conditions.
▪ This simplifies the management of security policies over Virtual DataPort views, since the
same policies can be applied to multiple views at once.
▪ Security policies are applied based on tags assigned to views and columns.
What does a global policy do in Denodo?
What is a global policy?
17. 17
Global policies in the Virtual DataPort server
can be defined based on the following
characteristics:
▪ Audience (to whom should the global
policy be applied?)
▪ Elements (on which views and columns
should the policy apply?)
▪ Restrictions (in which cases should
restrictions be applied to users?)
What options are available for configuring global policies?
What is a global policy?
20. 20
▪ Global policies greatly simplify the application of row
and column level restrictions.
▪ These policies can depend on the session attributes
of the user, different combinations of tags, and apply
intricate actions based on this information.
▪ Actions can be performed based on semantic
information of the views.
What are the benefits of using global policies?
How can this be used?
21. 21
Let us say that we have sales and human resources data imported into the Denodo Platform. For
our example, we will have the following:
▪ Sales, HR, and analyst users.
▪ Each user is assigned to a role corresponding to their project (sales_role, hr_role, and
analyst_role).
▪ They all have EXECUTE permissions over the admin database, for simplicity.
Overview of the simulated scenario
How can this be used?
22. 22
▪ We will see more complex examples of global policies.
▪ First, we will prevent HR users from executing
queries on Sales views, specifically with data from
external sources.
▪ We will create a global policy that prevents analyst
users from returning the entire data set from a
specific client.
What can we achieve with this functionality?
How can this be used?
24. 24
▪Gartner Top 10 Strategic Technology Trends for 2020, Gartner, 2019:
https://www.gartner.com/smarterwithgartner/gartner-top-10-strategic-technology-trends-for-2020
▪The case for building a data-sharing culture in your company, MIT Management, Sloan School, 2021:
https://mitsloan.mit.edu/ideas-made-to-matter/case-building-a-data-sharing-culture-your-company
▪What Is Data Democratization? A Super Simple Explanation And The Key Pros And Cons, Forbes, 2017:
https://www.forbes.com/sites/bernardmarr/2017/07/24/what-is-data-democratization-a-super-simple-explanation-and-the-key-pros-a
nd-cons
▪How to use Denodo Tags
A Denodo Knowledge Base article describing how tags can be implemented and used in the Denodo Platform.
▪Global Security Policies
For more information about the implementation and usage of Global Policies in Denodo.
Reference links
26. 26
Conclusions
Data Democratization
Semantic information,
seamless data access,
and efficient access
control strongly support
Data Democratization in
an organization,
allowing for a broader
range of users to
benefit from invaluable
data insights.
Semantics
Semantic information
makes data more
accessible and usable,
allowing a broader
range of users to make
effective decisions from
data.
Semantic Security
Security Policies based
on semantic
information greatly
simplify the
management of access
to data, allowing for
more security scenarios
to be addressed in a
proactive fashion.