Watch full webinar here: https://bit.ly/38UlhbN In an increasingly distributed and complex data landscape, it is becoming increasingly difficult to govern and secure data effectively throughout the enterprise. Whether it be securing data across different repositories or monitoring access across different business units, the proliferation of data technologies and repositories across both on-premises and in the cloud is making the task unattainable. The challenge is only made greater by the ongoing pressure to offer self-service data access to business users. Data Virtualization allows the creation of a logical data fabric layer that not only increases the agility of data provisioning but offers a simple, fast and cost-effective way to secure and governance all your data. Tune in and learn: - How to use a logical data fabric to build an enterprise-wide data access role model - Centralize security when data is spread across multiple systems residing both on-premises and in the cloud - Control and audit data access across different regions

1. Simplifying Data
Governance and Security
with a Logical Data Fabric
D E N O D O L U N C H & L E A R N

2. SPEAKERS
Elaine Chan
Regional Vice President,
ASEAN & Korea
Chris Day
Director, APAC Sales
Engineering

3. Agenda
DENODO LUNCH AND LEARN ASEAN
1. Simplifying Data Governance and Security
with a Logical Data Fabric
2. Product Demonstration
3. Q&A
4. Next Steps
5. Closing

4. DENODO LUNCH AND LEARN ASEAN
Simplifying Data
Governance and Security
with a Logical Data Fabric
Elaine Chan
Regional Vice President,
ASEAN & Korea

5. Virtual Data Fabric

6. 6
How to Get More from Your Data in 2020, Jan 2020
A data fabric architecture is designed to stitch
together historical and current data across multiple
data silos to produce a uniform and unified business
view of the data.”

7. 7
Virtual Data Fabric
Consumers
Data
Science
Machine
Learning
Artificial
Intelligence
Mobile
Applications
Predictive
Analytics
Business
Intelligence
Relational NoSQL Unstructured Docs Cloud Sensors IoT
Sources
Unified Data Security
Abstraction Layer
Universal Access
Self-Service
Data Catalog

8. Unified Security
Management through
Data Virtualization

9. 9
Unified Security Management
§ Data Virtualization offers an abstraction layer that
decouples sources from consumer applications
§ Single Point for accessing all the information
avoiding point-to-point connections to sources
§ As a single point of access, this is an ideal place
to enforce security and can be defined in terms
of the canonical model with a fine granularity

10. 10
Virtual Data Fabric
Consumers
Data
Science
Machine
Learning
Artificial
Intelligence
Mobile
Applications
Predictive
Analytics
Business
Intelligence
Relational NoSQL Unstructured Docs Cloud Sensors IoT
Sources
Unified Data Data Masking
Abstraction Layer
Role based Authentication
LDAP
Active Directory
Encrypted data
In Cache
Data Specific Permissions

11. 11
Secure Data in Motion
§ Consumer to Denodo Platform (northbound):
Communications between consumer applications
and the Data Virtualization layer can be secured,
typically using of SSL (TLS 1.2)
§ Denodo Platform to Sources (southbound):
Specific security protocol depends on the source e.g.
SSL (TLS 1.2), HTTPS, sFTP, …

12. 12
Secure Data at Rest
§ Two locations with ‘data at rest’
§ Cache database
§ Memory swap files
§ Cache database
§ Use native database encryption mechanism to secure data
§ Memory swap files
§ Use native OS encryption to encrypt files in swap directory

13. 13
Pass-Through Credentials
§ Allows use of existing access permissions and rules in underlying
data sources.
§ Access permissions and rules in data source filter results from
query.
§ Data Virtualization layer permissions and rules imposed on
results from data source.
§ Results filtered by both sets of access controls are returned to
user.

14. 14
Role-Base Data Privacy
§ Control what data is visible based on user role
§ Roles can be imported from AD and LDAP
§ Roles can be organized in hierarchies
§ More complex logic also possible

15. 15
Row-level Restrictions
§ You can add restrictions to allow users to obtain only the rows that match a
certain condition.
Administrator can see all records User only see the data related to his location

16. 16
Dynamic Data Masking
§ The Dynamic Data Masking (DDM) technique intercepts queries sent to the
database and/or the database responses and applies some more or less
sophisticated logic to protect sensitive information when it’s displayed for end-
users in the application or BI tool.
§ For example, a credit card number might look like 1234 **** **** 5678 instead of
the real value or an email address might be shown as jd****@denodo.com.

17. 17
Virtual Data Fabric
Relational NoSQL Unstructured Docs Cloud Sensors IoT
Dynamic Data Masking Rules
Authorized users can
see the real data
Other users can only see
scrambled data

18. 18
Auditing
§ Audit trail of all the queries and actions executed in the DV platform.
§ With this information it is possible to check at any time who has accessed which resources, what
changes have been made or what queries have been executed.

19. Case Study

20. Problem Solution Results
CASE STUDY
20
Consumer electronics insurance company
achieves cloud modernization while
securing customer data
Asurion needed a next-generation data
architecture that could enable the company to spin
up additional infrastructure, services, and products
in weeks instead of months.
Asurion also faced strict restrictions on migrating
data, and had to remain compliant with stringent
governmental regulations hence needed to
centralize companywide security management
around a single point of control.
Asurion leveraged on Denodo Platform to establish
a hybrid data layer that abstracted data consumers
from the complexities of access across on-
premises and cloud sources while also providing
better data integration for improved analytics.
With Asurion’s stringent security requirements,
they needed to keep the two types of sources
physically separate, but logically connected,
indefinitely.
Asurion deployed a Denodo instance in both
infrastructures, with a bridge between the two,
which formed a hybrid data layer that establishes a
single access point to the on-premises sources, in
keeping with the company’s security requirements.
With a hybrid data layer in place, Asurion is able to
better discover and correlate data from disparate
sources, and also engage in predictive analytics
with data scattered across text, voice, streaming
data, third-party data, and various other structured,
unstructured, and telemetry based sources
Most importantly, Asurion is able to gain this
intelligence while satisfying customer and
regulatory demands for highly strict security.
Asurion is a consumer electronics insurance and warranty provider that serves more than 300 million consumers
globally across 18 countries. With it’s global 19,000 employees Asurion generates around $6B in annual revenue.

21. 21
CASE STUDY
Reference Architecture

22. DENODO LUNCH AND LEARN ASEAN
Key Takeaways

23. KEY
TAKEAWAYS
Single Entry Point
for Enforcing
Security and
Governance
Policies
Data on-premises
and off, combined
through the same
governed virtual
data fabric layer
Single Source of
Truth /
Canonical Views
Who is Doing /
Accessing What,
When and How
Fewer copies of
personal data.
Lineage of copies
is available.

24. 24
Demo
Presented by Chris Day, Director, APAC Sales Engineering

25. Next Steps

26. 26
Get Started Today
Try Denodo for a Test Drive with a 30-
day free trial in the cloud marketplaces
CHOICE
Under your cloud account
SUPPORT
Community forum AND remote sales
engineer
OPPORTUNITY
30 minutes free consultation with
Denodo Cloud specialist
denodo.link/drive22

27. Thanks!
www.denodo.com info@denodo.com
© Copyright Denodo Technologies. All rights reserved
Unless otherwise specified, no part of this PDF file may be reproduced or utilized in any for or by any means, electronic or mechanical, including photocopying and
microfilm, without prior the written authorization from Denodo Technologies.