Empowers data owners and stewards to easily create and manage complex policies including data obfuscation without any coding.
SAN FRANCISCO, May 28, 2020 —Okera introduced no-code, fine-grained access control (FGAC) policy creation with de-identification to its secure data access platform. The elimination of coding creates a highly flexible, easy-to-use access control management environment, allowing any data owner or steward to create custom policies based on a combination of attributes. The enterprise-scale de-identification functionality includes dynamic masking and tokenization. A new user inactivity reporting capability simplifies access review for compliance purposes and enables a “least privilege” access control strategy.
Large organizations have a variety of access control use cases and require flexible, attribute-based access control (ABAC) policies that can combine multiple attributes, including user, tool, type of data, and location, to enable self-service analytics while ensuring secure, compliant, and agile access to data. Organizations also require the ability to add de-identification and privacy functions, such as dynamic masking and tokenization, without coding. Rather than creating multiple copies of data with and without data transformation, organizations want to automate these functions and enforce these policies dynamically.
“Self-service analytics is the holy grail of enabling enterprises to take full advantage of their data for digital transformation initiatives related to the customer experience, end-to-end business processes, and improved business decision making,” said Nick Halsey, Okera CEO. “By eliminating the need for coding, we have put access control management into the hands of the data stewards and governance and privacy professionals who understand the intricacies of regulations and internal data privacy policies. This democratization of secure, compliant access to data is critical to making true self-service analytics a reality.”
Extending ABAC to support enterprise-scale de-identification and privacy functions dramatically simplifies the process of provisioning data access. The simple point-and-click user interface of the enhanced Okera policy builder lets data owners and stewards create and manage fine-grained ABAC policies involving row-level filtering and sophisticated de-identification and privacy functions without writing a single line of code. The policies can be edited and are enforced dynamically, allowing for maximum agility in ensuring security and governance.
Benefits of the New Okera Features
ABAC with de-identification
- Faster response time to the changing compliance and regulatory needs of the organization, without impeding analysts’ workflow.
- Use custom, user-defined functions to support organization-specific and industry-specific controls, such as for financial services firms and healthcare organizations.
- Simplify management by leveraging attributes from other systems, such as Active Directory or business metadata, and attribute classifications that already exist in enterprise data catalogs.
- Eliminate the need to copy data for different access control use cases, reducing cost and complexity of access control management.
No-code data access policy definition
- Offers non-technical data owners and stewards the ability to manage policies with incredible granularity and de-identification without any coding.
- Gain incredible speed and flexibility with how organizations can respond to any new information that would require them to change their policies. Since Okera enforces policies at runtime, the analysts do not need to stop working if a policy changes.
Inactivity reporting
- Gain visibility into users who may have access to certain data but have not used that access for a specified amount of time.
- Reduce risk using a least-privilege access strategy that ensures only those who actually need access to the data retain it.
- Simplify periodic data access reviews for compliance purposes.
You can read more about it in this blog by Nong Li, Okera CTO and co-founder. For more information, visit https://www.okera.com.
About Okera
Okera provides secure data access at scale so that data teams have the confidence to unlock the power of their data for innovation and growth. By ensuring that appropriate data access controls are in place and meet the evolving data privacy landscape, the Okera Active Data Access Platform can automatically discover and audit data lakes, create access policies using its visual policy engine, and enforce fine-grained access in hybrid and multi-cloud environments such as AWS and Azure. Okera is headquartered in San Francisco and backed by Bessemer Venture Partners, ClearSky Security, and Felicis Ventures. For more information, visit www.okera.com, contact info@okera.com, or connect with the team on Facebook, LinkedIn, or Twitter.