The proliferation of data is causing a security and governance challenge across the hybrid cloud. Estimates project the global datasphere will grow from 33 zettabytes in 2018 to 175 by 2025. As new, data-intensive systems are spun up to keep pace with business needs, maintaining security and data governance is becoming a top concern. The complexity is such that a report on cloud security asserts that through 2022, 95% of security failures will be the customer’s fault.
Fortunately, intelligent data virtualization, a suite of technologies used to provide cloud data transformation of siloed data, is also an ideal solution for orchestrating security policies across the hybrid cloud.
Central and unified orchestration of policies
Virtualization is known for its ability to bring data together from the various silos of the enterprise data warehouse (EDW) so that analysts can work with more comprehensive sets of data. The process of joining disparate sets of data is aided by the application of a standard business logic across the EDW that automatically and transparently adjusts for similar data in different formats. Data with the same purpose but different units or scales are dynamically transformed to enable data analysts to focus on business questions and not formatting issues.
Intelligent data virtualization acts as an intermediary, where disparate data sets are pulled in from different databases, transformed according to the standardized business logic defined by the company, and then joined and presented to analysts. This function and virtualization’s central positioning in data transactions also applies to security.
When assembling data from disparate sources, how does the virtualization system know which data the user has permissions to view? Should a sales manager be able to see sales data from other regions? Should a data analyst be able to see credit card numbers? And when combining data from different databases, those databases may have intricate security policies that are particular to their data and the business unit that created them. The enterprise must acknowledge and respect the security of all data and data sources.
There are four components to virtualized security access rights: Preserve, Merge, Overlay and Track.
1. Preserving the security policies of the original database: As each new database is spun up in an organization, that database will have specific security policies appropriate for its purpose and the community it serves. The virtualization system must be aware of these policies in order to respect and preserve them in query results to prevent data from being presented to unauthorized users. Some solutions attempt to create a centralized security registry, but this exposes the enterprise to security failures due to synchronization lag between the source databases and central registry. A better solution is for the virtualization system to poll the security policies of each database as queries are being made to get the most up-to-date policies to apply to the data.
2. Merging the security policies of disparate data sources seamlessly: As data is joined from various sources, the data will reflect the security policies of multiple databases. Intelligent data virtualization automatically applies the correct policies and presents the data without intervention from the user.
3. Overlaying global security policies: In addition to the security policies of constituent databases, the enterprise has global security policies as well. These policies are defined in the virtualization system so they are applied to all query results and aggregates.
4. Tracking user identities: User access policies are only as good as the user information against which they are compared. Shared connection pools for database queries can obfuscate identity and render access controls ineffective. Intelligent data virtualization manages user access to all the data, even through shared resources such as connection pools. When a query is made, the user identity is checked against global security policies and the security policies of each database in the query to ensure only data that the user is entitled to see is presented.
Security through infrastructure
In addition to the way intelligent data virtualization manages access to data, virtualization aids security by virtue of its infrastructure. When queries and aggregates are managed in the virtual space provided by the virtualization system, extracts are minimized. Data can remain within the security envelope of the enterprise data warehouse where it can be encrypted at rest and in flight.
Intelligent data virtualization as a secure space
The central position that intelligent data virtualization takes in order to bring together all of the enterprise’s data makes it the best solution for orchestrating and managing security policies for the enterprise’s data. Intelligent data virtualization creates an interface through which all data interactions with the enterprise data warehouse can be managed and protected by merging the local security policies of source data with the global security policies of the enterprise.