How do you capitalize on big data through digital transformation? This is the question companies have been asking themselves since big data became a big thing a decade ago. The query is generally around monetization: How can we use data analytics to gain better insights on our customers/prospects? How can we improve customer/prospect targeting through data analysis? How do we increase revenue/market share/customer success based on what the data is telling us? But the privacy and security of said data has also become part of the equation, first because of regulatory mandates, now, because regulatory mandates aren’t enough to stop breaches.

Data access governance is a central topic of every security conversation, whether explicitly stated or not. Arguably, if a business can govern data access on an “as needed,” verified authentication, point-in-time, least privilege basis, we’d see many fewer breaches than we do. If unauthorized parties simply couldn’t access or see data, incidents wouldn’t happen. If IT and security teams had perfect, real-time visibility into what’s happening with their company’s data, they could stop or mitigate compromises.

But data access and governance aren’t that easy, as every security pro knows. Especially as the data sets, data stores, and data lakes which they’re charged to protect grow larger and larger and more distributed by the day.

An intersection of data access

Okera Inc., a data governance and access platform company based out of San Francisco, was founded four years ago to address the growing regulatory and security pressures imposed on enterprises. They realized early on that big data sat at the intersection of data governance, security, analytics, and data science—departments with different and sometimes competing needs. However, the constant between these groups, and really for any data user, was (and remains) the need to secure and govern data wherever it is stored, while allowing for business growth and efficiency.

Okera’s platform today ensures authorized data access, allowing users to accomplish their business goals while remaining compliant with security and privacy laws. The Secure Data Access platform discovers and identifies structured metadata in the enterprise—where critical assets are, where PII is stored, who is accessing what, where and when. The company uses built-in intelligence crawlers for discovery, identifies the assets with auto-tagging which relies on machine learning, then monitors, audits, and reports on data usage.

Next, the Okera platform creates and manages data access policies. They use attribute-based access control (ABAC) and role-based access control (RBAC) for policy creation and visual authoring to ensure non-tech users can build their own data stories. During this process, obfuscation is applied so that data can remain private while its being used, by whomever it’s being used, and for whatever purposes. The platform allows for distributed stewardship among user groups so that data owners can manage access, making it easier for companies to use, and alleviates any central chokepoints that could slow down data use and thus business processes.

Distributed stewardship, centralized auditing

The access controls can be fine-tuned down to the column or cell level, and Okera provides data masking, anonymization, and consent management to cover any required regulations. Managing controls at this level applies consistent policy enforcement across any analytics engine the customer may be using.

Nick Halsey, Okera’s CEO, explained that the platform allows their customers to have distributed stewardship of their data but a central point of auditing, which makes governance significantly easier. Another benefit is that Okera runs across heterogeneous environments—AWS, Hadoop, RedShift, Snowflake, and others—which is something not a lot of data governance tools can do.

Halsey said that the company positions itself to buyers with multi-cloud, multi-SaaS, complicated data environments. The platform protects organizations from data leakage and unauthorized access even where and when data usage and manipulation is heavy. For companies that use data to innovate, access is critical. However, access cannot preclude security. And security cannot stifle innovation. Okera’s design, which is modular and includes a data access service, an automated schema registry, a policy engine, and an audit engine, allows businesses to protect data and remain agile.