Skip to main content

Privacera Platform master publication

Table of Contents

Overview of Privacera on AWS

:

Get started

This document covers the features of Privacera Platform on AWS.

Note

The AWS IAM best practices resource is helpful for configuring your AWS Identity and Access Management to support the use of Privacera.

Privacera Components

Privacera provides the following features:

  • Fine-grained Access Management: Privacera leverages Apache Ranger to provide column and row-level access control.

  • Automated Discovery and Classification: Privacera automatically scans structured and unstructured data to identify and tag it.

  • Encryption and Masking: Privacera uses format-preserving and other encryption techniques to anonymize data at rest.

  • Monitoring of User Access: Privacera analyzes user access history to determine if sensitive data is uploaded, moved, or accessed inappropriately.

Privacera Portal

Privacera Portal is the primary user interface for the Launch Pad and the Privacera Access Management.

Launch Pad

To view the Launch Pad page, on the Privacera home page, click Launch Pad. The Launch Pad page displays with the following features:

image2.1.jpg
  • AWS Console: Login directly to your AWS Console through this menu option.

  • AWS CLI: You can access AWS CLI through a generated Privacera token.

  • Privacera Token: You can manage Privacera Tokens for access management.

  • Databricks: Databricks is required for accessing your assets such as UI, API, and Command-line interface (CLI).

Access Management

Privacera leverages Privacera Access Management for policy management. Access Management provides a robust policy management layer leveraging several architectural techniques to control access to data. Key benefits include providing:

  • Single pane of glass for all access policies.

  • Performance and scalability

  • Column- and record-level security for a variety of different Data Sources.

Application

Current State

Privacera Solution

Policy Enforcement Point

PrestoDB

PrestoDB Authorization

Ranger - Column Level

Plug-In

EMR - Hive

SQL StdAuthorization

Ranger - Column Level,

Dynamic Column Masking,

Dynamic Column Encryption/Decryption,

Dynamic Row Level Filtering

Plug-In

EMR - Spark

IAM Policies (Bucket level)

Ranger - File/Object Level

Data Access Server

Databricks

Databricks Access Control and S3 IAM policies

Ranger - Column Level,

File Level,

Dynamic Column Masking,

Dynamic Column Encryption/Decryption,

Dynamic Row Level Filtering

Plug-In

AWS S3

IAM Policies (Bucket level)

Ranger - File Level

Data Access Server

Redshift

Database Grant/Revoke

Ranger - Table Level, Column Level

PolicySync

Athena

IAM Policies

Ranger - Column Level

JDBC Proxy

DynamoDB

IAM Policies

Ranger - Column Level

Data Access Server / Role Mapping

Kinesis / Firehose

IAM Policies

Ranger - Stream Level

Data Access Server / Role Mapping

Lambda

IAM Policies

Ranger - Function Level

Data Access Server

Architecture Overview
image1.jpg