How SecuPi Enhances Data Security for Collibra in a Government Entity
A government entity has chosen Collibra for its superior data catalog. Having Collibra deployed in a sensitive environment with restricted data sources imposed enhancing the Collibra Role Based Access Control (RBAC) into a fine-grained Attribute-Based Access Control (ABAC) while providing fine- grained auditing and segregation of Duties for administrative functions.
Enhancing Collibra security and RBAC, as well as nearby analytics applications, was achiveved by deploying SecuPi on the Collibra server with no code changes to Collibra.
The SecuPi solution governs all data access through its dynamic Attribute-based Access Control (ABAC) capabilities.
With SecuPi, it is highly tailorable to apply result-set filtering based on any condition, and to prevent access to sensitive data using dynamic masking, FPE (Format Preserving Encryption) or blocking based on context defined:
- By the set of Attributes of the User making the queryi.e. user ID, role, clearance level, location, current defense condition, etc.; and also
- By the Attributes of the Data being access, i.e. Clearance level required to see the data, data location, etc. (SecuPi follows the NIST architectural model for ABAC, i.e. SB 800-162.)
- By behavioral attributes such as location, device, self and peer-comparison of access patterns.
With SecuPi’s fine-grain data access controls, the data consumption is governed so that users get access only to data they are entitled to view, and no more.
SecuPi PEPs configured on Collibra application servers continuously review every query to ensure the query conforms to the Users entitlements as defined by
the data access governance rules. If the query does not confirm to policy for given users and attributes involved at the time, SecuPi automatically rewrites the query by adding the relevant constraint or by filtering the result-set returned from the data source including any filtering, decryption, encryption or masking of sensitive data.
SecuPi’s policy definition console enables to ‘point and click’ to develop and implement highly customizable data access rules using plain language and logical operators. These data access rules incorporate attribute variables, so as attribute values vary, the data access decisions adjust dynamically and automatically.
Highlights:
- Enhance RBAC into ABAC in Collibra and other applications with zero code changes
- Real-time monitoring to all sensitive user activity
- Enhanced data protection includes FPE Encryption, Tokenization, Dynamic and Physical Masking, Redaction and blocking of unauthorized requests
“With the fast evolution of privacy regulations, sovereignty, intercompany and external data-sharing contracts, accompanied by the risks and liability associated with sensitive data, SecuPi aids Collibra customers with de-identification at-rest and in-use, real-time activity monitoring and fine-grained access control (ABAC) for all Cloud and on-prem environments. In short, SecuPi’s integration with Collibra provides central data visibility, security, and protection platform ensuring Collibra customers avoid compliance incidents and prevent data breaches”.
Bas van Reeuwijk, Global Director, Technology Partnerships, Collibra
