Keeping data in the hands of the people authorized to handle it and out of those that aren’t is fundamental to the operation of any business. But the balance between access and security is a delicate one. If policies skew toward stricter access, less data is available for better decision-making, but access rules that are too liberal can lead to disaster. A data virtualization layer can help you fine-tune this balance for optimal performance as you look for ways to share data securely across your organization.
The process of sharing data across different data silos and clouds is complicated enough from a data integration standpoint alone, but managing data access and security is also a monumental challenge.
Each data source will typically have unique security protocols and tools, and each domain will have specific data access policies. Who can access what and how data can be handled differs across each domain. Finance, for example, will have controls that are quite different from those of operations. These policies are relevant at that local level, but this fragmentation makes it hard to share data across domains.
Clouds that house different data sets also have various tools to protect the data they store and manage, which may not be aligned or even aware of each other. They may also enforce policies that conflict with each other. Managing configurations and procedures across all your clouds, data stores, and domains so they work together can be overly complex. As the amount of data and the demand for it continues to grow, this complexity will compound.
A data virtualization layer connected to all your domains and data stores can streamline access while ensuring security. This layer can function as a gateway through which data can be shared more securely.
A data virtualization layer is an integration layer that connects to your databases wherever they are and can merge data on the fly. This approach doesn't move data like ETL-based integration policies but creates virtualized representations of your data so it can be shared, used, and analyzed.
This virtualization layer sits on top of all your databases and functions as a single point of entry to all your valuable data. The virtual gateway can control who gets access to what data and can observe how the data is accessed. This single gateway simplifies and enables several security features.
The virtualization layer can authenticate users and provide access to all the data they are authorized to, without having to log into each cloud.
Since the virtualization gateway manages identities, it can also manage access rules. These rules can mask a single column within a table or manage policies that provide access to data consumers in a specific role.
When a virtualization gateway is positioned as the single point of access, it can harden security protocols and encryption that underlying systems may not support.
Managing a single security layer that accesses all your databases simplifies management and provides greater flexibility.
Virtualization layers can also apply access rules consistently across all your data stores. This capability reduces complexity and the risk of a data breach due to configuration errors.
Data virtualization layers can inherit security features from the source database. The on-demand nature of virtualization means that security policies can be synchronized for each query, so each layer has aligned and current policies. As data from different domains are joined, virtualization layers can intelligently apply the appropriate policy.
The concept of data virtualization is also inherently more secure. When data stays in the source system, it is not migrated to another system to be transformed, analyzed, and stored. Or potentially moved to yet another system. Each ETL hop creates a new copy of the data, elevating the risk that it could fall into the wrong hands.
A single gateway enabled by data virtualization also allows greater visibility. It is much easier to track lineage and observe quality when data remains in place. If it does move, the virtualization gateway it travels through can track it. Also, each query workload enabled by the gateway can be monitored and checked for quality.
The benefits of data virtualization technology are widespread and extend beyond security by supporting much more agile access to data. But, on its own, wrapping all your data with a uniform security layer simplifies data access and security management.