This is the third in a series of posts about the topic of data federation. Click here for the full series.
In the previous post, we examined how data federation offers a faster, more agile way to bring together data from disparate sources. Another interesting use case for data federation is security and compliance.
Today’s organizations must balance regulations and data privacy issues with the need for business decision makers to access, analyze and explore data. How do you enforce complex and layered compliance efforts in an environment where the underlying data – and the users who need access to the data – have different levels of sensitivity that are always changing?
Consider the scenario of my previous post. The organization used data federation to get a new, accurate view of customers following an acquisition. With that unified view, the company gained critical insight into the newly expanded customer base that could help business staff make quick decisions on marketing to all existing customers.
However, there are likely many details from the customer records the marketing department should not be able to view (like marital status, personal bank details, and other sensitive information). Similarly, the finance department might want access to all the billing details of the customers, but they are not authorized to view other details about the customers. Neither of these departments could have access to highly sensitive information like Social Security Numbers or PINs.
Now, just imagine the scenario as you add different types of users – and the different degrees of personal information. As the number of underlying data sources and users increases, this environment can quickly get unmanageable.
Data federation can help manage this scenario by providing a robust security model, mirroring the security controls already in place. Through proper application of these security models, data federation can enforce access rights on a number of levels. Information can be masked or made available based on a user’s profile, the source of the underlying information or even at the row and column level. More importantly, when security is applied at the virtual data layer, there is now a single point of administration where access can be tracked and audited.
Data federation in this instance allows IT to enforce business requirements for security. In this way, it helps gain quick wins by integrating data together to solve a business need. But it can also ensure that this is done in a compliant and secure manner that can scale across the enterprise.
In the next post, we shall explore how data federation fits in with the rest of an organization’s data management investments.