3 ways to improve data security - centralize, govern, monitor
Dec 12, 2018
Data security is vital for every company. Additionally, data privacy has become increasingly mission critical due to GDPR and other global privacy regulations. We see evidence of this everywhere -- from headlines in the press to changes in budgets and priorities. And according to CIO.com: “Data analytics and security will dominate CIO spending in 2018 and 2019.”
As the demand for data privacy and security has increased, so too has the demand for access to the data necessary for continued business innovation. It is the responsibility of organizations today to bridge the gap between data supply and demand in a way that keeps data secure and compliant with privacy laws.
The architecture of the Looker data platform simplifies database security by leveraging world-class database technologies, providing comprehensive data governance, and a robust audit trail.
The benefit of a centralized eatabase
Cloud databases such as Google BigQuery, Snowflake, and Amazon Redshift have made it easier and more economical to centralize an organization’s data. When data lives in many locations, it reduces an organization’s control over that data. This is why having a centralized database helps to increase security and meet modern compliance standards.
From here, Looker’s architecture enables our data platform to query the centralized database directly, without moving or extracting data to workbooks, cubes, .csv files, third-party analytical databases, or desktops. This reduces the risk associated with unauthorized data access and exposure. An additional benefit of this ‘in-database’ design is that real-time data generates the freshest reports and insights.
Database permissions: authentication, access controls, and data governance
Your company has likely made investments in modern user authentication tools. Looker supports two-factor authentication, integrates with LDAP, SSO, and can inherit the database permissions you’ve already established.
Built into Looker’s platform are fine-grained access controls that provide layered levels of data governance:
- Model level - limits which models people have access to, which also controls database connections.
- Group level - limits what content people have access to in Looker.
- Role level - sets exact feature functionality and data an individual has access to in Looker.
Historically, business users worked with or viewed reports with extracted data outside of the secure database environment. This data does not have native access controls, and creates data security and privacy concerns. Looker runs queries against the database itself and the results are displayed in a web browser. When sharing a report with another employee, the second user will only see the information they have permissions to access. If the report is shared with a person outside the organization, your security authorization protocols would only grant access to the Looker platform if it is set up as publically available data. This is an example of layers of data governance providing access, but protecting your data and customer privacy.
A layered approach to data governance is of particular value to industries which have specialized requirements about privacy: Healthcare and HIPAA, financial institutions and GLBA, credit cardholder data and PCI. More broadly, this includes any company who collects, processes, transfers or stores EU resident data requires GDPR compliance.
Database events: auditing, monitoring, and logging
In the event of needing to investigate who has accessed what data, Looker provides a robust audit trail. Administrators can provide transparency to internal and external stakeholders and reveal who has accessed what data and when. The ‘in-database’ architecture means every query and viewed report creates a database event, which Looker logs. Looker has monitoring tools built into the platform. This unique ‘in-database’ architecture can also enable real-time alerting if a predefined event of interest takes place.
Additional considerations: Stricter Service Level and GDPR Data Protection Agreements between organizations are promising as fast as 24-hour alerts about data compromises. This is because GDPR requires that data breaches are reported within 72 hours to a regulator.
If your organization’s data is floating around on multiple third-party analytics servers, downloaded to thousands of workbooks or .csv files on desktops, can your organization meet its SLA and legal obligations? With Looker, your data remains centralized, and you can instantly search a log of all those who have historically accessed that data to more quickly understand the scope and focus on areas of interest.
Move forward, securely
Demands for access to the growing volumes of data to drive business success aren’t slowing down, neither are new data privacy regulations.
Looker’s integrations with modern authentication tools, along with layers of data governance, scale at the rate of data user growth. A robust audit trail is an insurance policy if data access questions arise. On top of that, Looker is SOC 2 Type 2 certified, demonstrating our commitment to security.
With Looker, it is in fact possible to bridge the gap between data supply and demand in a way that keeps that data secure and privacy compliant.