Introduction to Satori
Satori provides a comprehensive framework for discovering, monitoring, and securing sensitive data across a variety of clouds and data stores.
This section explores the basic building blocks of Satori to provide a bird’s-eye view of how Satori works. These building blocks are:
- Environments - Help you organize cloud accounts and data stores.
- Cloud Accounts - Facilitate the automatic discovery of data stores.
- Data Stores - Where your data is stored.
- Datasets - Define a security perimeter around your data.
- User Access Rules - Define who can access a dataset and how.
- Security Policies - Define the restrictions applied when users access data.
- Data Portal - Provides data consumers with a secure data access cloud app that links all your datasets into a single, unified pane of glass.
Environments
Environments help organize your cloud accounts and data stores, allowing you to focus on key tasks. Each environment is assigned a risk level, influencing the risk score of the data stores discovered within it.
Cloud Accounts
Cloud accounts contain data stores where data is organized and managed. Connecting Satori to your cloud account will enable you to continuously discover new data stores as they are created, and automatically assign them to environments.
Data Stores
Data stores represent databases, data warehouses, data lakes, APIs and LLMs which are deployed on your cloud accounts. Satori discovers and classifies data in data stores, monitors data activity, controls access to data assets and protects sensitive data.
Go to the Datastores section to learn more about creating and managing data stores, click here.
Datasets
The dataset is the entry point for governing data. Datasets include the list of governed data assets and the user access rules defining who can use them and how.
Data assets are tables, schemas, databases or even entire data stores. A dataset can include data assets from multiple data stores to help you govern data more efficiently.
Go to the Datasets view section to learn more about creating and managing datasets, click here.
User Access Rules
User access rules define who can access the data assets of a dataset. A user access rule is defined for an individual user or a group of users, and specifies for how long access is granted and which security policies should be enforced.
Satori includes three out-of-the-box access rule types:
- Instant access rules grant immediate access to specific users or groups
- Access request rules define who is allowed to request access to the dataset
- Self-service rules define who is allowed to get access to the dataset without requiring approval.
Datasets and user access rules provide a robust and flexible framework for implementing any data access workflows using the Satori Data Portal, API, Terraform and other integrations.
Go to the Datasets view section to learn more about creating and managing datasets, click here.
Security Policies
Security policies are reusable objects that contain policy rules and are attached to user access rules to enforce column or row-level controls on access to data.
The Satori security policy provides two configurable mechanisms for protecting an organization's data:
Dynamic Masking - This mechanism is used to obfuscate sensitive or confidential data, such as credit card information, social security numbers, names, addresses, and phone numbers, to prevent unintended exposure and reduce the risk of data breaches.
Row-Level Security - This mechanism restricts the records returned from queries based on the user's authorization context.
Go to the Security Policies view section to learn more about creating and configuring security policies, click here.
Data Portal
The Satori Data Portal is a secure data access cloud app that links all your datasets into a single, unified pane of glass. Satori’s Data Portal gives you full control and access to your data in minutes.
Go to the Data Portal view section to learn how to enable your orgainzations data consumers with a secure data access cloud app that links all your datasets, click here.
Satori Architecture
Satori follows a control-plane, data-plane architecture. The management console is the control plane, and the data plane consists of one or more Data Access Controllers (DACs).
Customers use the management console to manage their Satori account, add or remove data stores, configure policies, and review alerts or audit logs. The Data Access Controllers (DACs) secure data in various storage solutions, including databases, data lakes, data warehouses, and APIs.
The Satori management console is a SaaS application that is hosted and managed by Satori. The DACs can be used as a service or deployed in your cloud environment. Satori supports multiple deployment options to cater to various operational and security needs.
For more information, go to the Deployment Options Overview.
Satori recommends using a DAC in every cloud region where you have data stores. Satori supports deploying a DAC in AWS, Azure, and GCP. Since the DAC is a cloud-native, Kubernetes-based service, organizations can also deploy it in their non-cloud on-premise environments.
The DACs secure data in data stores by leveraging two types of integrations. The first type of integration uses a network proxy service deployed between users and data stores. The proxy intercepts queries to data, controls access to data assets such as tables or views, enforces row and column-level controls and reports detailed query audit logs. The second type of integration uses native APIs of the data stores to control access to data, enforce policies and report audit logs.
Proxy Integration
The proxy-based integration is primarily used for databases in production environments, where continuously updating database privileges and generating audit logs may impact the performance of the database.
Native Integration
The native integration is primarily used for modern data warehouses and lakehouses in analytics environments where native features such role-based access controls, dynamic masking and row-level security are available.