Introduction to Satori
Satori DataSecOps helps data driven organizations streamline data access by automating access controls, security and compliance across their data infrastructure.
At its core, Satori is a universal data access service that monitors, classifies and controls access to sensitive data, live.
The Satori DataSecOps platform is specifically designed for organizations that employ analysts, data scientists or BI teams accessing company data to build products and services.
Satori enables data teams to easily implement security and privacy best practices for their database, data warehouse and data lake environments, without relying on native database capabilities or data management solutions.
Optimized for Handling Sensitive Data
Satori is optimized for organizations who operate in the public cloud and collect or generate sensitive or regulated data as part of their operations, and have analysts, data scientists or BI teams accessing that data to build products and services.
How does it work?
Satori creates a transparent layer providing visibility and control capabilities that is deployed in front of existing data stores like Snowflake or AWS Redshift. When adding a new data store to Satori, a new, Satori-provided URL is generated for the data store which data consumers use instead of connecting directly.
Data consumers do not have to change how they work with data, such as installing different database drivers, changing their queries or compromising on features or functionality. Satori is not a data virtualization/database federation solution that abstracts your existing data stores.
Satori is composed of two main components: the Satori management console which administrators use to manage the solution and the Data Access Controller (DAC) which is where Satori's security engine is deployed. Satori offers two deployment options for DACs: SaaS and customer hosted. For more information see the deployment section.
Satori is comprised of two main components: the Satori management console which administrators use to manage the solution and the Data Access Controller (DAC) which is where Satori's security engine is deployed. Satori offers two deployment options for DACs: SaaS and customer hosted. For more information see the deployment section.
A data store represents a database server, data warehouse or a data lake. Here are a few examples of data stores: a Snowflake account in AWS us-east-1, an AWS RDS PostgreSQL database on AWS eu-west-1, one or more BigQuery projects, a SQL Server database cluster on Azure, an AWS Redshift cluster on us-west-2 and so on.
Non-Intrusive Data Store Registration
Data stores are managed in Satori by data engineers who are granted with the Admin or Editor roles in the Satori management console. Each data store has a unique, Satori-generated URL that is created when a data engineer registers the data store in the management console. Registering a data store has no impact on the data store itself.
To learn more about data stores, how to register them with Satori and connect to them via Satori, look for the specific data store in the Supported Data Stores section.
Datasets are a collection of data objects such as, tables or schemas that need to be governed as a single unit. An entire Snowflake account can be viewed as a single dataset, because managing access to the data in that Snowflake account is performed centrally.
For other organizations, individual tables within a Snowflake account can be viewed as a dataset, because each table has data that is best managed separately.
Easily Assign Data Stewards
Data engineers are able to delegate the day to day management of access to datasets by assigning data stewards. Data stewards are employees who were assigned with the task of implementing the organization's data access policies. For example, when John from the engineering team needs access to marketing data, Jane, who is the marketing team's data steward would need to review John's request.
Streamline Your Organizations Access to Data
Satori helps organizations streamline access to data by managing permissions, triggering data access request and self-service workflows that are easy to use and audit.
To learn more about datasets, go to the Datasets section.
Satori's security policy engine is designed to protect an organization's data by authorizing specific individuals or groups of individuals to view data. The main objective of a security policy is to protect an organization's business interests.
The Satori security policy mechanism achieves this by implementing dynamic masking and data filtering on specific tables, columns, rows and fields within a dataset. Satori's security policies can be applied to a single or multiple datasets.
Protecting Your Organizations Data
The Satori security policy provides two configurable mechanisms for protecting an organizations data:
Dynamic Masking - The dynamic masking mechanism of the security policy is used to obfuscate sensitive or confidential data such as credit card information, social security numbers, names, addresses and phone numbers from unintended exposure and to reduce the risk of data breaches.
Data Filtering - The data filter is designed to restrict the records returned from queries based on the authorization context of the user. The Satori data filtering mechanism automatically rewrites the queries based on the filter and mapping configuration that are configured in the policy.
To learn more about security policies, go to the Security Policies chapter.