Satori Data Security Platform helps security and engineering teams streamline data access by automating access controls, security and compliance requirements across their data infrastructure.
Satori eliminates the risk of data breaches due to over privileged user access to customer data. In addition, Satori also helps you meet security and compliance requirements for customer data in days.
Improve security while increasing productivity for both admins and end-users.
Setting Up Your First Data Store Connection
The first step is to setup and connect Satori to your data store. A Satori data store is a repository for persistently managing your database and providing a unique connection hostname for your database. A Satori data store also contains other baseline information such as IP restrictions, root credentials and default security behavior.
To gain further understandings and insights watch the short video.
Video Tutorial Guide - Step 1
Try the Satori Test Drive
If you don't have your own database available or you want to experience Satori using sample data on a variety of different data store types, sign up for a test drive here SatoriTest Drive Sign Up
Selecting a Data Store
Connecting your data store to Satori is a simple and straight forward task. The first thing that you need to do is select the data store type that you want to connect to Satori. Satori supports the following data stores as well as others not shown below; this list is always growing!
Adding a Data Store to Satori
Now it's time to connect your data store to Satori. Follow the step by step guide listed below. To gain further understandings and insights watch the short video.
Video Tutorial Guide - Step 2
Perform the following steps to add your first data store to Satori:
- Go to Satori, select the Data Store view and click the ADD button.
- Now select the data store of your choice.
- Provide your new data store with a Satori display name.
- Enter the data stores hostname.
- Select the cloud provider.
- Select the region.
- Try to select a region that is located close to where your data store is deployed to reduce latency.
- For testing purposes, don't worry if your database region doesn't match the regions available in a Satori Test Drive. In production, Satori can be deployed in any cloud and any region.
- Click the CREATE button.
Testing the Connection
Now that you have added a data store to Satori, it's now time to test the connection. Now it's time to connect your data store to Satori. Follow the step by step guide listed below. To gain further understandings and insights watch the short video.
Video Tutorial Guide - Step 3
Test the Data Store Connection
Now that you have added a data store to Satori, it's now time to test the connection.
To test that you and your data client, the Satori platform, and your data store are all connected perform the following steps:
- Login to your data store using your new Satori hostname and not the original hostname.
- Use your original database username and password, or snowflake account.
- Optionally, you can learn about and then use Satori's Data Store Authentication feature which allows you to provision temporary credentials for data consumers for supported data stores.
- Run a query on the data store.
- Go to the Audit Log view in Satori, click the Refresh button and view the results in the Dashboard.
- Then, go to Satori's Data Inventory view and see how Satori displays and classifies your data.
Creating Your First Dataset
Now that you have added and tested your data store to the Satori environment, it's time to setup your first Satori Dataset.
Video Tutorial Guide - Step 4
What is a Dataset
A dataset is a representation of security for one or more datastore locations. It is not an actual set of data. It contains information about what data you want to secure, for whom you want to secure it, and in what manner you want to secure it - e.g. blocking, redaction, audit. A Satori Dataset is governed as a single unit.
For example, a set of tables in a Snowflake account which contain private customer information such as name, address and purchase history, combined with another set of tables in Postgres which contain support information for these same customers, can be represented in Satori as a Data dataset called "Customer Info".
Define and Configure the Dataset
To add a dataset to Satori perform the following steps:
- To create your first dataset, go to the Dataset view and click the ADD button.
- Name your dataset and provide a brief description.
- Select the relevant locations that you want to add to your dataset, these may include: tables, schemas or databases.
- Optionally, assign one or more data stewards to the dataset. (The data stewards job is to provide oversight and governance for the dataset).
- Click the SAVE button.
Adding your First Group to Satori
Satori provides you with a central location for creating and maintaining your user groups directory for simple data access management.
Video Tutorial Guide - Step 5
To create a new user group in Satori perform the following steps:
- Go to the User Directory view.
- Click the ADD Group button.
- Provide a name for your new group.
- Enter a description for your new user group.
- Enter the new members name.
- Select the user type from the drop menu list.
- Click the Add Member button.
Note: The above steps use Satori's built-in group management features; Satori also has robust support for integrating with existing single sign-on (SSO) systems. Learn more here.
In addition to defining user access permissions to your dataset you can also open the dataset to user access requests and self-service access at the flip of a switch.
Create a New User Access Rule
User access rules help you govern who has permission to access your dataset. Permissions to access datasets cane be defined for individual users or groups and can be limited to a predefined time range.
Video Tutorial Guide - Step 6
Satori can automatically revoke permissions if they are unused. This helps organizations avoid excess and unused permissions.
To add a new user access rule to your dataset, perform the following steps:
- Click the User Access Rules tab in the dataset view and click the ADD button.
- Grant access to an individual or a group by choosing one of the available options from the drop menu list.
- Choose the user access level permissions from the available drop menu options.
- Now define the access expiration timeframe (Expiration dates for access help you to monitor and keep track of who exactly can enter a specific dataset).
- Finally, set the Security Policy enforcement method to default policy. We will create a security policy and add it to this dataset's default policy list in a later step.
Create your First Masking Profile
A Satori masking profile enables you to create reusable masking configuration profiles, add them to a security policy and then apply them to one or more Satori Datasets.
Video Tutorial Guide - Step 7
Masking profiles allow organizations to mask query responses for their users to avoid exposing sensitive information.
To configure a new masking profile, perform the following steps:
- Go to the Masking Profile view in Satori.
- Select a masking profile template from the template gallery and click the CREATE NEW MASKING PROFILE button.
- Update the name and description of the masking profile.
- Adjust the data transformations to suite your requirements and then SAVE the profile. Notice that Satori ships with a long, useful list of sensitive data classifiers.
Configure a Security Policy and Assign it to a Dataset
The Satori Security Policy is a reusable container that can be configured to contain multiple sets of dynamic masking configurations with their corresponding masking profiles and data filtering configurations.
Video Tutorial Guide - Step 8
A Security Policy can be applied to an individual dataset or multiple datasets.
Creating a Security Policy and Assigning a Masking Profile
To create a new security policy, perform the following steps:
- Go to the Security Policies view.
- Click the plus button to create a new security policy.
- Set a name for your security policy and configure a Dynamic Masking rule.
- Define which users can view the masked data.
- Assign the masking profile you created previously to the new dynamic masking rule.
- Create a data filter to restrict the records returned based on the authorization context of the user.
- Save the security policy.
It's now time to assign your security policy to a dataset. To gain further understandings and insights watch the short video or follow the step by step guide listed below.
Video Tutorial Guide - Step 9
Adding you First Security Policy to a Dataset
- Go back to the Dataset view that you created in step 4.
- Click the Security Policy tab.
- Assign the security policy to this dataset.
- In step 4, because you set your access rule to use the default security policies, policies added here are the ones that will be utilized.
- Note: a Satori Dataset can have multiple default Security Policies in effect.
Ensure that Satori Access to your Dataset.
- Click the User Access Rules tab.
- Ensure that the Give Satori access to the Dataset toggle switch is turned on.
- MAKE SURE THAT THIS TOGGLE SWITCH IS TURN ON
Once you have completed the previous steps of adding a data store to Satori, testing the connection, creating a dataset, adding a group, creating a user or group access rule, creating a masking profile and assigning it to a securty poicy and finally assiging the security policy to the dataset it is time to test the security policyin your data.
Video Tutorial Guide - Step 10
Testing the Security Policy on your Data Store
- Using your favorite database client or BI tool, connect to your data store using the Satori hostname - just like in step 3 - and run a query.
- View the results and verify that the security policy has been correctly implemented on the data.
- E.g. a typical query might now look like the following:
And finally, back in Satori, go to the Audit Log. You should see the audit entry for any query that you run in any downstream client tool. The audit entry will show you all of the details of the query, including which policies were enforce, what fields were masked, who ran the query and so forth.
Learn More About Satori
To learn more about Satori click the Introduction to Satori NEXT button below, or scroll to the top of this page and select the relevant topic that you are interested in learning more about.
Alternatively, you can set up a demo meeting with one of our experts.