Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more
Amazon Web Services (AWS) today announced new features for providing secure access to sensitive data in the AWS Lake Formation data lake service, with the introduction of row- and cell-level security capabilities.
AWS Lake Formation enables collection and cataloging of data from databases and object storage, but it’s up to users to determine the best way to secure access to different slices of data.
To make that easier, row- and cell-level security capabilities for Lake Formation are now generally available, AWS CEO Adam Selipsky said today during a keynote at the AWS re:Invent 2021 conference.
To get customized access to slices of data, users have previously had to create and manage multiple copies of the data, keep all the copies in sync, and manage “complex” data pipelines, Selipsky said.
Users of AWS Lake Formation had been asking for a more direct way to govern access to data lakes, while eliminating the “heavy lifting” associated with providing secure access, he said.
With the new updates announced today, “now you can enforce access controls for individual rows and cells,” Selipsky said. “Lake Formation automatically filters data and reveals only the data permitted by your policy to authorized users.”
For securing sales data, for instance, rather than creating multiple tables for each sales teams and country, “you just define a set of policies that provide access to specific rows for specific users—without having to duplicate data or build data pipelines,” he said. “It puts the right data in the hands of the right people—and only the right people.”
In a blog post, Danilo Poccia, a chief evangelist at AWS, said that access can be controlled to certain rows and columns both in query results and within AWS Glue ETL jobs.
“In this way, you don’t have to create (and keep updated) subsets of your data for different roles and legislations,” Poccia said.
This works both for governed and traditional tables in S3, he said in the post.
Cloud security challenges
The security updates from AWS come as enterprises continue their accelerated shift to the cloud, even as security processes have struggled to keep up. A recent survey of cloud engineering professionals found that 36% of organizations suffered a serious cloud security data leak or a breach in the past 12 months.
On Monday, AWS announced several new features for improving and automating the management of vulnerabilities on its platform, in response to evolving cloud security requirements.
Newly added capabilities for the Amazon Inspector service will meet the “critical need to detect and remediate at speed” in order to secure cloud workloads, according to AWS. The capabilities include assessment scans that are continual and automated — taking the place of manual scans that occur only periodically — along with automated resource discovery.
AWS re:Invent 2021 takes place through Friday, both in-person in Las Vegas and online.