To further strengthen our commitment to providing industry-leading coverage of data technology, VentureBeat is excited to welcome Andrew Brust and Tony Baer as regular contributors. Watch for their articles in the Data Pipeline.
Data privacy guardian Privitar has partnered with data virtualization stalwart Denodo to fortify the latter’s data integration and data management capabilities with Privitar’s data provisioning. The partnership addresses the sudden influx of regulations organizations are facing pertaining to data privacy. The emergence of these regulations — which began in earnest only about five years ago with the passage of the GDPR — coincides with the AI era in which concern about consumer data has become paramount.
The most exacting aspect of these developments is not just the enlarging quantity of regulations in this space, or the stiffness of noncompliance penalties. Instead, it’s that organizations must now discern, and reveal, the purpose for which data is gathered, connected to, and accessed.
Privitar VP of Technology Partners Mike Foster put it this way: “This idea of context, the purpose for which you’re using the data, is the key driver. It’s no longer just enough for people to ask for data. As a privacy vendor, the first question for us is: what is the purpose? What are you trying to do with it?”
The answer to that question means many things: whether access will be granted, how it’s granted and, ultimately, whether or not firms may incur regulatory penalties for doing so. That’s exactly why Privitar and Denodo have partnered. The result may be the best of both worlds: distributed data management with secure data access, enabling organizations to know how data is being used and for what reason.
5 steps to privacy
Privitar’s middleware solution naturally complements Denodo’s by underpinning a variety of data strategies, architectures and enterprise use cases. There’s a five-step process by which Privitar reinforces data privacy, regulatory compliance and, by extension, data security:
- Identity: Users requesting data access must first verify their identity according to access management policies.
- Regulations: The second step is pinpointing which regulations are applicable to a specific dataset, which is “where Privitar has really gone deep,” Foster commented.
- Location: This multifaceted data access dimension includes “the location of the user, the location of the source data, and the location of the processing,” Foster remarked. Each of these areas affects how data access impacts privacy and regulatory compliance, for which there are mandates about where all three can be.
- Purpose: The reason an individual accesses data is pivotal to adhering to privacy regulations. More and more, that reason must be transparent and demonstrable because “the same user could have a different purpose [at different points] during the day for looking at the same dataset, potentially,” Foster revealed.
- Content: The content of the data influences which techniques—like obfuscation or generalization—ought to be used to safeguard sensitive data like PII, for instance.
The ramifications of automating these facets of data access (identifying who’s privy to which data for what reasons) may transcend complying with data privacy regulations. For companies looking to achieve a halo effect with their customers, such regulations can catalyze something much greater for the consumers whose sensitive data they have and must protect.
The partnership with Denodo (whose virtualization technologies modernize integration, leaving data in place yet accessible from a single locus) can make Privitar’s contextual benefits transformational. “Suddenly, the purpose becomes really important because of the legal implications,” Foster explained. “You step forward a little bit and people are now thinking about the ethical purpose. Like, is it right for our company to use this data in this way?”
The metadata from the above dimensions delivering nuanced, column-level data access with Privitar’s five-step approach also expands its contextual boons. Analyzing the context of user identity alongside relevant regulations, locations, purposes, and contents of requested datasets enables organizations to improve their processes. For example, they can identify “who did this type of action on this data that was labeled with these type of markings, and is there any corrective action I need to take,” pointed out Pablo Alvarez, Denodo’s Director of Product Marketing. “All of that is part of the context.”
The auditing involved in scrutinizing data access for privacy and regulatory concerns is hugely beneficial for improving operations based on such metadata. “The whole concept of active metadata is a huge area of evolution within the past couple years,” Alvarez said. “All of these things are coming together and it’s not just documentation; it’s not just metadata here. It’s all that blended with access control, with security, with monitoring, and it’s bringing a lot of value to the enterprise.”
A virtuous cycle
There’s a continuum of sorts for the value of context as it pertains to data privacy, regulatory compliance, and security. Companies must refine their access controls and policies to gain an automated understanding of why data is used — which fulfills compliance and data privacy mandates. Simultaneously, by auditing this information, they can denote how to improve processes. Doing so effectively activates this metadata for security and privacy enhancements that help going forward. Understanding the context of data access and the metadata generated around it is necessary to refine measures that protect the sensitive data of end users — and data in general.