This is the fourth in a series of blogs which outline a vision of a Modern Data Platform, its components, and the benefits that can be realised from taking a holistic view of your data assets.
In this blog, I will expand further on the Security components of the Modern Data Platform. It is important to understand that although the components of the Modern Data Platform can be subdivided and thought of separately, they work together with the other components to deliver additional synergies for the organisation.
Common Security Model
As the name implies, the Common Security Model is a single service which is used to secure every asset within the Modern Data Platform used Role Based Access Control (RBAC). It is based on directory service technology, containing users and group security principals. These users and groups are then placed into roles and assigned permissions against an object within the Modern Data Platform.
In addition to the advantages obtained using a single directory service to administer security across all objects, the data held within the Common Security Model is also extracted into a Security Store data mart, held in the Consolidated Data Store. This data mart prepares the security information for the types of queries an organisation has for this type of information, including historic query. For example;
- Who has access to a specific object?
- What objects can a user access?
- Did a specific user have access to this object on a specific date?
The security data mart allows these questions to be answered easily, and this security data is also surfaced in the Data Catalogue, against each data asset.
Common Audit Model
The Common Audit Model has a slightly different approach to that of the Common Security Model. To audit all platform events, multiple audit technologies need to be used that are technology specific. For example, SQL auditing if different to Data Lake auditing; differing amounts of data is available, in different formats.
The Common Audit Model takes the audit log output from these different technologies and combines it into a consolidated audit log. This consolidated audit log contains events from all platform components formatted in a standard way.
The data held in the consolidated audit log is extracted into a Audit Store data mart, held in the Consolidated Data Store. This data mart prepares the audit information for the types of queries an organisation has for this type of information, including historic query. For example;
- When was this object last changed and by who?
- What changes have been made to this object?
- What objects is a user access last week?
The audit data mart allows these questions to be answered easily, and this audit data is also surfaced in the Data Catalogue, against each data asset.
Would you like to know more?
Would you like to know more, or how a Modern Data Platform can be applied within your own organisation to bring back control of your data? Contact us on the link below.