OkeraEnsemble Extends ABAC to Files with Unstructured Data


Okera Works to Solve the File Data Access Management Challenge With OkeraEnsemble – Delivers ABAC and Infinite Elastic Scale Leveraging Okera nScale for Amazon EMR

First of its kind capabilities democratises speedy and secure data access to structured and unstructured file data 

Master Data Management partnerOkera, a leader in Universal Data Authorisation, has announced the immediate availability of OkeraEnsemble, a comprehensive file control solution that extends data access management for tabular data files. With OkeraEnsemble, analysts/engineers and business/low-code data users have swift access to tabular and file-based data at massive scale using a single coherent collaborative platform. OkeraEnsemble protects sensitive data and ensures privacy by managing data access without having to use different tools to control data access for both files and tables.

As part of Okera’s mission to democratise data for all users, so they can safely and securely access data across cloud, hybrid and on-premise sources, the company also announced the first module within the OkeraEnsemble offerings; OK4EMR. 

“Strategic companies like Okera are providing a tremendous value-add for our customers who rely on Amazon EMR for petabyte-scale data processing, interactive analytics, and machine learning using open-source frameworks such as Apache Spark, Apache Hive, and Presto,” said Mehul Shah, general manager, Amazon EMR at AWS. “Thanks to solutions like OkeraEnsemble on Amazon EMR, our customers can accelerate time to value with Amazon EMR and Amazon SageMaker by leveraging both structured and unstructured Amazon S3 data files quickly and easily while ensuring security and governance at scale that work well with existing AWS services.”

“With OkeraEnsemble, FINRA can look to enable self-service data analytics by providing highly secure access to a wide variety of structured and unstructured data through latest generation analytical platforms,” said Pragnya Gandhi Senior Principal Architect at FINRA. “And, we can envision protecting the data from our enterprise data lake and gain the benefits of centralised entitlement policies and audit trails across hundreds of petabytes of data without having to write complex IAM policies.”

“Unstructured data sets are becoming the corporate data standard, with more and more large enterprises looking for low-cost storage options, like Amazon S3,” said Gary Allemann, MD at Master Data Management. “This innovative new capability from Okera allows data analysts and data scientists to run machine learning engines against the entire data lake without compromising sensitive data.”

OkeraEnsemble enables users to define attribute-based access control within the Okera Dynamic Access Platform through a single unified source and access unstructured data such as documents, images, video, and audio files stored as files on Amazon Simple Storage Service (Amazon S3) from Amazon Web Services (AWS). Unlike traditional offerings, OkeraEnsemble on Okera nScale with Amazon EMR – currently in beta with select customers – delivers the full spectrum of data access management to ensure that data is fully protected, allowing users to leverage the rich types of data needed for analytic and data science use cases while reducing the work typically required to transform the data to a structured format. 

“Most data access governance products do a fine job of controlling access to structured data, but they ignore the fact that cloud computing’s biggest benefit, separation of store and compute, is to allow authorised users to reach the underlying files directly,” said Nong Li, Founder and CEO of Okera. “OkeraEnsemble enables users to tag files containing structured or unstructured data as sensitive and leverage the policies meant to control access to structured data stores and files and dynamically enable access to only authorised users or groups to list, copy or view files. Okera helps remove the challenges typically posed by identity-based access management, as policies are consistently enforced across all the access methods that data analysts, data scientists, and data engineers might want to employ, including Amazon S3 REST APIs, AWS Command Line Interface, Apache Spark on Amazon EMR, or Databricks.” 

Highlights and unique features of OkeraEnsemble include:

  • Progressive Attribute-based Access Control (ABAC): Provides better data security and faster compliance, creates massive economies of scale, and ensures consistency in policy enforcement. Allows users to classify files and folders, leverage tags in file access controls and utilise advanced Okera functionality, such as applying user attributes or defining time-bound conditions for permissions. Configurations can be made using an easy-to-use point-and-click user interface or by leveraging Okera APIs.
  • Infinite nScale™: Handles enormous amounts of users and supports large volumes of data access requests via Okera’s pattern for tabular data access enforcement. Allows organisations to fully leverage their existing compute infrastructure and achieve elasticity at no additional cost for access control of both tabular data and file data, while ensuring consistent policy enforcement and auditing.