Cyber Security

What are the best practices for Big Data governance and security in a multi-cloud environment?

PA Asked by Patricia Adams · 20-11-2024
0 upvotes 12,126 views 0 comments
The question

As we move our data across AWS and Azure, we are finding it impossible to maintain a consistent security policy. How do you manage access control (RBAC) at scale across different Big Data tools like Hive, Presto, and S3? Are people still using Apache Ranger, or are there newer, cloud-native solutions that handle data masking and PII (Personally Identifiable Information) protection more effectively without slowing down the analysts?

 

3 answers

0
DE
Answered on 22-11-2024

Multi-cloud governance is a nightmare without a centralized control plane. Apache Ranger is still the gold standard for the Hadoop ecosystem, but in 2024/2025, many are moving toward "Data Security Platforms" like Immuta or Privacera. These tools sit on top of your multi-cloud storage and provide a unified policy engine. You can define a rule once—like "mask all social security numbers for the marketing group"—and it applies whether they are querying in Snowflake, Redshift, or Databricks. This "Policy as Code" approach is essential for GDPR and CCPA compliance in big data. 

0
TH
Answered on 24-11-2024

How do you balance strict security with the need for data scientists to have "Exploratory" access to raw datasets for training their models? 

KE 25-11-2024

Thomas, we use "Data Enclaves" or "Clean Rooms." Instead of giving them the raw data, we provide a synthetic version of the dataset or a highly masked version. If they find a signal in the noise, they submit their code to be run against the "Real" data in a locked-down environment. This way, no PII ever touches their local machines. It’s a bit slower for the scientists, but it’s the only way our legal team allows us to operate in a high-risk industry like healthcare.

0
BA
Answered on 26-11-2024

Tagging is your best friend. If you tag your data at the source (Ingestion), your governance tools can automatically apply the right security filters based on those tags. 

PA 27-11-2024

Automated tagging at the ingestion layer is definitely the way to go. It prevents the human error that usually leads to data leaks in large lakes.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session