Skip to content

Overview of Privacera on AWS

This document covers the features of Privacera Platform on AWS.

Note

The AWS IAM best practices resource is helpful for configuring your AWS Identity and Access Management to support the use of Privacera.

Privacera Components

Privacera provides the following features:

  • Fine-grained Access Management: Privacera leverages Apache Ranger to provide column and row-level access control.

  • Automated Discovery and Classification: Privacera automatically scans structured and unstructured data to identify and tag it.

  • Encryption and Masking: Privacera uses format-preserving and other encryption techniques to anonymize data at rest.

  • Monitoring of User Access: Privacera analyzes user access history to determine if sensitive data is uploaded, moved, or accessed inappropriately.

Privacera Portal

Privacera Portal is the primary user interface for the Launch Pad and the Privacera Access Management.

Launch Pad

To view the Launch Pad page, on the Privacera home page, click Launch Pad. The Launch Pad page displays with the following features:

  • AWS Console: Login directly to your AWS Console through this menu option.

  • AWS CLI: You can access AWS CLI through a generated Privacera token.

  • Privacera Token: You can manage Privacera Tokens for access management.

  • Databricks: Databricks is required for accessing your assets such as UI, API, and Command-line interface (CLI).

Access Management

Privacera leverages Privacera Access Management for policy management. Access Management provides a robust policy management layer leveraging several architectural techniques to control access to data. Key benefits include providing:

  • Single pane of glass for all access policies.

  • Performance and scalability

  • Column- and record-level security for a variety of different Data Sources.

Application Current State Privacera Solution Policy Enforcement Point
PrestoDB PrestoDB Authorization Ranger - Column Level Plug-In
EMR - Hive SQL StdAuthorization Ranger - Column Level,
Dynamic Column Masking,
Dynamic Column Encryption/Decryption,
Dynamic Row Level Filtering
Plug-In
EMR - Spark IAM Policies (Bucket level) Ranger - File/Object Level Data Access Server
Databricks Databricks Access Control and S3 IAM policies Ranger - Column Level,
File Level,
Dynamic Column Masking,
Dynamic Column Encryption/Decryption,
Dynamic Row Level Filtering
Plug-In
AWS S3 IAM Policies (Bucket level) Ranger - File Level Data Access Server
Redshift Database Grant/Revoke Ranger - Table Level, Column Level PolicySync
Athena IAM Policies Ranger - Column Level JDBC Proxy
DynamoDB IAM Policies Ranger - Column Level Data Access Server / Role Mapping
Kinesis / Firehose IAM Policies Ranger - Stream Level Data Access Server / Role Mapping
Lambda IAM Policies Ranger - Function Level Data Access Server

Architecture Overview