Companies have embraced the power and scale of enterprise data warehouses (EDWs) for decades, and rightly so. EDWs centralize a wealth of data so that various corporate functions can access it, track business results, and analyze trends to support better decision making.
Unfortunately, traditional on-premises EDWs come with significant overhead in terms of time, money, and effort. You have to set them up, which is complicated enough, and then you have to dedicate IT staff to keep them running. That team will spend all of its time adding servers and storage, configuring software and hardware, tweaking data and queries to play nicely with each other, and so on.
Benefits of Cloud Data Warehouses
No wonder, then, that organizations are increasingly turning to cloud data warehouses (CDWs). Providers such as Amazon, Google, and Snowflake now make it simple to:
- Store vast quantities of data cheaply, with minimal configuration effort and zero new hardware;
- Migrate and manage data easily, without needing to interact with servers; and
- Scale up or down at will
That last point is the real kicker. With EDWs, any change in scale implies serious effort as new equipment is brought online. By contrast, CDWs handle scaling natively, to the point that users almost never need to think about scaling at all.
Other old headaches from EDWs fall by the wayside, too. For example, by decoupling data management from the process of running queries, CDWs allow users to introduce new data without affecting data-crunching jobs that are already in progress. That opens up a whole new world of convenience and efficiency for both administrators and end users.
The Need for Better Data Governance in Cloud Data Warehouses
Yet even the best CDWs can be made stronger when it comes to managing data access. Companies like Snowflake do offer safeguards when it comes to user permissions and protection for at-rest data so that you can rightly feel comfortable about shipping your data to them.
Ultimately, though, the great value delivered by Snowflake, Amazon Redshift, and other CDWs is high performance at a very attractive price. They’re not in the business of supplying locks on the consumption of data, and because their whole infrastructure is virtualized, it’s not workable to implement traditional measures such as data loss prevention (DLP) or endpoint protection around the data stack.
Regulating initial access to a CDW is easy enough thanks to single sign-on (SSO) providers like Okta. Using one of these tools makes it easy for the organization to authenticate remote users before letting them inside the front gate of the CDW.
After that, however, things get slippery from the standpoint of data governance. Who is accessing which data? How much data at a time? When? From where? These are the open questions that every company using CDWs must address.
How DSaaS Fills the Gaps for Data Governance
In a pinch, you might try to fill these gaps by falling back on older technology. For example, you could technically manage access to your CDW by using a proxy. But that would hamper performance, and you might still be vulnerable to certain types of attacks.
The far better approach is to pair the benefits of your CDW with a query-level solution for data security and governance that works in parallel — one that’s abstracted, elastic, and has no infrastructure. That’s where data security as a service (DSaaS) comes in.
By using a last-mile, client-side approach, DSaaS provides data governance without any appreciable impact on performance. Security is usually the #1 offender when it comes to slowing down applications, including any kind of database. But by distributing security across all of the code, DSaaS gives you the most control, the most visibility, and the most context while also allowing you to harness the full flexibility, speed, and scalability of your CDW.
By putting security and governance within the application itself, DSaaS keeps you from getting siloed into an old security paradigm. Whether you want to move to a new data center, or just grant permissions to an old user who has a new laptop, it’s easy to enforce your pre-existing security and governance policies within the CDW. By using DSaaS, you’re able to:
- Govern each user so that they access only the types of data they should
- Track and log what each user does, for both security and compliance purposes
- Implement rules to govern the flow of data, by type of data and by role
- Isolate and block bad traffic, including excessive data volumes, down to the level of an individual user
You’ve already given yourself the ultimate flexibility in terms of growth, storage, and computing power by using a CDW. Don’t limit that flexibility and freedom by how you secure access to it, and don’t risk going without data governance in this era of strict data regulations. Take advantage of DSaaS instead. To learn more about DSaaS, check out our latest white paper, Introduction to Data Security as a Service.