Who are they:
Okera was launched in 2016 to ironically address the security gap created by Big Data’s key innovation of decoupling storage and compute. This gap was realized at a time when organizations were accumulating large amounts of data containing personally identifiable information (PII).
The company’s aim is to help customers secure their data analytics platforms for responsible use of sensitive data such as PII. The company positions its core software as the “finisher” for an enterprise’s data analytics stack.
The existing model for protecting such data requires creating rules for different applications and users, a tedious and time-consuming process. Bobby Napiltonia, president of his San Francisco-based Okera, said: “We have a secure data access platform that covers all data sources for universal access authorization. We are solving one of the biggest problems on the map today: trust. Napirutonia joined the company earlier this year.
The company has raised about $30 million in venture capital funding and currently has 60 employees.
The company’s software works with big data platforms through integrations with Amazon EMR, Databricks, and Snowflake. Supported cloud platforms include AWS, Microsoft Azure, and Google Cloud.
Customers need to be able to leverage integrations or “connectors” to core systems to efficiently provide access control, said Nikolas Acheson, a former Nike executive and customer. “We need to make it really light so customers can move faster,” he says. “I can’t tell you how many connectors I’ve built because I could move faster than tech companies. A lot of companies in the past had to juggle a lot.” This is what Okera solves. Another big problem I’m trying to solve.
“I can’t tell you how many connectors I’ve built because I could move faster than tech companies. A lot of companies in the past had to mesh a lot of stuff.”
Nik Acheson, Field Chief Data Officer at Okera, talks about his day as an Okera customer.
Acheson recently joined Okera as Field Chief Data Officer. This provided a strong endorsement of the company’s technology and at the same time brought the customer’s perspective on the benefits of the company’s technology. “The company is very forward-looking and focused on technology,” he says Acheson. “I really want to help our customers understand and map their business outcomes.”
The company engages with customers through direct sales and a partner ecosystem. Its partners include Infosys and Kyndryl.
what they do:
Okera’s platform agnostically manages policy-based data access governance. As previously mentioned, it supports a variety of analytics platforms and cloud hyperscalers.
This software prevents common scenarios such as: Data scientists accessing sensitive data when there is no legitimate purpose. Data scientists who need data that is inaccessible because it is mixed with sensitive data. They are also reluctant to move workloads to the cloud due to compliance, security, or privacy considerations.
“We have a secure data access platform that covers all data sources for universal access authorization. We are solving one of the biggest problems on the map today: trust. .”
Bobby Napiltonia, president of Okera
Common approaches to accessing governance on existing platforms include extracting copies of data by geography, project, or user. Manage access using Identity and Access Management (IAM) tools or private keys. According to Okera, these approaches introduce complexity and risk and do not scale as the company grows.
Okera’s software performs the following core functions:
- Discover and classify sensitive data. Okera provides lightweight data discovery and classification. Customers can also configure Okera to integrate with their Enterprise Data Catalog.
- Manage data policies. Okera abstracts policies into a language that non-technical data stakeholders can understand, allowing you to deploy policies (and the data they protect) quickly and confidently.
- Apply policies dynamically. Ensure consistent policy enforcement across cloud data warehouses, data lakes, and data lakehouses. For the same query, a sales analyst might see her PII data filtered by country, unreadable because it is tokenized or masked. In contrast, the Sales Director has full visibility into her PII, but filters it by her territory.
- Audit and analyze sensitive data usage. Through a self-service portal, audit, security, and compliance teams can quickly find out who requested sensitive data, when, from which application, and whether the request was approved or denied. This speeds up compliance reporting and reduces incident response time.
According to Acheson, providing broad support for analytics applications and cloud platforms (platform agnostic) is important. Because businesses need the flexibility to move fast, and being platform agnostic helps them achieve that. “With Okera, policies are at the data asset level, so access and governance are standardized and they are agnostic of where the data resides. I will move.”
When it comes to setting access policies, the platform supports fine-grained access control (FGAC) to column, row, and cell levels.
Decentralized stewardship allows security or IT teams to delegate data access management responsibilities to data owners, eliminating bottlenecks and distributing the access management workload as the organization grows .
Attribute-based access control (ABAC) reduces the complexity of policy definition, including separating policy definition from object naming. With ABAC capabilities, companies can start treating data as an asset and think about how to bring assets together for greater impact, rather than focusing exclusively on how they use data. “This is part of his layer of adaptive security that only Okera has seen work very well,” he says.
The Okera platform supports Zero Trust architecture. All queries are authorized based on a combination of authenticated user role, target data attributes, and real-time query context.
The diagram below shows the “building blocks” that make up the Okera platform and the role they play.
Acheson detailed a recent customer engagement that demonstrates the scale of the problem Okera is working on to secure access to data and analytics.
Only 8% to 30 of prospective customers consider data “good” (accessible from known locations, used in an appropriate and secure manner, and combined with other data) Attempting to expand to %.
Both the current and future numbers seemed surprisingly low, so I asked Acheson why they were so low. A good figure of 8% is not uncommon, he says, but he considers 30% to be “very low” and customers “would like to get to 100%. This is what I would expect.” By the way,” he adds. In short, there is a lot to be done in this regard.
Who are you influencing?
FINRA, the financial industry regulator, is the quasi-governmental regulator that keeps the U.S. financial markets safe, monitoring 445 billion market events per day to detect and prevent fraud, abuse, and insider trading. I’m here.
FINRA’s elastic infrastructure supports up to 150,000 compute nodes handling over 200 petabytes of storage. Clearly, vast amounts of data are involved to support his FINRA mission to protect investors and the integrity of the market.
FINRA is working with Okera for centralized data authentication, said Nate Weisz, FINRA’s senior director of data management, in 2021.
Weisz said: “Unfortunately, approving and authorizing data seems to happen at the analytics layer, which we believe is inconsistent and better managed centrally. We are cooperating.”
Okera’s software helps FINRA bring entitlements and data access control to all of FINRA’s data platforms.
We were unable to reach out to FINRA for this analysis, but we hope to update the details on working with Okera in the near future.
Future and Closing:
Okera is compelling in that its software secures data access across a wide range of platforms using a much simpler model than building and enforcing access rules for each system, application, or user. have a certain value proposition.
The fact that we were able to get big customers (particularly FINRA) to manage huge transaction volumes shows that this technology is more robust than the typical startup and well positioned for access control at scale. I’m here. of enterprise.
For exclusive stories from innovative cloud companies, see Cloud Wars Horizon here.