Organisations face significant regulatory and compliance risks from their data management and analytics practices. With the proliferation of data and the significant business opportunities centring around data analytics and AI, real-time policy-based governance of data, operations and development is essential.
We've seen the evidence of this lack of lower-level oversight and control in recent regulatory breaches involving application processing and data.
So, you might have the best intentions. With the best consultants, people and security access measures, but if your policy is not actively embedded in the code, then you're not complying! And, if you don't bring in the right systems, it's your fault!
What's needed is the policy embedded within every line of code! Policy embedded in every query. And, the policy needs to be in a real-time active policy service, NOT just in training materials or PowerPoint slides.
So, what's the big risk?
For Banks, do you really know what algorithms, code, queries your analyst is experimenting with right now? Are they breaching data regulation? Do you REALLY have a system to tell you, in real-time, every second that is reporting on compliance?
For Telcos, when you share data with a third party, can you manage, control and restrict the kind of operations the party wants to do that may cause a privacy breach?
For Retailers, what is that AMAZING AI bot doing with the data? Is a new policy being applied that was not in the original design?
For Government, how can you link data across all departments in a way that ensures real-time behaviour based compliance and, if something happens out of policy, is there an automated exception report - not just for inappropriate access - but, for deeper more complex assessment of what the analyst is doing... do you have that level of operational oversight?
For society, don't we need REAL policy-based, behaviour level, oversight of how organisations are handling your data every day, every minute, every second?
Zetaris for Networked Data Platform & Operational Data-and-Query Governance
Zetaris is a networked data platform that joins data across many data stores and networks or clouds to create the views that the analytical tools need in real-time without the data, process or systems duplication. This is a step-change in the data platform and integration world, where the old approach means data has to be copied from its original source, restructured or transformed and made consistent before any value can be created.
Zetaris has implemented, within its query engine and data access layer, the emerging global standard and framework for policy management - the Zetaris Policy-Based Governance (ZPG). OPA is an open-source, general-purpose policy engine that unifies policy enforcement across the data ecosystem. OPA provides a high-level declarative language that lets you specify policy as code and simple APIs to offload policy decision-making from your software. You can use OPA to enforce policies in micro-services, Kubernetes, CI/CD pipelines, API gateways, and more.
With Zetaris, every query, algorithm or data operation performed by an analyst, developer, AI agent or BI user is assessed for policy compliance by the Zetaris OPA Server (ZOS) before it is run. This means the data and what operations are performed on the data (across your data landscape) is managed in real-time. This is granular policy-based data governance.
ZOS means every query runs policy decision-making from policy enforcement. When your software needs to make policy decisions the ZOS queries structured data (e.g., JSON) in the policy server and returns authorisation data.
ZOS generates policy decisions by evaluating the query input and against policies and data.
What combinations of data joins are high risk?
Which users can access which resources?
Stop data breaches as it happens?
Which user can perform what query or implement which algorithm?
What AI can access which data with what operation?
Which subnets egress traffic is allowed to?
Which clusters a workload must be deployed to?
Which registries binaries can be downloaded from?
Which OS capabilities a container can execute with?
Which times of day the system can be accessed at?
Policy decisions are not limited to a simple yes/no or allow/deny answers. Like query inputs, your policies can generate arbitrary structured data as output.