Published on January 31, 2020
Vinay Manuel | CEO, Zetaris


Organisations face significant regulatory and compliance risks from their data management and analytics practices. With the proliferation of data and the significant business opportunities centring around data analytics and AI, real-time policy-based governance of data, operations and development is essential.

The typical organisation with data obligations will say, "We're all good. We have access control, state of the art security, a privacy policy, a Chief Data Officer, the same old advisors and we train our staff." Trouble is, in reality, they don't have a system of control and oversight for the developer in real-time as he or she develops. They don't REALLY know what their data scientist is doing when an algorithm runs. There is no way to remember if the AI complies with the new policy or legislation. They have limited control over the management of the way data is joined by coders. No control over the behaviour at the lower level. Data extracts are all over the place, on banker laptops, on store servers and in varying forms of encryption and the BI tools are joining data over the top in arbitrary ways with no oversight.

We've seen the evidence of this lack of lower-level oversight and control in recent regulatory breaches involving application processing and data.

So, you might have the best intentions. With the best consultants, people and security access measures, but if your policy is not actively embedded in the code, then you're not complying! And, if you don't bring in the right systems, it's your fault!

What's needed is the policy embedded within every line of code! Policy embedded in every query. And, the policy needs to be in a real-time active policy service, NOT just in training materials or PowerPoint slides.

So, what's the big risk?

For Banks, do you really know what algorithms, code, queries your analyst is experimenting with right now? Are they breaching data regulation? Do you REALLY have a system to tell you, in real-time, every second that is reporting on compliance?

For Telcos, when you share data with a third party, can you manage, control and restrict the kind of operations the party wants to do that may cause a privacy breach?

For Retailers, what is that AMAZING AI bot doing with the data? Is a new policy being applied that was not in the original design?

For Government, how can you link data across all departments in a way that ensures real-time behaviour based compliance and, if something happens out of policy, is there an automated exception report - not just for in-appropriate access - but, for deeper more complex assessment of what the analyst is doing... do you have that level of operational oversight?

For society, don't we need REAL policy-based, behaviour level, oversight of how organisations are handling your data every day, every minute, every second?

Zetaris for Virtual Data Warehousing & Operational Data-and-Query Governance

Zetaris is a virtual data warehouse that joins data across many data stores and networks or clouds to create the views that the analytical tools need in real-time without the data, process or systems duplication. This is a step-change in the data platform and integration world, where the old approach means data has to be copied from its original source, restructured or transformed and made consistent before any value can be created.

Zetaris has implemented, within its query engine and data access layer, the emerging global standard and framework for policy management - the Zetaris Policy-Based Governance (ZPG). OPA is an open-source, general-purpose policy engine that unifies policy enforcement across the data ecosystem. OPA provides a high-level declarative language that lets you specify policy as code and simple APIs to offload policy decision-making from your software. You can use OPA to enforce policies in micro-services, Kubernetes, CI/CD pipelines, API gateways, and more.

With Zetaris, every query, algorithm or data operation performed by an analyst, developer, AI agent or BI user is assessed for policy compliance by the Zetaris OPA Server (ZOS) before it is run. This means the data and what operations are performed on the data (across your data landscape) is managed in real-time. This is granular policy-based data governance.


ZOS means every query runs policy decision-making from policy enforcement. When your software needs to make policy decisions the ZOS queries structured data (e.g., JSON) in the policy server and returns authorisation data.

Policy Coding

ZOS generates policy decisions by evaluating the query input and against policies and data.

For example:

What combinations of data joins are high risk?

Which users can access which resources.

Stop data breaches as it happens.

Which user can perform what query or implement which algorithm.

What AI can access which data with what operation.

Which subnets egress traffic is allowed to.

Which clusters a workload must be deployed to.

Which registries binaries can be downloaded from.

Which OS capabilities a container can execute with.

Which times of day the system can be accessed at.

Policy decisions are not limited to a simple yes/no or allow/deny answers. Like query inputs, your policies can generate arbitrary structured data as output.

Related Posts

App image
Hybrid Cloud Data Warehouse
App image
Making complex queries across external databases run is why you need a Data Fabric.
App image
Being in the moment with your customer




Fill out this form and we will organize a 10min online demo that will blow your mind!