The Protector verifies authorization against the customer’s security policy, and then performs the requested operation. Athena efficiently partitions, parallelizes, and batches requests to the Protegrity UDF, or “Athena Protector” running within a serverless Lambda function. In Amazon Athena, UDFs are invoked from a SQL query.
Finally, columns three and four show how authorized users in different roles would view the data.įigure 1 – Example of tokenized data in Protegrity’s solution. The data element of the security policy can be configured to preserve some analytic usability of data in its tokenized form. However, notice some portions of the tokenized values are preserved in the clear, such as the domain of the email address, year of birth, and last four digits of the credit card. In the second column, the data is de-identified via tokenization. In the first column, data about the individual is in the clear. The table below shows PII data before and after it has been tokenized. The vaultless nature of Protegrity’s solution incorporates within a Lambda function providing a scalable service when used with Amazon Athena. Protegrity Vaultless Tokenization (PVT) incorporates the tokenization algorithms and key material from a distributed security policy into process memory, eliminating operational challenges. Vault-based solutions often suffer operational challenges, however, such as high-availability, performance, and scale. Vault-based tokenization systems use a database, or “vault,” to store the mapping between the sensitive value and corresponding token. The same value across tables or databases within an enterprise produces the same tokenized value everywhere. Protegrity’s tokens are also join-preserving. Therefore, sensitive values can be swapped with tokens and stored without altering the database schema or violating field constraints with your applications. Protegrity’s tokenization adds features such as preservation of data type, format, and length. Once a record has been de-identified, sensitive values such as bank balance, credit score, or salary data can be maintained in the clear for data analytics, machine learning, or application processing within the enterprise. With PII, for example, organizations can tokenize direct identifiers (national ID, credit card, policy ID) and quasi-identifiers (birthdate, postal codes). Tokenization replaces critical values with a meaningless token, and that token acts as a claim check to reveal the original value using the tokenization system. This solution scales elastically with Athena’s on-demand and data intensive workloads. Protegrity provides data tokenization for Amazon Athena by incorporating tokenization technologies within an external Athena UDF deployed within the serverless AWS Lambda architecture.
The Athena team provides a Java SDK for developers to create UDFs to extend the Athena platform and perform useful transformations on data. It can be used to join data across multiple data sources such as Amazon DynamoDB, HBase, Amazon Redshift, or any JDBC-compliant relational database.īuilt on the Presto engine, Athena’s federated query engine offers a quick and powerful alternative for analytics without the need to first centralize all of your data into a data warehouse.Īmazon Athena recently released a new feature supporting external UDFs. About Amazon AthenaĪmazon Athena is a serverless, federated query service that makes it easy to analyze data in Amazon Simple Storage Services (Amazon S3) using SQL. This is particularly vital to companies that deal with Personally Identifiable Information (PII), Payment Card Industry (PCI), and Protected Health Information (PHI).
Tokenization is a technique for de-identifying sensitive data at rest while retaining its usefulness. This protects data at rest and maintains the confidentiality of individuals and other sensitive data. In this post, we will describe how customers can use the Protegrity Athena Protector UDF with the Amazon Athena engine to tokenize or detokenize data at scale. Protegrity, an AWS ISV Partner and global leader in data security, has released a serverless User Defined Function (UDF) that adds external data tokenization capabilities to the Amazon Athena platform. Tokenization is one of the ways to protect sensitive data at rest and preserve data privacy.
When it comes to protecting sensitive data, there are a few options you can choose from. By Matt Hutton, VP Cloud Engineering – Protegrityīy Tamara Astakhova, Partner Solution Architect – AWSĭata security has always been an important consideration for organizations when complying with data protection regulations.
0 kommentar(er)
