To that end, he says, it is essential to give users access to the data they need "and not a byte more." That's where role-based access, attribute-based access and dynamic data masking come in. The dynamic data masking even extends Hadoop's capabilities, Tilenius notes, as other access control systems within Hadoop would cause an error if a user makes a query that includes data they're not authorized to access. BlueTalon would allow the query but mask access to any data the user is not authorized for.
For instance, Tilenius explains, a banker might be authorized to see social security numbers for his or her direct clients, but not other clients. A query that includes both would return results, but the banker would only see social security numbers for direct clients.
In addition, the policy engine creates a full audit trail.
"One of the things we do that's really unique is we audit all the activity into or out of a database," Tilenius says. "Because we're a policy engine, for any user we'll kinow what they tried to do and what policies or rules they triggered. We can see both the query they requested as well as the data they received back at a metadata level."
Sign up for CIO Asia eNewsletters.