Natural Language Represented Policy

Prerequisites: Before using this walkthrough, please ensure that you’ve first done

• Parts 1-5 of the POV Data Setup
• the Schema Monitoring and Automatic Sensitive Data Discovery walkthrough and

• at least one of the following:

  • Separating Policy Definition from Role Definition: Dynamic Attributes
  • Policy Boolean Logic
  • Exception-Based Policy Authoring
  • Hierarchical Tag-Based Policy Definitions

Overview

This is a pretty simple one: if you can’t show your work, you are in a situation of trust with no way to verify. Writing code to enforce policy (Snowflake, Databricks, etc.) or building complex policies in Ranger does show your work to a certain extent - but not enough for outsiders to easily understand the policy goals and verify their accuracy, and certainly not to the non-engineering teams that care that policy enforcement is done correctly.

With Immuta, policy is represented in natural language that is easily understood by all. This allows non-engineering users to verify that policy has been written correctly. Remember also that when using global policies they leverage tags rather than physical table/column names, which further enhances understandability.

Lastly, and as covered in the Scalability theme, with Immuta you are able to build far fewer policies, we are talking upwards of 75x fewer policies, which provides an enormous amount of understandability with it.

Certainly this does not mean you have to build every policy through our UI - Data Engineers can build automation through our API (covered in the next theme), if desired, and those policies are presented in a human readable form to the non-engineering teams that need to understand how policy is being enforced.

Business Value

Once you have created a trusted and verified environment, through centralized policy management, all stakeholders can rest easy and mistakes can be caught quickly.

Because of this, the business reaps

• Increased revenue: accelerate data access / time-to-data because the legal and compliance teams trust that data is being protected correctly because they can verify that is the case.
• Decreased risk: Mistakes will not linger hidden beneath complex code, the spirit of how your organization interprets law and policy can be easily verified.

Reading a policy

Assumptions: Your user does not have to have any required permissions.

1. Log in to Immuta with any user.
2. Click the Policies icon in the left sidebar.
3. Choose a Data policy to expand and read. You understand them; anyone can!

This is a picture one of our customers created that depicts the logic:

Anti-Patterns

The anti-pattern is that the way you build policy is so technical and/or complex, you have no way to allow non-technical leadership to validate your work. This leaves the Data Engineering team struggling to prove they’ve done their job and creates distrust that policy enforcement is happening correctly, which creates a domino effect of involving more humans to manually approve access, completely halting time-to-data.

Next Steps

Feel free to return to the POV Guide to move on to your next topic.