Satori, a data security company, has unveiled a free and open-source tool, Universal Data Permissions Scanner, that can help organizations analyze permission models, identify who has access to what data, and at what level, across multiple data stores.
The tool can currently scan data lakes, databases, cloud accounts, and data warehouses of various data stores, such as Snowflake, Amazon S3, Amazon Redshift, Google BigQuery, and MongoDB, but additional data stores can be added. As the number of users and use-cases increase, it is no longer humanly possible to remember who had access to what, how, and why, according to Satori.
Therefore, the new tool makes it easier for companies to manage and view data store permissions, lowering the risks associated with unauthorized or over-privileged users.
Satori’s new open-source tool generates a human-readable list of users and their access levels to cloud storage buckets, database tables, and files by analyzing permission models. The company also offers a fully managed SaaS solution that conducts periodical scans in addition to the Universal Data Permissions Scanner.
DevOps and data engineers are the ones who manage the security of the databases, data lakes, or warehouses they operate, Satori explained.
It usually involves setting permissions to allow users to query the data they need. As the number of users and use-cases increase, complexity grows, making it difficult to meet security and compliance requirements.
The root cause of this problem is that permissions to data are typically stored in normalized form, making it challenging to comprehend your permissions landscape, the firm added.
Universal Data Permissions Scanner is designed to overcome these challenges by making it simpler for businesses to manage data store permissions.
It is also worth noting that the tool is open source and free, making it an excellent choice for organizations on a tight budget. With the Universal Data Permissions Scanner, companies can identify users and entities that have been granted excessive privileges, thus reducing the likelihood of a breach by unauthorized or over-privileged users.
