star burst recently announced a number of new features for its data products. The feature sets were designed to emphasize data governance, access controls, and regulatory compliance while sharing data with different users, departments, and locations.
While these features are applicable to national users and datasets, they are useful for exchanging data products across international borders. This functionality plays a critical role in addressing aspects of data sovereignty and regulatory compliance regarding data location or mandates relating to specific geographic regions.
Data products coincide with the data mesh architecture and are one of the results of this paradigm. The introduction of new governance features to Starburst’s data products is designed to make the concept of data meshing more practical for users working with global datasets.
According Vishal SinghStarburst’s data product manager, “Data products address the challenges of compliance and consistency in governance, where you can create the data set without even exposing the data, which other users in other other geographic areas do not have views or are not permitted to view.”
Although star burst integrates with many leading governance solutions, its recent governance additions bolster its own capabilities in this area of data management. “Data products can not only work with [existing governance] tools that customers already have, but also with the tools that Starburst provides in-house,” Singh explained.
Some of the new features directly enforce access controls. There are specific mechanisms that support cell-level filtering and data masking that are currently in private preview. These features restrict access based on data governance so that specific groups can only see certain aspects of the datasets. Additionally, there is support for exception-based governance policies, which limit the data products or datasets that certain users can see and the information about them. Other features minimize the various steps required to manage enterprise-wide data policies.
According to Singh, one of the characteristics of data products is that everyone has access to metadata about the data, even if they cannot access the data itself. With exception governance policies, “You can say that this group of users can never see the metadata or the data, at any time, even if someone wants to override it,” Singh revealed. “What a deny policy does is that instead of allowing people to see the data, you can prevent people from ever seeing the data.”
Other features have obvious implications for the use of data products and their datasets in international regions while remaining respecting the regulations and data sovereignty requirements. Users can now clone these data assets and use them for their own purposes without the data physically moving from place to place. Conversely, a US user may wish to add a new dataset to a data product from a European-based domain.
Since he is not the owner of the domain, “what this user can do is clone this data product from a different domain into his domain and see the link of how the data product was cloned,” Singh commented. “The governance of that is cloned with that and they can actually change the data product with the needs of their domain users, and actually cater to the users in their department without a problem from the European region.”
Breaking down borders
Adding these data governance features to Starburst enhances its core value proposition of enabling users to query data where it resides, while adhering to regulatory compliance and data privacy. These governance capabilities naturally underpin Starburst’s ability to provide data access to users regardless of their tools, cloud ecosystem or physical location. The recent announcement means access is now possible without compromising regulatory compliance while using Starburst’s native tool.
Singh referenced a use case where an international life sciences company used Starburst’s new governance features to support clinical trials and drug discovery. Even though US users may need to access data from a data product in AWS, for example, while their European domain owners have it in Azure, now they can. Moreover, they can do so without encroaching on data sovereignty issues or regulatory or governance issues. “We abstract away location, storage, and cloud, and you can see a single view of data in the context of the business goals you’re aiming for, without having to determine the actual geography of the data itself,” Singh c is noted.