Data Security Real-Time PII Protection

A provider of powerful marketing platforms that integrate live events and media into rich user experiences based on data-based insights came to PruTech for assistance. Each year, their platform reaches 1.9 million customers through 142 events and 16 media properties—using Elastic Data Lake and The Elastic Stack for analytics across all datasets.

They needed to automatically recognize sensitive information and apply policies to restrict personal identifiable information (PII) from its users. The solution also needed a way to prevent access to information that could put users’ security at risk. This is where PruTech came in – they were tasked with helping the platform identify PII data while providing data governance in a multi-tenant Databricks environment.

The PruTech team implemented Privacera, a specialized encryption solution, on an Elastic Kubernetes Service (EKS), and enabled Single Sign On (SSO) login with SAML AD authentication, integrating Azure Active Directory (AAD) to provide access policies for users and groups to access the Privacera Portal. The team also installed Discovery for Databricks SQL and Discovery for AWS S3 to enable real-time scanning of objects while tagging PII and other sensitive information accordingly.

In addition, they used Compliance Workflow Management from Discovery to automate the process of transferring S3 files that contained PII data into separated S3 locations with restricted access only through Privacera Access Policies. They further enabled policy automation through various methods along with code changes using a CICD pipeline.

By employing the Privacera solution, the platform was able to accurately identify sensitive information which allowed them to segregate their data based on different Tenant IDs in an automated manner. Not only did this result in significant cost savings but it also ensured better security by preventing unauthorized access to critical PII data without sacrificing user experience or corruption of analytics results due to incorrectly redacted entries.

Overall, the implementation of Privacera on the platform was a success. The platform now has a secure and reliable solution that prevents its users from accessing sensitive data while providing effective data governance and compliance to all regulations.