Who They Are:
Okera launched in 2016 to address a security gap that was created, ironically, by an important innovation in big data: the separation of storage and compute. This gap materialized while organizations were accumulating massive amounts of data, including personally identifiable information (PII).
The company’s objective is to help customers secure their data analytics platforms in order to use sensitive data, such as PII, responsibly. It positions its core software as “completing” a company’s data analytics stack.
Existing models for securing such data could require writing rules for a variety of applications and users — a laborious and time-consuming process. “We allow you to write one policy that runs across the entire infrastructure,” says Bobby Napiltonia, president of Okera, based in San Francisco. “We have a secure data access platform to cover every data source for universal access authorization. We’re setting out to solve one of the largest problems on the map today, which is trust.” Napiltonia joined the company early this year.
The company has about $30 million in venture capital funding and currently has 60 employees.
The company’s software works with Big Data platforms via integrations with Amazon EMR, Databricks, and Snowflake. Supported cloud platforms include AWS, Microsoft Azure, and Google Cloud.
Customers need to be able to leverage integrations, or “connectors” to their core systems, to efficiently deliver access control, says Nikolas Acheson, a former customer as a Nike executive. “You have to really light that up and allow customers to move faster,” he says. “I can’t tell you how many connectors I built because I could move faster than tech companies. A lot of companies in the past had to mesh together a whole bunch of things.” That’s another of the big problems Okera aims to solve.
“I can’t tell you how many connectors I built because I could move faster than tech companies. A lot of companies in the past had to mesh together a whole bunch of things.”
Nik Acheson, field chief data officer at Okera, referring to his days as an Okera customer.
Acheson recently joined Okera as field chief data officer — a strong endorsement of the company’s tech while bringing a customer perspective to the company’s technology benefits. “The company has been very forward and tech-focused,” Acheson says. “I want to really help customers understand and map business outcomes.”
The company engages with customers through direct sales and a partner ecosystem; its partners include Infosys and Kyndryl.
What They Do:
Okera’s platform manages policy-based data access governance on an agnostic basis — it supports a variety of analytics platforms and cloud hyperscalers as noted above.
The software prevents common scenarios such as: data scientists accessing sensitive data when there’s no legitimate purpose; data scientists needing data that they can’t access because it’s co-mingled with sensitive data; and reluctance to migrate workloads to the cloud because of compliance, security, or privacy considerations.
“We have a secure data access platform to cover every data source for universal access authorization. We’re setting out to solve one of the largest problems on the map today, which is trust.”
Bobby Napiltonia, president of Okera
Common approaches to access governance with existing platforms include extracting copies of data by geography, project, or users; and managing access with Identity and Access Management (IAM) tools or private keys. These approaches introduce complexity and risk, and they fail to scale with a company’s growth, according to Okera.
Okera’s software performs these core functions:
- Discovers and classifies sensitive data: Okera provides lightweight data discovery and classification; customers can also configure Okera to integrate with an enterprise data catalog.
- Manages data policies: Okera abstracts policies into language that non-technical data stakeholders can understand so that policies — and the data they protect — can be deployed quickly and with confidence.
- Dynamically enforces policies: Makes sure policies are enforced consistently across cloud data warehouses, data lakes, and data lakehouses. For the same query, a sales analyst might see PII data that is tokenized or masked so it’s unreadable, and filtered by country; a sales director, by contrast, might have full visibility into PII but filtered for his/her territory.
- Audits and analyzes the usage of sensitive data: Audit, security, and compliance teams can quickly find — via the self-service portal — who requested sensitive data when, from what application, and whether their request was approved or denied. This speeds compliance reporting and can reduce incident response times.
Offering broad support for analytics applications and cloud platforms — being platform agnostic — is important, Acheson says, because companies need the flexibility to move quickly and not being tied to a platform helps them do so. “With Okera, you standardize access and governance and become agnostic to where the data is, as the policy is at the data asset level. If a customer shifted from AWS to GCP, the policies move with it.”
When it comes to setting access policies, the platform supports fine-grained access control (FGAC) to the column, row, and cell levels.
Stewardship is distributed so security or IT teams can delegate data access management responsibility to data owners, removing bottlenecks and helping to distribute access management workload as the organization scales.
Attribute-based access control (ABAC) reduces the complexity of policy definitions, including separating policy definitions from object naming. With ABAC capability, companies can begin to treat data as an asset, instead of focusing narrowly on how it’s used, and think about ways to bring assets together for greater impact. “That’s part of an adaptive security layer that I’ve only seen Okera do very well,” Acheson says.
The Okera platform supports Zero-trust architecture; every query is authorized based on a combination of the authenticated user’s role, target data attributes, and real-time query context.
The graphic below shows the “building blocks” that make up Okera’s platform, along with the role that each plays:
Acheson detailed a recent customer engagement that indicates the scale of the problem Okera is taking on in securing access to data and analytics.
A prospective customer is trying to grow from just 8% of its data being “appropriate” — accessible from a known location, used in appropriate, secure ways, and considering whether or not it can be combined with other data — to 30%.
Both the current and future figures seemed surprisingly low to me, so I asked Acheson to explain why they were so low. The 8% appropriate figure isn’t unusual, he says, while he considers 30% “massively low” and adds that customers “want to get to 100%, which is where I expect them to be.” In short, there’s a lot of work to do in this regard.
Who They’re Impacting
FINRA, the Financial Industry Regulatory Authority, is the quasi-governmental regulator that keeps U.S. financial markets safe, monitoring 445 billion market events per day to detect and prevent fraud, abuse, and insider trading.
FINRA’s elastic infrastructure supports up to 150,000 compute nodes processing over 200 petabytes of storage. Clearly, an enormous amount of data is involved in supporting FINRA’s mission to protect investors and market integrity.
FINRA is working with Okera for centralized data authorization, said Nate Weisz, Senior Director of Data Management at FINRA, in 2021.
“Analytics has kind of grown organically because we want people to use the best of breed and keep up with the industry,” Weisz said. “Unfortunately, the data authorizations and entitlements are kind of done in that analytics layer, which is…inconsistent and it could be better managed centrally, we believe. So we’re working with Okera.”
Okera’s software will help FINRA bring entitlements and data access controls across all of FINRA’s data platforms.
While I wasn’t able to connect with FINRA for this analysis, I hope to bring updated details on its work with Okera in the near future.
The Future and Closing Thoughts:
Okera has a compelling value proposition in that its software secures data access across a wide range of platforms using a model that is far simpler than building and executing access rules by system or application or user.
The fact that it has been able to win over big customers that manage massive transaction volumes — most notably FINRA — is an indicator that the technology is more robust than that of your typical startup, and is well positioned to take on access control in the largest of enterprises.
For more exclusive coverage of innovative cloud companies, check out Cloud Wars Horizon here:
