DATA SHEET

KEY FEATURES

EXPLORE, VALIDATE, AND CERTIFY

HOW DOES IT WORK?

SMARTGUARD® FOR DATASPARK SQL EDITION

• Delivers fine-grained authorization for Apache Spark™, a unified analytics engine for large-scale data processing

• Avoids the need to generate and maintain costly copies of data sets

• Enforces authorization rules that are centrally defined and compliant with the XACML 3.0 standard.

• Redacts and masks sensitive data for unauthorized users; such as Personally Identifiable Information (PII), Protected Health Information (PHI) or credit card numbers

• Automates modification of SQL statements to control what data will be retrieved with dynamic data filtering and masking

• Transforms cell values for an authorized user, using native functions or external services (e.g., to decrypt data that is encrypted at rest)

• Facilitates the creation and testing of rich attribute-based data access control policies

• Exploits the full power of additional attribute lookup from multiple attribute sources

SMARTGUARD® FOR DATA – SPARK SQL EDITIONSmartGuard for Data protects big data stores against unauthorized access and exfiltration of data; only allowing users or applications to access the data they’re authorized to see, at the right time, under the right conditions. This ensures the most critical assets are protected against unauthorized activity, enabling secure collaboration, speeding time to market and fully realizing the power of the data set. SmartGuard for Data provides dynamic data masking, filtering and redaction in a single, powerful solution.

SmartGuard for Data operates by modifying SQL queries so that their execution always respects the conditions stated in the access control policy. This is achieved using the SQL Transformer as a data access proxy.

The user submits a data retrieval query through a data analytics application that sends it to the SQL Transformer. There, the query is changed based on user entitlements, provided by the SQL Filter Service, as defined by corporate policies.

The modified query is forwarded to the SQL analytics engine, after which the authorized data set is returned to the user.

SmartGuard for Data provides fine-grained access control for data retrieved by SQL queries through the data analytics applications to the SQL analytics engine Spark SQL.

SPARK SQLDATA ANALYTICSAPPLICATION

POLICIES

ATTRIBUTE SOURCES

SQL FILTER SERVICE

sqlsqltransformertransformer

SMARTGUARD FOR DATA 2.0 SPECIFICATIONS – SPARK SQL EDITION

POLICY AUTHORING

AUTHORIZATION ENGINES MANAGEMENT

POLICY ANALYSIS AND REPORTING

SMARTGUARDSPARK01222020

227 W Monroe St., Suite 2100Chicago, IL 60606, USA+1 (312) 374-3443

Västmannagatan 4S-111 24 Stockholm, Sweden+46 (0)8 51 510 240

WWW.AXIOMATICS.COM | WEBINFO@AXIOMATICS.COM

42395 Ryan RdSuite 112 - PB Box 805Brambleton, VA 20148+1 (801) 556-9994sales@axiomaticsfederal.com

OPERATING SYSTEMS

DATA ACCESS PROXY

SmartGuard for Data is built on top of the Java Virtual Machine and should be expected to run on any operating system for which an official, production-ready release of the appropriate Java Virtual Machine exists. Some components may have further requirements.

SQL Filter Service (SFS): A component that interprets applicable XACML policies and translates them into conditions that the SQL Transformer can use to manipulate SQL statements. SQL Filter Service supports Apache Spark™ SQL.

General Requirements:• Minimum memory 2GB• Minimum disk space 100MB

Java Environment: • Open JDK 8, 64-bit

Web Browsers: • Firefox 52.0 ESR or later• Chrome 51.x or later• EdgeHTML 15 or later• Internet Explorer 11

Operating Systems:• Windows Server 2008, 2008 R2, 2012, 2012 R2 (64-bit)• Red Hat Linux 6, 7 with latest updates (64-bit)

Authorization engine attribute retrieval:• Any LDAP v3 compliant directory• Any JDBC 4 compliant SQL database• Easy-to-use API facilitates development of custom attribute

retrieval components for any data source

Axiomatics Services Manager (ASM) is the graphical user interface used to configure each SFS instance not only with an XACML policy, but also with the necessary mapping between XACML attributes and database objects. ASM includes a web-based Policy Editor for policy authoring and policy verification.

General Requirements:• x86-64 CPU• 4 GB memory recommended

Administrative API: • SOAP-based interface• Java client library available

Application Server, Java Versions, and Web Services Stacks: • Apache Tomcat 7, 8.5, or 9 with 64-bit Java SE 8, Metro Web

Services Stack 2.3• 64-bit IBM WebSphere Application Server (WAS) 8.5 or 9.0 with

Java 8• Red Hat JBoss EAP 7.1 with an official, production-ready release

of the Java Development Kit (JDK) compatible with 64-bit Java SE 8 and JBoss EAP 7.1

Supported Browsers:• Firefox 42.x or later• Chrome 46.x or later• IE 11, with latest updates• Edge 40.x or later

Databases for ASM Configurations:• Oracle 11g and 12c Release 2 18c and 19c• SQL Server 2008, 2012, 2014, and 2016• PostgreSQL 9• IBM DB2 (LUW) 9.7, 10.1, and 10.5

Axiomatics Policy Auditor (APA) can be installed as a standalone application or integrated with Axiomatics Policy Server (APS). A standalone installation requires Oracle Java Runtime Environment (JRE), version 6 Update 21, or higher.Axiomatics Review Manager (ARM) is a web application that runs in a servlet container or application server using a SQL database for data storage. See requirements for Apache Tomcat and IBM WebSphere above.

SQL Transformer: A cloud-native SQL reverse proxy for analytics engines that use the HiveServer2 communication protocol. The SQL Transformer is able to parse and rewrite SQL statements using filter expressions retrieved from one or more SQL Filter Service instances.

• Operating system independent• Runs on any platform for which an official, production-ready release

of the appropriate Java Virtual Machine exists• JDBC/ODBC drivers compatible up to and including HiveServer2

protocol version 8 are supportedSecurity:

• Secure communication between the data analytics application and SQL Transformer, and between SQL Transformer and the Spark SQL engine using TLS.

User Authentication: • LDAP/Active Directory

• A Policy Editor with a graphical user interface is built into Axiomatics Services Manager

• The Policy Administration Point (PAP) XACML editor requires an official, production-ready release of the Java Development Kit (JDK) compatible with 64-bit Java SE 8.

• Text-based policy editing can be done using Axiomatics Language for Authorization (ALFA). Requires Java 8 and the Eclipse IDE.

AUTHORIZATION ENGINE