Magazine Store

April Monthly Special 2022

Okera – Empowering Enterprises to Accelerate Business Agility, Minimize Data Security Risks, and Demonstrate Regulatory Compliance


Your data is a valuable commodity, one that you can potentially monetize or share with other business units, partners, and supply chain vendors. With universal data authorization, you can keep data in place and under your control, share it responsibly, and audit and measure utilization.

Okera, the universal data authorization company, empowers enterprises to accelerate business agility, minimize data security risks and demonstrate regulatory compliance. Okera was founded in 2016 by technology pioneers who saw that the big innovation in big data — specifically the separation of storage and compute — created a big gap in data security. The Okera Dynamic Access Platform automatically authorizes and audits all data requests, dynamically enforcing data security and compliance policies across all data platforms in hybrid and multi-cloud environments. Okera can be deployed into production in days, adapts to any common data authorization framework, and seamlessly integrates into existing data governance ecosystems.

The Okera Dynamic Access Platform (ODAP)

It automatically authorizes and audits all data requests, dynamically enforcing data security, privacy, and compliance policies across all data platforms including hybrid and multi-cloud environments. Universal data authorization provides a critically important and highly Performant way for organizations to protect their data, their customers, and their partners. Over the past year, Okera made substantial enhancements to ODAP, including the introduction of nScale™, the industry’s first co-located deployment mode, allowing fine-grained data access on open distributed compute environments with enhanced security. This opens up tremendous opportunities for organizations to run secure, advanced analytics and data engineering jobs on cost-effective cloud data processing platforms such as Amazon EMR.

Key ODAP innovations

  • Universal Policy Builder – Enable customers to define a policy once and have it automatically and consistently applied for all managed datasets across all analytics tools in hybrid and multi-cloud environments.
  • Dynamic Policy Enforcement – Dynamically enforce complex data security policies for each data request with real-time access controls. Clients can request data access authorization from the Okera Policy Engine using native client library integrations, through an Authorization Gateway or a REST API.
  • Centralized Audit & Reporting – Built-in reports and easy integrations with SIEM tools allow CISOs and compliance officers to know who has access to sensitive and personal certain datasets and how and when they’re using it.
  • Automated Metadata Management – API-first integrations with best-of-breed data discovery and governance solutions ensure attribute-based policies are always up to date.
  • nScale™ – An optimized, unique policy enforcement architecture that scales on existing big data compute clusters, eliminating the cost and complexity of managing a separate access management infrastructure.

Other Compliance Management Services Offered by Okera

Universal Policy Management: Okera provides a self-service experience for data stewards to create and manage fine-grained data access control policies. Data stewards, or those who understand the data, can now author access policies without writing a line of code. Create and manage fine-grained data access control policies, including row-level filtering and sophisticated de-identification, from Okera’s simple point-and-click user interface. Okera supports a variety of de-identification types, including masking, redaction, tokenization, anonymization, and even differential privacy. In all cases, the transformation is applied at query time, eliminating the need to store multiple copies of the data.

Attribute-based access control (ABAC) for scale: Okera makes it easy to create and manage data access control policies through tags, ensuring that policies are linked to business and regulatory context. ABAC can simplify the amount of policies required to protect sensitive data and, with tags applied automatically when data is registered in Okera, creates an effectively automated policy management. The platform does also allow for role-based access control (RBAC) for specificity and exceptions. Okera was designed from the ground up for maximum flexibility, scalability, and interoperability, able to support the tools of today and any that may be considered in the future. The platform is cloud-native with support for hybrid and multi-cloud infrastructure, and high-performing workloads with multiple concurrent users.

Dynamic Policy Authorization: Okera applies fine-grained data access control policies dynamically and consistently across all analytic tools. Eliminate the need to create multiple copies of a single dataset in order to control access for different use cases. With Okera, data access control policies are applied dynamically at run-time, so each user will only see the data they are authorized to view, ensuring secure data access. Okera’s policy library exists as a single source of truth that is applied consistently and transparently across all analytics tools. With an API-first design, it was built to support the multitude of tools and frameworks in the modern data-driven enterprise, empowering users and avoiding lock-in.

Meet the Leader

Nong Li is a Co-Founder and the CEO of Okera. He co-founded Okera in 2016. Prior to that, he led performance engineering for Spark core and SparkSQL at Databricks. Before Databricks, he served as the tech lead for the Impala project at Cloudera. Nong is also one of the original authors of the Apache Parquet project. He has a bachelor’s in computer science from Brown University.

“We make it easy for all data stakeholders to collaborate to define and evolve enterprise-wide data access policies, and Okera does the heavy lifting to enforce those policies.”