Cloud Architecture
Virtual Summit

Enterprise-Grade Integration Across Cloud and On-Premise

REGISTER

April 21, 2022

Online Conference

Ahana is adding additional security and control to its cloud-based Presto managed service. The enhancement aims to fortify next-level data lakes for 2022 analytics use cases. 

Ahana Cloud delivers a managed service for Presto which runs on Amazon Web Services to simplify open data lake analytics.  In specific, Ahana Cloud for Presto adds fine-grained access control for data lakes with multi-user support and audit support for all access.  

It also adds deep Apache Ranger integration. Apache Ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform, according to the project website

This latest set of improvements follow Ahana’s recently announced one-click integration with AWS Lake Formation, a service that makes it easy to set up a secure data lake in hours.

The additions for security and control also reflect the changing nature of the data lake in 2022, Ahana Co-founder and Chief Product Officer Dipti Borkar told IDN.  

“The challenge with data lake security is in its shared infrastructure, and as more data is shared across an organization and different workloads are run on the same data, companies need fine-grained security policies to ensure that data is accessed by the right people,” Borkar said.“

With these new security features, Ahana Cloud will enable faster adoption of advanced analytics with data lakes with advanced security built in,” she added.

The 2022 Era of Data Lake Requires More Security, Governance, Auditability 

“The data lake isn’t just the data storage it used to be,” Borkar said. “More companies are using the data lake to store business-critical data and running critical workloads on top of it, making security on that data lake even more important. With these latest security capabilities, Ahana is bringing an even more robust offering to the Open Data Lake Analytics stack with Presto at its core.” 

To understand why Ahana believes more security and control is essential to the next wave of adoption, Borkar told IDN that knowing the context of the data lake’s architecture over time is key. 

“We talk a lot about the Open Data Lake Analytics stack. Think “deconstructed database.” This is the architecture many companies are moving towards,” she said. This ‘de-constructed architecture” includes:

• the cloud data lake (AWS S3), 
• the data lake governance layer (AWS Lake Formation, Apache Ranger), 
• the transaction layer (Apache Hudi, Apache Iceberg, Delta Lake), and 
• the data lake query engine for data processing (Presto). 

“On top of the engine, users can run a multitude of workloads like reporting/dashboarding, SQL data science, and in-data lake transformation,” Borkar added. 

This all leads to a raft of benefits over older approaches. “Unlike the cloud data warehouse, the Open Data Lake Analytics gives companies much more flexibility without the need to ingest data and at a much lower cost,” he added. 

Power of Open Data Lake Analytics; Use Case Profiles 

The power of Open Data Lake Analytics also leads to new adoption patterns and valuable use cases, she told IDN. 

We’re seeing so many companies, both midmarket and enterprise, moving to the data lake and using it as the central repository for all of their data sources. And that’s no surprise given it’s easy, it’s flexible, and it’s much cheaper than the data warehouse. With nearly all enterprise, third-party and streaming data living in the lake, security is top of mind for data platform teams. In addition, with multiple types of data processing happening on that data, a unified governance layer has emerged on top of data lakes. 

And with new ways to leverage data for analytics and insights, Borkar also explained the increased need for security and governance.

When our customers discuss their security and governance needs with us, it’s mostly centered around making sure data is accessible to those who have been approved for access to it (and, by default, not accessible to those who aren’t). Users want protection at a much finer level of granularity of data. In addition, they are looking for deeper integrations into security services and projects that they may already support. 

 

Data has to be authenticated and authorized in a unified way - the right people need the right access to their data, and that’s why we focused on bringing these features to the Open Data Lake Analytics stack. 

 

Ahana’s newest features include multi-user support so admins can easily manage other users, including what level of access users get, Apache Ranger support to enable authorization up to the column level across all clusters, audit support which allows for the centralized auditing of user access based on permission levels, and integration with AWS Lake Formation for fine-grained access controls with Ahana-managed clusters.

Security, Control Benefits of Ahana Cloud’s Plug-in for Apache Ranger

One notable addition among the Ahana updates is its new support for Apache Ranger via an open source plug-in. This allows users to enable authorization in Ahana-managed Presto clusters with Apache Ranger for the Hive Metastore or Glue Catalog queries, including fine-grained access control up to the column level across all clusters. 

As Ahana’s website describes it, “In this newest release of the Ahana and Apache Ranger plug-in, all of the open source Presto and Apache Ranger work is now available in Ahana and it’s now incredibly easy to integrate through just a click of a button.” 

Borkar further shared how customers benefit from Ahana’s Apache Ranger integration via the plug-in. 

Ahana’s Apache Ranger plugin allows users to enable role-based authorization in Ahana-managed Presto clusters for Hive Metastore or AWS Glue catalog queries. That includes fine-grained access control up to the column level across all clusters. Plus, policies from Apache Ranger are now cached in the plugin for little to no query time latency impact.

 

 The Apache Ranger plugin gives our customers an open source solution at the security layer, which is important in the Open Data Lake Analytics stack. The integration also enables audit support, which allows for centralized auditing of user access on Ahana-managed Presto clusters. For example, you can track when users request access to data and if those requests are approved or denied based on permission levels.

 

In terms of ease-of-implementation, the plugin can be enabled in just a few clicks on the Ahana SaaS console. What used to take weeks of effort is now reduced to just a few hours because all of the backend operations are taken care of through Ahana’s managed service. 

This more seamless support means “customers can easily add role-based authorization. Policies from Apache Ranger are also now cached in the plugin to enable little to no query time latency impact.

Previously, support for Apache Ranger was only available in open source using complicated config files.” 
Notably, Ahana’s latest Apache Ranger integration closely aligns with the projects expanding goals for the Hadoop ecosystem in order to support secured data lakes to power new-gen analytics.  Apache Ranger’s website states it has the following goals:

• Centralized security administration to manage all security related tasks in a central UI or using REST APIs.
• Fine grained authorization to do a specific action and/or operation with Hadoop component/tool and managed through a central administration tool
• Standardize authorization method across all Hadoop components.
• Enhanced support for different authorization methods - Role based access control, attribute based access control etc.
• Centralize auditing of user access and administrative actions (security related) within all the components of Hadoop.

Beyond Apache Ranger support, Ahana for Presto also adds: 

• Multi-user support for Presto: Data platform admins can now seamlessly manage users without complex authentication files and add or remove users for their Presto clusters. Unified user management is also extended across the Ahana platform and can be used across multiple Presto clusters. For example, a data analyst can access the analytics cluster but not the data science cluster.
• Multi-user support for Ahana: Multiple users are now supported in the Ahana platform. An admin can invite additional users via the Ahana console. This is important for growing data platform teams.
• Audit support: With extended Apache Ranger capabilities, Ahana customers can enable centralized auditing of user access on Ahana-managed Presto clusters for comprehensive visibility. For example, you can track when users request access to data and if those requests are approved or denied based on their permission levels.
• AWS Lake Formation integration: Enforce AWS Lake Formation fine-grained data lake access controls with Ahana-managed Presto clusters.

Ahana Cloud adopters applaud the extra security and control features. One such user is supply chain platform provider Cartona.

Omar Alfarghaly, Cartona’s head of data science said, “Over the past year, we've been thrilled with what we've been able to deliver to our customers. Powered by Ahana, our data platform enables us to remain lean, bringing data to consumers when they need it. With advanced security and governance, we can ensure that the right people access the right data.”