Presentation is loading. Please wait.

Presentation is loading. Please wait.

DAC’ing and SMAT’ing UW Data: A Primer on the intersection of data governance and data security at University of Washington Anja Canfield-Budde Senior.

Similar presentations


Presentation on theme: "DAC’ing and SMAT’ing UW Data: A Primer on the intersection of data governance and data security at University of Washington Anja Canfield-Budde Senior."— Presentation transcript:

1 DAC’ing and SMAT’ing UW Data: A Primer on the intersection of data governance and data security at University of Washington Anja Canfield-Budde Senior Manager, Decision Support Services

2 UW Data Map (aligns business and data perspectives)
The University of Washington’s data governance committee, called Data Management Committee (DMC), developed the UW Data Map in 2007 as conceptual representation of University’s business areas (lines of business), and express them in terms of data. Data Map has many functions, such as serves as roadmap for building out EDW.

3 UW Data Map (defines data custodians and trustees)
Also serves a classification that defines data custodians and trustees. The 7 main subject areas are further classified into data domains, or subareas. It is at this level that data stewards have been identified.

4 Roles and Access Matrix (defines roles and access privileges)
In 2008, these data stewards got together to develop a framework for managing access to data. The UW Data Map is again the anchor point for these security classifications in the following way. Across all subject areas, a Role and Access Matrix defines a finite set of 14 roles, and for each role, describes fine-grained access privileges at the row and column level. The matrix translates federal and state regulations around data security and applies them to data areas. Access is granted by role, across subject areas, at the data level (versus upon access to the data at the BI level).

5 DAC Hundreds of tables Thousands of users
One data security model. Period. Roles Matrix DAC consumes from Roles tool, SMAT & EDW to create secured views Custodians use Roles Matrix to assign people to roles DAC Secured Views Custodians use SMAT to map data to roles SMAT Security Metadata Administration Tool The technical implementation of this conceptual framework has two parts to it: 1) a backend mechanism that creates security views according to the classifications set forth in the Matrix; we call this the Data Access Control (DAC), a system developed in-house and patent pending; a web front end in which data custodians manage access to EDW data in accordance with Roles and Access Matrix (Security Metadata Administration Tool – SMAT) To summarize, data stewards then have two responsibilities here to translate the theoretical framework into practice: 1) they classify users into one of these 14 roles; 2) they apply the security classifications to the data itself. Diagram shows how the pieces work together: Custodians use Roles Matrix to assign people to roles; Custodians use SMAT to map data to roles, and assign access privileges to data. The DAC consumes information from Roles tool, SMAT and the EDW to create security views. Security views dynamically show only the data a user is allowed to see. When a user logs in, he/she see the data they are authorized for. Note that because security is applied at the data level, any user can run any report, but the information they see depends on the breadth of their permissions. Data Access Control System v1.0 Patent Pending Dynamically serve only the data allowed EDW Stores data from subject areas across the University Enterprise Data Warehouse User A No restrictions User C Row restrictions User B Column restrictions

6 Security Metadata Administration Tool (SMAT)
Lets Data Custodians manage access to EDW data in accordance with Roles and Access Matrix Screen short of SMAT.

7 Data Security results in rapid growth for BI
Data access control governance and system enabled consistent, scalable, and broad access to all EDW data 2010 New online presence and user forums increase awareness and data usage New analytics and visualization tools provide easier access to data and promote understanding of activities and trends As a result of implementing access controls, development of BI and access to BI has skyrocketed from handful of users and reports in 2009 to 5000 and hundreds of reports, cubes and visualizations today. “Freeing The Data” First investment in reporting tools, finance and HR only

8 Tools for Custodians and Users
Financial Resources (blue) Human Resources (purple) Academics (yellow) Research (red) BI Portal: Using the UW Data Map as your visual guide, you can find any data that’s available in EDW: by how you want to view the data (report, cube), by data source (table, database), by person/group that created or supports the artifact, or by data definition. Administrative Reports show Who Has Access to which data. In summary: up front cost was high (develop matrix, develop tools, develop processes), but relatively short (processes, frameworks years; tools 6-9 months). Ongoing investment and maintenance extremely low, easy to manage.

9 Tools for Custodians and Users
Multiple Ways to search data - by Name, Subject, Support Group, Table & Database

10 Learn More UW Data Governance: http://www.washington.edu/uwit/im/dmc/
UW Data Warehouse and BI: Contact me directly: Anja Canfield-Budde

11 Appendix

12 UW Data Warehouse Holdings


Download ppt "DAC’ing and SMAT’ing UW Data: A Primer on the intersection of data governance and data security at University of Washington Anja Canfield-Budde Senior."

Similar presentations


Ads by Google