Data governance startup Okera Inc. today added distributed stewardship features to its Okera Dynamic Access Platform, enabling large organizations to delegate and federate data access privileges across an organization.

The feature enables businesses to scale their data governance practices to levels that weren’t previously possible, the company said. Distributed stewardship is a permission-based framework that enables responsibility and accountability to be assigned to those closest to the data.

Not only is the model better suited to handle growth, but it invests stewardship in the people who are experts in their disciplines. That’s particularly important in an environment of growing regulation and sensitivity around privacy.

The capability permits organizations to manage data in two phases. In the first phase, technical professionals apply metadata, tag data sets and map business rules to data and schemas. In the second, responsibilities are split so that every unit in the business has greater autonomy over how they manage policies for their own data. “This gives you central control and guidelines on policies but then delegates the fine details down to the teams,” said Nong Li, Okera’s chief technology officer.

“To do this in the system holistically is quite hard, like giving up root privileges for Linux system administrators,” Li said. “It requires balancing central and hierarchical control.”

Okera sells primarily to very large organizations that already have a strong governance policies in place or are in the process of developing them, said Chief Executive Nick Halsey. “If they have a data lake, a data catalog and a chief data officer, those are markers of an organization that is ready to administer policy at scale,” he said.

The company said its centralized reporting ensures that organizations can delegate responsibility while still tracking and reporting on how effectively that authority is being used. Its governance engine can connect to and register data from a wide variety of cloud and on-premises data platforms and optionally enforce policies within the platforms themselves for cases in which data must be hidden, de-identified, filtered or otherwise transformed to comply with policies.

Controls can be centralized to the extent the organization requires, Li said. “We can say that Social Security numbers can only be seen by a vice president and above, employee IDs should be tokenized within the human resources department department or that nobody in the customer success organization should have anything but read access to data,” he said.

In the same way that the COVID-19 pandemic has focused organizations on abstracting identity management into a platform that can be governed across a distributed organization, “you need to do that with data privacy too,” Halsey said. “There’s no way to maintain all those policies without abstracting them so they’re consistent regardless of whether data is being called by a business intelligence tool, machine learning or an application.”

The new features will be incorporated into the high-end edition of Okera’s Dynamic Access Platform, which is sold in three tiers targeting different-sized businesses.

Image: Pixabay