Ahana Cloud Inc., which sells commercial and managed versions of the Presto open-source distributed query engine, today announced what it says are significantly improved security features on its cloud service, including multi-user support, fine-grained access controls for data lakes with Apache Ranger and audit support.

Ahana is one of the startups benefiting from growing interest in the concept of a “data fabric,” in which analytical data is kept and accessed at the point of origin rather than loaded into a data warehouse. Its engine enables users to query data using the popular SQL query language.

Presto was created at Meta Platforms Inc. (formerly Facebook Inc.) and released to open source in 2015. It’s known as a high-speed, in-memory query engine that operates across data lakes comprised of both structured and unstructured data from multiple sources without requiring data to be copied or transformed.

Warehouse-style security

Data warehouses have tightly integrated security functions, but those don’t exist on object storage such as Amazon Web Services Inc.’s S3, which now hosts about 15 trillion objects, according to Dipti Borkar, Ahana’s co-founder and chief product officer. “If an analyst wants to access the data lake, maybe you don’t want them to have access to the entire data science cluster,” she said.

AWS provides data lake security with its Lake Formation service, which Ahana supports. Users who want to use multiple cloud platforms typically use Apache Ranger. Ahana built and released to open source a Ranger plug-in that allows users to enable authorization in Ahana-managed Presto clusters with Apache Ranger for both the Hive Metastore and Glue Catalog queries.

“We’ve now integrated it into Ahana with features like policy caching and a seamless user experience,” Borkar said. “Platform engineers who may not be familiar with distributed systems can now click and add an authentication service, add credentials and in a few hours have Ranger integrated with Presto. Whether you have Glue, Hive or others, it all works seamlessly.”

Ranger integration allows access control down to the column level across all clusters while AWS’ Lake Formation goes a level deeper to the cell level. Borkar said it’s unclear whether that level of granularity is needed for Ranger environments.

Multi-user support for Presto lets administrators manage users without authentication files and also add or remove users for Presto clusters. Unified user management also extends across the Ahana managed server and multiple Presto clusters. Operations are simplified because administrators can invite additional users via the Ahana console.

New audit support features enable centralized auditing of user access on Ahana-managed Presto clusters. For example, administrators can track the date and time that users requested access to data and determine if those requests were approved or denied based on their permission levels.

“Every access is now tracked, so data platform engineers have full visibility into what’s going on,” Borkar said. Secure Sockets Layer encryption is applied in transit.

Ahana reference architecture image: Ahana