We use machine learning technology to do auto-translation. Click "English" on top navigation bar to check Chinese version.
Announcing the Data Fabric Security on Amazon Web Services solution
Federal customers are often challenged by integrating data across multiple systems and providing federated access to authenticated users operating across multiple organizations. These challenges are rooted in siloed data repositories, decentralized and incompatible identity data types, and a lack of unified data access control across disparate organizations. To support federal customers in addressing these challenges, Amazon Web Services (Amazon Web Services) developed the Data Fabric Security (DFS) on Amazon Web Services solution to support the identity and access needs of a multi-organization system. With DFS on Amazon Web Services, federal customers can accelerate joint interoperability, modernization, and data-driven decision making in the cloud by removing barriers that prevent systems and users from communicating while still strengthening security via Zero Trust principles.
The DFS on Amazon Web Services solution delivers to customers a secure identity aggregation, data access, and data governance-at-scale solution which is optimal for large-to-enterprise use cases. Deploying a security substrate composed of centralized data governance and identity aggregation layers, DFS on Amazon Web Services provides fine-grained attribute-based access controls (ABAC) that leverage a modern identity, credential, and access management (ICAM) architecture to address identity and access management challenges.
Implementing a
“The goal of our Data Fabric Security solution is to make it easier for our customers to share and integrate data across their enterprise,” said Rob Nolen, the Amazon Web Services chief technologist for U.S. Department of Defense (DoD). “By decoupling identity from authentication, customers can leverage robust identity attributes to develop powerful attribute-based access control policies. This will facilitate agile and secure data sharing with their providers. Radiant Logic and the Immuta Data Security Platform are key pieces of this puzzle, enabling safe, compliant data analysis and collaboration at scale between data platform, security, and compliance teams. We’re thrilled to be joining forces in our effort to remove the bottlenecks in this process and empower our customers with the timely analytics and data sharing capabilities they need and deserve.”
DFS on Amazon Web Services was built by Amazon Web Services using
Key elements of Data Fabric Security on Amazon Web Services
There are four key elements to the DFS on Amazon Web Services solution that help large-scale and enterprise customers better manage users, data, and applications.
- Automated containerized deployment: DFS on Amazon Web Services provides an automated, turnkey deployment of identity unification, data access, and governance capabilities. Leveraging infrastructure as code (IaC) and containerization means that customers benefit from an already-integrated solution that’s pre-configured with all requisite resources and components.
- Unified identities as a single “global” identity: The Radiant Logic component of the solution merges identities from diverse sources and rationalizes them, providing a unified list of users with no overlap, along with their complete identity profiles (attributes). Immuta, the data security component of DFS on Amazon Web Services, then points to Radiant Logic as the single source of truth for authentication and authorization, which makes sure access controls are properly enforced. Radiant Logic can transform and translate identity data to meet each querying system’s requirements.
- Implementation of Zero Trust with ICAM and ABAC: Radiant Logic serves as the policy information point, verifying identities and retrieving attributes. Immuta serves as the policy administration and policy decision point, authoring and evaluating policies to be enforced on the data stores being queried. DFS on Amazon Web Services allows the customer to build plain-language data access policies via Immuta that use the identities and attributes stored in Radiant Logic to automate data privacy and governance. Immuta can create data policies once and enforce them across new and existing users while providing access at the column-, row-, and cell-level.
- Highly-available, scalable solution: Built with Amazon Web Services, DFS on Amazon Web Services offers high availability and fault tolerance – integral requirements for data sharing and analysis across multiple, always-on environments. DFS on Amazon Web Services is a multi-Availability Zone (AZ) deployment using
Elastic Load Balancers to distribute incoming application traffic across multiple targets, allowing it to scale up or down based on ever-changing demand.
How to deploy DFS on Amazon Web Services
The DFS on Amazon Web Services solution provides an overview, deployment guide, and information regarding associated Amazon Web Services costs and how to obtain licenses. The Amazon Web Services Cloud products deployed to run the DFS on Amazon Web Services solution in a non-critical sandbox environment with no activity or workloads include the following:
- One (1) Amazon EKS cluster
- Three (3) m5.2xlarge EC2 instances (across two AZs in an Auto-Scaling Group)
- Two (2) Elastic Load Balancers – classic (one each for Radiant Logic and Immuta)
- Amazon Route 53 (one hosted zone, two records)
A DFS on Amazon Web Services IaC deployment launches the above core metered products or services. Amazon Web Services Partners should use these services to quote pricing. Amazon Web Services Partners can also get up-to-date pricing on Amazon Web Services Cloud Services from the
Both Radiant Logic and Immuta products require licenses. Customers can contact
To learn more about DFS on Amazon Web Services, please
Learn more about
The mentioned AWS GenAI Services service names relating to generative AI are only available or previewed in the Global Regions. Amazon Web Services China promotes AWS GenAI Services relating to generative AI solely for China-to-global business purposes and/or advanced technology introduction.