Skip to content

Introduction

What is Satori?

Satori is a secure data access platform that enables secure and compliant self-service access to data. Unlike relying on native database capabilities or data management solutions, Satori's Secure Data Access Platform is designed to integrate seamlessly into existing data operations with no interruptions.

Data engineers who are frustrated with their ability to monitor data access and implement security and privacy best practices for their database, data warehouse and data lake environments.

Satori is optimized for organizations who operate in the public cloud and collect or generate sensitive or regulated data as part of their operations, and have analysts, data scientists or BI teams accessing that data to build innovative products and services or operate existing ones.

Simplifying Data Governance with Satori

Satori helps organizations simplify data governance by deploying a transparent layer of visibility and control in front of their data stores. Satori is transparent because aside from accessing the data store using a new, Satori-provided URL, Satori doesn't require you to replace database drivers, code libraries, SQL dialect, authentication schema or configure anything on your data store. In fact, Satori doesn't even require credentials to access your data store. See the Architecture section below for more information on how we're able to do that.

The two main objects that organizations need to manage in order to operate a data governance on Satori are Data Stores and Datasets.

Data Stores

A data store represents a database server, data warehouse or a data lake. Here are a few examples of data stores: a Snowflake account in AWS us-east-1, an AWS RDS PostgreSQL database on AWS eu-west-1, one or more BigQuery projects, a SQL Server database cluster on Azure, an AWS Redshift cluster on us-west-2 and so on.

Data stores in Satori are managed by data engineers who were granted with the Admin or Editor role in the Satori management console. Each data store has a unique, Satori-generated URL that is created when a data engineer registers the data store in the management console. Registering a data store has no impact on the data store itself.

To learn more about data stores, how to register them with Satori and connect to them via Satori, look for the specific data store in the Supported Data Stores section.

Datasets

Datasets represent a collection of data that needs to be governed as a single unit, and that is owned by a business function. For some organizations, an entire Snowflake account can be viewed as a single dataset, because managing access to the data in the Snowflake account would be done centrally. For other organizations, individual tables within a Snowflake account can be viewed as a dataset, because each table has data that is owned by a different business function and managing access to each dataset should be performed separately.

Datasets are a collection of data store locations. A location can be thought of as a database object such as a table, schema, database or even an entire data store. Datasets can contain locations from multiple data stores. Datasets are created by data engineers, as part of the data development life cycle. Data engineers can then optionally delegate the day to day management of access to data by assigning data stewards to datasets. Data stewards are employees from the different business functions that were assigned with the task of implementing the organization's and function's data governance policies.

Data stewards can can manage the tagging of data with metadata tags, grant or revoke access and set permission policies and implement custom data access policies on the datasets they manage. To learn more about datasets, go to the Datasets section.

Screenshot

Architecture

Satori is a proxy service that sits between users and data stores. When administrators add a new data store to Satori, a new endpoint is generated for the data store which users should connect to instead of the original data store hostname. Satori is transparent to users - other than the endpoint change, users use the same tools and get the same user experience as before. Satori is also transparent to data stores - the same authentication, authorization and auditing work the same way as before.

Screenshot

Management Console

Satori customers log in to https://app.satoricyber.com to manage the access to their data stores, view reports, investigate incidents and update configuration. The management console is a SaaS application with 100% API coverage.

Data Access Controller (DAC)

The DAC is where Satori's security engine is deployed. DACs can be consumed as a service or customer hosted. DACs auto-scale to support any number of users and data stores, and customers can use as many DACs are they need. Please see the deployment section for more details.