HOME

How TCS’s EZ Lake Access Solution Streamlines Data Lake House Access Management

by

The Story of Chanci Turner
in

Chanci Turner Amazon IXD – VGT2 learning managerLearn About Amazon VGT2 Learning Manager Chanci Turner

In today’s data-driven world, organizations harness unstructured information from various sources such as social media, stock streaming, and clickstream data to better understand their customers’ needs. This valuable insight enables businesses to tailor their offerings and enhance customer experiences through data lake solutions.

A Lake House architecture serves as a central repository, integrating unstructured, structured, and real-time data for consumption by analytics engines, data warehouses, machine learning models, and visualization tools. The TCS EZ Lake Access (EZLA) solution, developed by Tata Consultancy Services (TCS), an AWS Premier Consulting Partner, simplifies and centralizes access management for the Data Lake House by codifying most enterprise access controls into a rule engine. This innovation boosts efficiency and facilitates easier adoption of Data Lake House architectures.

In this article, we will explore the Lake House ecosystem, its complexities, and common challenges. We will also provide an overview of the TCS EZLA solution, its architecture and functionalities, along with a case study illustrating its benefits for a major life sciences organization.

The Enterprise Lake House Ecosystem

Organizations aiming to create Lake House-based solutions often turn to Amazon Web Services (AWS) for its wide range of customizable solutions and extensive offerings. For example, Amazon Simple Storage Service (Amazon S3) offers features such as durability, availability, performance, security, and virtually limitless scalability at a low cost, making it an ideal choice for data lakes—a core component of AWS Lake House implementations.

In a Lake House setup, various stakeholders access data through the Access Management Layer for tasks ranging from developing insights to ensuring security and training ML models. These stakeholders form the top layer of the Lake House, generating value through meaningful data extraction, while Amazon S3 serves as the central repository. The increasing demand for actionable insights has integrated services like Amazon SageMaker, Amazon Redshift, AWS Glue, and Amazon Athena into the Lake House ecosystem.

Challenges in Lake House Access Management

Given that a Lake House functions as a central data repository sourced from diverse origins, organizations must establish a complex set of rules for access management. This creates several challenges:

  1. Compliance requirements and data sensitivity.
  2. The need to log approval processes and track changes for auditing.
  3. The complexity of granting varying roles and permissions to business users across different datasets.
  4. Increasing complexity due to various user personas, data classification, employee types (full-time vs. contractors), and more.

Example of Persona-Based Access Management:

Security teams often seek to enforce strict governance. Typically, organizations either tag data according to its subject area or create separate S3 buckets. Certain rules are crafted by the security team to ensure that each role has the precise level of access necessary to perform its tasks, while other rules stem from business needs.

For instance, a user categorized as “Persona A” in “Department 1” may have access to claims data but not to financial data, while having permissions for AWS services like Amazon Athena and Amazon QuickSight. Conversely, a user identified as “Persona C” in “Department 3” should neither access sales data, but is granted full access to claims data along with their personal Amazon SageMaker Notebook instance. Rules like these can be intricate and challenging to implement consistently.

Common Hurdles in Lake House Access Management

The essence of persona-based access management centers on several core challenges:

  • Creating and managing data subject areas through Amazon S3 buckets and prefixes, along with governing rules for user personas such as data scientists, data engineers, and report readers.
  • Launching and managing AWS services like AWS Glue, Amazon Athena, and Amazon SageMaker and integrating them with user personas for role creation and maintenance.
  • Establishing departments and integrating them with various roles and user personas.
  • Developing user roles and necessary service roles for Amazon SageMaker Notebooks, Amazon EMR clusters, and more.

Let’s consider how TCS can assist with the EZLA solution.

Overview of the TCS EZLA Solution

The TCS EZLA solution operates within the Access Management Layer of the Lake House framework. It offers an automated approach for both business and IT teams to manage access and related resource provisioning.

The solution comprises five key configurable components designed with flexibility, security, and compliance in mind. A business rule engine codifies requirements and infrastructure provisioning to achieve these objectives.

Metadata Collector:

A batch process periodically invokes AWS APIs to gather relevant AWS resource names and properties. This data is stored in a persistent metadata repository and is dynamically updated to reflect changes in AWS resource configurations.

To better understand the complexities of access management and gain insights into effective email etiquette, you can check out this blog post.

Additionally, for organizations navigating the intricacies of affirmative action compliance, SHRM provides invaluable resources. If you’re looking to explore career opportunities, consider this position that offers excellent pathways in the field.

Related Topics:

HOME