Skip to main content

Pillar 1: Security

The security pillar is essential to ensuring that your data is secured properly when using Dremio Cloud to query your data lakehouse. The security components are especially important to architect and design your data platform. After your workloads are in production, you must continue to review your security components to ensure compliance and eliminate threats.

Principles

Leverage Industry-Standard Identity Providers and Authorization Systems

Dremio Cloud integrates with leading social and enterprise identity providers and data authorization systems. For robust enterprise integration with corporate policies, it is essential to leverage those third-party systems. We recommend systems that use multi-factor authentication methods and are connected to single sign-on (SSO) platforms.

Design for Least-Privilege Access to Objects

When providing self-service access to your data lakehouse via Dremio Cloud’s semantic layer, access should only be granted to the data that is required for the role accessing the data.

Best Practices

Protect Access Credentials

Where possible, leverage identity providers such as Microsoft Entra ID (formerly Azure Active Directory) and Okta in conjunction with System for Cross-domain Identity Management (SCIM) where applicable to ensure that you never need to share passwords with Dremio Cloud. SSO with Microsoft Entra ID or Okta is also recommended where possible.

Leverage Role Based Access Controls

Access to each Arctic catalog, folder, view, and table can be managed and regulated by roles. Roles are used to organize privileges at scale rather than managing privileges for each individual user. You can create roles to manage privileges for users with different job functions in your organization, such as “Analyst” and “Security_Admin” roles. Users who are members of a role gain all of the privileges granted to the role. Roles can also be nested. For example, the users in the "UK" role can automatically be members of the "EMEA” role.

Access control protects the integrity of your data and simplifies the data architecture available to users based on their roles and responsibilities within your organization. Effective controls allow users to access data that is central to their work without regard for the complexities of where and how the data is physically stored and organized.