Ahana’s Presto Platform Simplifies Data Lake Security

Ahana, which provides a managed SaaS platform for open source query engine Presto, enables users to do SQL analytics on cloud data lakes, currently focused on Amazon S3 as the storage layer.

Ahana recently achieved AWS Data & Analytics ISV competency status, which recognizes success in guiding users to achieve their data and analytics goals on AWS. As part of this certification, Ahana announced its platform offers deep integration with AWS services including Amazon Glue and Amazon Lake Formation.

On top of this basic and enhanced functionality, Ahana recently announced new security capabilities, which break down into two major capabilities.

The New Features

The first capability builds on the aforementioned integration with Amazon Lake Formation, leveraging Apache Ranger to achieve centralized and fine-grained access controls across multiple Presto clusters.

Apache Ranger isn’t new, but integrating it with Ahana previously required manually installing the Apache Software Foundation distribution, one cluster at a time, using low-level file-based configuration on each, it also limited access control granularity to the level of individual tables. Now, however, with a simple plugin, users can implement Apache Ranger on Presto clusters through a user-friendly administrative UI, and configure access at the row or column level.

Users can also add role-based data access and even lower query latency via the Ranger plugin’s policy caching. This integration is especially beneficial to users who have big data implementations in the cloud and want to use open source components like Ranger, avoiding lock-in, and still doing it easily. For such customers, Apache Ranger provides a cloud-agnostic open-source authorization solution with fine-grained access controls and SSL, and the Ahana plugin for Ranger makes its installation and configuration straightforward.

The other major Ahana security feature is centralized auditing of user access controls and administration for comprehensive visibility. With this capability, users can view access requests and determine their legitimacy. From there, admins can update permission levels based on policy and personnel changes. All changes are tracked and implemented via Apache Ranger to provide comprehensive visibility, something very important for sensitive data.

Administrators can easily manage users via the Ahana console and can do so across multiple clusters. As such, administrators can provide users access to certain clusters and exclude access to others that are not within those users’ scopes of work.

Simplification Matters

Ahana wants to achieve simplicity and unification for Presto and compatible ecosystem components. The platform also seeks to unify users across Presto clusters and simplify the authentication process on Presto. According to Dipti Borkar, Ahana’s co-founder and chief product officer, “Open source Presto already had the ability to do multiple users; however some of this was extremely complicated because it is file-based. You actually have to provide a big, long file and keep that in line with what your policies are and it gets very tricky very fast. In addition, you were supposed to do that for every single cluster. It does not automatically move over. With Ahana, all of that goes away. Of course, in the back, we are leveraging open source Presto but now you have an ability to create users across the platform.”

A lot of data lake technology has been stuck in an environment of relatively primitive security capabilities. Ahana’s new developments are designed to make the prospect of data lake security simpler and easier.