Enterprises have an expansive and expanding digital landscape that creates a significant amount of security telemetry and data. This data can be critical and be useful in understanding and protecting the business. For teams to achieve their tactical and strategic objectives, including security and compliance operations goals, understanding data federation can help them choose the best approach and strategy for them. Luckily, organizations can consider more than one approach which can help them:
Reduce overall data management burden
Reduce total cost of ownership
Increase data portability, usability and reliability
What is data federation?
Data federation is an architectural implementation in which the storage functionality (e.g. create, read, update and delete, also known as CRUD) for an application is delegated to a remote data repository which manages the storage and responds to data usage instructions from the application.
Data stewards and consumers struggle with getting value from “big data,” and the data federation strategy they choose can help them get better insights. Some desirable outcomes from managing big data include:
Cost management: Consolidating data rather than making copies that need to be stored in their own separate repository.
Data virtualization: Providing a way to connect systems for querying data across multiple sources rather than requiring users to query individual, siloed repositories.
Data deduplication: Integrating data to reduce redundancies from copying data into a database and other services
Scalability: The capability to more data storage as the amount of data grows, which may include using multiple locations
Data security: Consistently applying user access controls within a centralized system to maintain the principle of least privilege for sensitive data, despite multiple data sources with inconsistent access hierarchies.
Data privacy: Maintaining appropriate access controls to protect privacy as it pertains to the individual associated with a particular data point
Normalization: Standardizing data formats derived from various, disparate sources to break down data silos and provide a uniform view.
Data sharing: Centralizing data access controls to foster data-driven collaboration across internal and external business partners
Federation Approach
Data Residency
Location of Queried Data
Data Schema Outcome
Close-Coupled
Centralised
Local
Normalised
Data-Fabric
Centralised
Remote
Matrixed
Inter-Platform
Remote
Remote
Fractionally Normalised
Reductive
Remote
Remote
Default State
What are the four main approaches to security data federation?
There are four main approaches to security data federation:
Organizations can choose more than one approach depending on their business needs and use cases. However, aligning to a strategy requires organizations to examine how the vendors in their technology stack federate the data. Vendors often make data federation decisions that they prefer, so choosing the right vendor matters. As organizations embrace cloud-based storage and real-time data analytics, they must balance costs and data retention, which are partly driven by the company’s retention policy and the regulations they adhere to. Some industries may have more stringent regulatory compliance requirements and business needs. These data retention policies may require long-term storage that can result in higher costs.
With insight into the different federation models that security tools use, organizations can make informed decisions about vendor solutions to better align their strategic and tactical objectives.
