Enterprises have an expansive and expanding digital landscape that creates a significant amount of security telemetry and data. This data can be critical and be useful in understanding and protecting the business. For teams to achieve their tactical and strategic objectives, including security and compliance operations goals, understanding data federation can help them choose the best approach and strategy for them. Luckily, organizations can consider more than one approach which can help them:
- Reduce overall data management burden
- Reduce total cost of ownership
- Increase data portability, usability and reliability
What is data federation?
Data federation is an architectural implementation in which the storage functionality (e.g. create, read, update and delete, also known as CRUD) for an application is delegated to a remote data repository which manages the storage and responds to data usage instructions from the application.
Data stewards and consumers struggle with getting value from “big data,” and the data federation strategy they choose can help them get better insights. Some desirable outcomes from managing big data include:
- Cost management: Consolidating data rather than making copies that need to be stored in their own separate repository.
- Data virtualization: Providing a way to connect systems for querying data across multiple sources rather than requiring users to query individual, siloed repositories.
- Data deduplication: Integrating data to reduce redundancies from copying data into a database and other services
- Scalability: The capability to more data storage as the amount of data grows, which may include using multiple locations
- Data security: Consistently applying user access controls within a centralized system to maintain the principle of least privilege for sensitive data, despite multiple data sources with inconsistent access hierarchies.
- Data privacy: Maintaining appropriate access controls to protect privacy as it pertains to the individual associated with a particular data point
- Normalization: Standardizing data formats derived from various, disparate sources to break down data silos and provide a uniform view.
- Data sharing: Centralizing data access controls to foster data-driven collaboration across internal and external business partners
Federation Approach | Data Residency | Location of Queried Data | Data Schema Outcome |
---|---|---|---|
Close-Coupled | Centralised | Local | Normalised |
Data-Fabric | Centralised | Remote | Matrixed |
Inter-Platform | Remote | Remote | Fractionally Normalised |
Reductive | Remote | Remote | Default State |
What are the four main approaches to security data federation?
There are four main approaches to security data federation:
- Closed-coupled federation
- Data fabric federation
- Inter-platform federation
- Reductive federation
Organizations can choose more than one approach depending on their business needs and use cases. However, aligning to a strategy requires organizations to examine how the vendors in their technology stack federate the data. Vendors often make data federation decisions that they prefer, so choosing the right vendor matters. As organizations embrace cloud-based storage and real-time data analytics, they must balance costs and data retention, which are partly driven by the company’s retention policy and the regulations they adhere to. Some industries may have more stringent regulatory compliance requirements and business needs. These data retention policies may require long-term storage that can result in higher costs.
With insight into the different federation models that security tools use, organizations can make informed decisions about vendor solutions to better align their strategic and tactical objectives.