The Open Web App Security Project has released its Top Ten list of vulnerabilities in web software, as part of the general movement to make software less painfully insecure at the design stage. This year's current number one web app security flaw is Broken Access Control, with OWASP glumly noting: "The 34 CWEs* mapped to Broken Access Control had more occurrences in applications than any other category."
Immuta announced it is now available to provide automated data access control in Snowflake's Partner Connect portal. While Snowflake Partner Connect originally focused primarily on ETL tools, the partner portal is now expanding to include tools in the data governance and access control ecosystem.
Immuta launched new SaaS deployment option, enabling data teams to implement data access control across their entire cloud data environment in minutes. Modern data teams are moving to pure SaaS deployments for all of their analytics and data science, and they want access control delivered in the same way.
Continuing its commitment to providing these options, HID Global announced the implementation of the latest MIFARE DESFire EV3 credential. "Our credential based on NXP MIFARE DESFire EV3 delivers this technology's full range of advanced security and privacy capabilities and reinforces them with HID's powerful model for identity data protection," said Harm Radstaak, Senior Vice President and Head of Physical Access Control Solutions with HID Global.
Cloud data access control solutions provider Immuta this week announced raising $90 million in Series D funding, which brings the total capital invested in the company to $169 million. Founded in 2015, the Boston-based company offers a platform that data engineers and DataOps teams can use to automate data governance, security, access control and privacy protection.
Immuta will use the investment to further its market leadership position and capture rising demand for centralized, scalable access control across cloud data sets that are increasingly diverse and distributed on multiple compute platforms. "We've entered a new era in data and analytics fueled by ubiquitous cloud storage, new cloud data management tools, and the rise of DataOps," said Immuta's CEO Matthew Carroll.
Application data security provider Pathlock this week announced that it has raised $20 million in strategic funding led by Vertica Capital Partners. The funding round was announced in conjunction with a rebranding from Greenlight Technologies to Pathlock.
By natively supporting popular cloud data platforms, Immuta now provides a single, powerful solution for data teams to automate cloud data access control, discovery and classification, and privacy protection-significantly improving productivity, unlocking more data for more data consumers, and minimizing the risk of data leaks or breaches. Immuta also unveiled new research that suggests the majority of data-driven organizations will adopt multiple cloud data platforms and utilize sensitive data for analytics, creating a large market need for centralized cloud data access governance.
Featuring a new, native integration with Starburst, Immuta's Automated Data Governance platform enables data engineering and DataOps teams to automatically detect sensitive data, write and enforce fine-grained access control policies, and provide an active data catalog of Starburst Presto and other cloud services. "Starburst is a natural partner for Immuta. Both companies are focused on helping data-driven organizations maximize the value of data across complex data platforms and architectures by not just separating data storage from compute, but also separating compute and access control," said Chris Devaney, Vice President, Alliances with Immuta.
Object Ownership is a permission that can be set when creating a new object within an S3 bucket, to enforce the transfer of new object ownership onto the bucket owner. "With the proper permissions in place, S3 already allows multiple AWS accounts to upload objects to the same bucket, with each account retaining ownership and control over the objects. This many-to-one upload model can be handy when using a bucket as a data lake or another type of data repository. Internal teams or external partners can all contribute to the creation of large-scale centralized resources," explained Jeff Barr, Chief Evangelist for AWS. But with this set up, the bucket owner doesn't have full control over the objects in the bucket and therefore cannot use bucket policies to share and manage objects.