Announcing Cloudera Observability: Monitor and optimize deployments across hybrid cloud. Get the details
Overview
SDX makes Cloudera secure by design with consistent policies everywhere.
SDX is a fundamental part of Cloudera architecture, unlike other vendors’ bolt-on approaches to security and governance. Independent from compute and storage layers, SDX delivers an integrated set of security and governance technologies built on metadata and delivers persistent context across all analytics as well as public and private clouds. Consistent data context simplifies the delivery of data and analytics with a multi-tenant data access model that is defined once and seamlessly applied everywhere.
SDX reduces risk and operational costs by delivering consistent data context across deployments. IT can deploy fully secured and governed data lakes faster, giving more users access to more data, without compromise.
The SDX difference: Metadata and context
 SDX goes beyond traditional structural metadata to also capture operational, social, and business characteristics. Context ensures data access as well as its use is always authorized, tracked, and audited.  
      Use cases
- Quickly onboard new data
- Configure multi-tenant data policies
- Expand data access safely
- Meet regulatory compliance
Quickly onboard new data
Automatically classify and characterize new data, ensuring corporate standards and compliance are met.
Making new data available to end users as fast as possible is a challenge due to the time it takes to understand the information and identify the appropriate policies. Cloudera Data Catalog classifies and categorizes data as it arrives, which triggers the right policies in Apache Ranger and tracks lineage in Apache Atlas, proving compliance.
 
   
    
Configure multi-tenant data policies
Apply policies to ensure users and groups have access only to the data they are entitled to use.
Platform administrators and architects can create and manage access policies to deliver the same data to different users or groups either as-is, obfuscated, or hidden, all based on attributes and classification. Based on Apache Ranger, SDX eliminates the copying of data and ensures consistent application of governance and compliance rules.
Expand data access safely
Scale users and groups having access to data in a secure and automated fashion.
Companies are trying to give more of their users access to more data and analytics so they can make better, data-driven decisions. With data lineage and classification based on Apache Atlas, companies can ensure that this expansion of data access meets regulatory compliance and reduces manual labor and time to do it.
Meet regulatory compliance
Achieve compliance, avoid financial penalties, and bolster trust in the marketplace
Regulatory compliance (e.g. GDPR and CCPA) demands a modern data architecture that decreases business and security risks stemming from ever-expanding data privacy requirements. SDX identifies and manages sensitive data for compliance without disruption to business processes and provides consistent security and governance transparently across all data and deployments.
 
   
    
BCP
Onboarded new data sets and drove an additional US$76 million in deposits annually
90TB of data from mainframe and data warehouse quickly made available for analysis.
 
   
    
IQVIA
Global multi-tenant data lake delivers safe and governed data access and queries
More than 2,000 users with self-service access to data for deeper, more accurate insights.
SDX includes Cloudera Data Catalog that provides a single pane view to administer and discover all data assets. The data is profiled and enhanced with rich metadata—including operational, social, and business context—creating trusted and reusable data assets and making them discoverable.
Easily create, manage, and maintain multi-tenant data access policies through standardization and seamless enforcement of granular, dynamic role- and attribute-based security rules. These capabilities eliminate business and security risks and ensure compliance by preventing unauthorized access to sensitive data as different groups apply various analytics.
Identify and manage sensitive data, and effectively address regulatory requirements with unified, platform-wide operations, including data classification, lineage, modelling, and auditing. Prove compliance throughout the complete data lifecycle and from ingestion to archive/purge with data management across all analytics and deployments.
Resources are deployed and automatically configured to use Kerberos, with Auto-TLS encrypting data as it transits the network. Data at rest, both on premises and in the cloud, is protected with enterprise-grade cryptography, supporting best practice tried-and-tested configurations.
Cloudera Replication Manager enables infrastructure-independence with the ability to intelligently move workloads as well as data, together with its context between on-premises data centers and multiple public clouds. Insights from key metrics like workload performance deliver smart recommendations for optimal resource utilization, balancing performance, cost, and resilience.
Secure by design
Nothing matches SDX's security framework that is integrated with Cloudera as standard
SDX’s data context architecture ensures Cloudera is secure by design, unlike the approach taken by other vendors where security is an afterthought or is bolted on. As a result, organizations can make new data available quickly and without compromise. SDX delivers comprehensive security right out of the box for both data lakes as they are deployed and data as it is used.
- Identities: Manage adding enterprise users and groups to multi-tenant clusters, reducing administrative burden
- Network: Configure Kerberos based authentication, TLS wire encryption, and DNS and proxies for web interfaces, ensuring consistently secure deployment
- Storage encryption: Enable encrypted data at rest across the platform, improving security and reducing risk
- SSO: LDAP-based authentication and authorization for services' web UIs, providing a seamless user experience
- Authorization: Manage data access on multi-tenant clusters with tag based policies, allowing safe expansion of data access.
- Lineage and audit: Access unified persistent audit and lineage across all deployments (transient or persistent, single or multi-user), proving compliance across the data lifecycle.
- Data stewardship: Discover, profile, curate, and tag datasets with business context, building trusted and reusable data assets

 
         
    
   