Steve Touw

Co-Founder and CTO, Immuta

Steve Touw is the co-founder and CTO of Immuta. He has a long history of designing large-scale geo-temporal analytics across the U.S. intelligence community – including some of the very first Hadoop analytics and frameworks to manage complex multi-tenant data policy controls. Previously, Steve was the CTO of 42Six Solutions (acquired by Computer Sciences Corporation), where he led a large Big Data services engineering team. Steve holds a Bachelor of Science in Geography from the University of Maryland.

Past sessions

Summit Europe 2020 Migrate and Modernize Hadoop-Based Security Policies for Databricks

November 17, 2020 04:00 PM PT

Data teams are faced with a variety of tasks when migrating Hadoop-based platforms to Databricks. A common pitfall happens during the migration step where often overlooked access control policies can block adoption. This session will focus on the best practices to migrate and modernize Hadoop-based policies to govern data access (such as those in Apache Ranger or Apache Sentry). Data architects must consider new, fine-grained access control requirements when migrating from Hadoop architectures to Databricks in order to deliver secure access to as many data sets and data consumers as possible. This session will provide guidance across open source, AWS, Azure and partner tools, such as Immuta, on how to scale existing Hadoop-based policies to dynamically support more classes of users, implement fine-grained access control and leverage automation to protect sensitive data while maximizing utility -- without manual effort

Speaker: Steve Touw

For data teams, migrating new workloads into Databricks - whether from Hadoop platforms, cloud computer layers, or on-premises databases - is a significant undertaking. A critical step in migrating workloads, especially sensitive data, is to provision access controls that enable compliance with internal rules or privacy regulations such as GDPR, CCPA, or HIPAA. This session will explore various Databricks access control scenarios -- such as credential passthrough, table ACLs, and partner solutions -- to automate security and privacy controls on sensitive data. For each scenario, automation strategies will cover managing user access, enforcing data policies, implementing privacy-enhancing technologies, and data movement. A case study will be presented to put these concepts in practice, including lessons learned at a Fortune 500 company undergoing a complex, on-premises migration to Databricks Delta Lake to unify their data analytics while complying with internal rules and privacy laws such as CCPA.