About The University
The University has a name that is known worldwide as one of the top Universities in the United States, and teaches more than 26,000 students. With over 1,200 non-medical and over 1,200 medical faculty, the school boasts an impressive ratio of student-teacher in its academic programs.
Intricity is a team of specialized Data Management, Data Warehousing, and Business Intelligence experts. The team members at Intricity have been handpicked over the course of 20 years, and represent the top talent globally in Data oriented disciplines.
Challenge and Wins
The University had grown its academic programs over the years, and each program’s need to consume data grew accordingly. Because individual programs within Universities are run as autonomous schools of excellence, their practices in sharing data are often highly disconnected. This holds true in nearly every large University in North America. While this autonomy from the central administration creates focus for the school, it also creates boundaries to operational cohesion in accessing data. Thus when data is shared between the administration and the individual schools, the distance can seem similar to sharing data between two separate companies.
For The University sharing of data was managed through a direct data extraction tool which provided connectivity to centralized data systems. However, these direct data extractions did not provide the appropriate level of auditing and security. Establishing connectivity to data was a process which nobody inside of the University wanted to engage in. This is because the process put the IT data team in a gatekeeping role. So often the tactic employed by the individual schools was to wait till the last minute to announce an emergency need for connectivity. The emergency connectivity was seen as a way to avoid the long process of requesting data access.
In the end the University had thousands of scheduled file drops and data feeds which had very poor audit trails. Getting to the heart of governing this data was of critical importance, but also improving the data approval process was something every staff member was seeking.
Immediate Access to Data
The data analysts at each of the schools needed immediate access to data to meet project timelines, and the lack of access would hold up larger efforts. Thus, whatever solution got produced, the ability to begin developing, needed to be immediate.
Multiple parties needed to be part of the process of approving data, and each system had slightly different approval requirements. This included different escalation processes. The University needed something that would provide a flexible process definition framework for providing approval for accessing data.
Access Control Governance Over Data Sources
Once approval had been given, the University needed a framework automatically provisioning and governing the access controls to the data so the IT data team did not have to interject latency in the process.
Win 1: ODS (Data Lake)
Intricity designed a data framework which combined all the data sources into a single secured Operational Data Store (ODS) in Snowflake. This ensured that all the access control to the data could be centralized into a single point of access. Additionally Snowflake provided the cheapest possible storage cost coupled with the highest obtainable query speeds.
Win 2: Immediate Access
Intricity designed a data access framework which allowed the requestors of the data to receive an obfuscated data set right away. This obfuscated set of data was a representation of the data types and schema, but did not provide any actual data to the requestor of data. This ensured that PII and HIPAA data were not being provided without an approved use case and gateway, while allowing developers to get started right away with their data projects. When the approval process was completed, any design work they had done to analytics carried over seamlessly as all the obfuscated data schemas were consistent with the actual data.
The school data analysts loved this because it gave them an immediate playground to work in for conceptual analytic design, which could later be validated when the full data access could be obtained. Likewise, the IT data teams loved this feature as it removed them from the “middle man” position between the users and their data.
Win 3: Access Request Framework
Intricity designed a requesting framework driven by a low code application which was adaptable to the source data approval processes. This enabled business process to be the driver of the requesting application screens which each school would need to interact with to get access to data. On the back end of this process, the low code framework would notify the appropriate parties regarding approvals, and once complete would automatically push the desired access controls to the data governance layer.
Security stakeholders liked this process because it provided visibility into the requesting process early on, as opposed to the constant emergency access requests. This early request was also due to the immediacy of access in Win 2.
Win 4: Access Control Governance
Intricity designed a centralized Governance layer which consolidated all the approved access controls into a single location which The University could audit/update/revoke at any time. Additionally the Governance layer allowed data access approval to be timed for certain scenarios, ensuring limited access when desired. This provided the University confidence that their data access controls were known and governable.