datasheet

PingDataGovernance

download pdf

PingDataGovernance enables enterprises with fine-grained access controls for user-related data and APIs. Using centralized policies in a graphical policy administration layer, multiple stakeholders across your enterprise can govern access to entire customer profiles or specific attributes to meet privacy regulations, manage delegated administrator access, enforce customer consents and more. PingDataGovernance allows you to:

 

  • Centralize data access governance control

  • Externalize policy administration to business users instead of developers

  • Enforce customer data-sharing consent for regulatory compliance

  • Govern access to entire resources or individual attributes

  • Provide delegated resource management

  • Enforce customer preferences or opt-in/out choices across channels

 

PingDataGovernance gives you centralized, fine-grained control over who has access to your customer data and who can do what with your enterprise’s APIs. You can restrict access based on customer consent or simply to prevent exposure of attributes to apps that don’t require them to function. PingDataGovernance is an important addition to Ping’s customer IAM solution that will help you build trust and enable seamless and secure experiences for your customers, especially in a world that is powered more and more through APIs.

 

Features

 

  • Fine-grained user data and API access controls
  • Externalized authorization with a graphical policy administration interface for business users
  • Flexible policies for regulatory compliance and enforcing user consents
  • Dynamic authorization based on any number of attributes, including real-time risk scores, data source lookups and more
  • Deployed as API security gateway or as SCIM API for data stores
  • Attribute-by-attribute data access governance
  • The ability to allow, block, filter or obfuscate unauthorized data
  • Out-of-the-box policy examples and templates
  • Delegated account administration and data access
  • SDKs for extensions and customizations

 

Supported Standards & Protocols

 

  • OAuth2
  • OpenID Connect
  • LDAPv3
  • SCIM 2.0

How It Works

ADMINISTRATION INTERFACE FUNCTIONALITY

In the "Trust Framework" section of the UI, administrators can dynamically connect and define the data sources that will be used by policy, and the “Policies” section allows business users to define hierarchies of conditions and rules to evaluate data and make policy decisions.

 

DEPLOYMENT OPTIONS: DATA STORES AND APIs

Enterprises have the option of implementing PingDataGovernance on a directory or other data store, allowing your developers to access data by invoking a SCIM API rather than connecting directly. Alternatively, implementing PingDataGovernance at the API layer provides a way to deploy the solution as unobtrusively as possible. As an API security gateway, PingDataGovernance can be deployed as a proxy or sideband to existing API management gateways. It evaluates API requests and responses, and enforces policy decisions—all without asking your developers to make any changes at the database or microservice level.

 

WORKS WITH ANY STRUCTURED DATA

The fine-grained data access and response filtering in PingDataGovernance was built for out-of-the-box deployment on user data at the directory and/or API layer. But it’s not limited to user data. At the API layer, it’s capable of governing any type of user-related structured data, like healthcare records, IoT device data and banking transactions.

 

Benefits

MANAGE DATA PRIVACY & CONSENT

  • Capture and enforce customer data-sharing consent
  • Manage data-sharing choices across channels
  • Enforce customizable, centralized governance policies reflecting a broad range of regulatory constraints

 

 

PUT INTERNAL BUSINESS DATA USERS IN CONTROL

  • Empower internal business data owners to get involved in data protection in a delegated administration console
  • Allow users to input their requirements and test data access control policies in collaboration with other stakeholders via a user-friendly interface

 

TAKE THE BURDEN OFF DEVELOPERS

  • Lift the burden off developers by delegating policy administration to business users through externalized authorization
  • Eliminate the need to code policy, speeding up the development process

 

Related Resources