Enterprise Knowledge COO Joe Hilger speaks with Michal Bachman, CEO at GraphAware. GraphAware provides technology and expertise for mission-critical graph analytics, and its graph-powered intelligence analysis platform — Hume — is used by democratic government agencies (law enforcement, intelligence, cybersecurity, defense) and Fortune 500 companies across the world.

In their conversation, Joe and Michal discuss how you can use a graph to investigate criminal networks, what’s next with graphs (hint: ensuring trustworthy AI doesn’t just mean supporting the machines), and some helpful books that experts at GraphAware have released recently.

Check out ⁠Knowledge Graphs and LLMs in Action⁠ and ⁠Neo4j: The Definitive Guide⁠ to dive deeper into the topics discussed in this episode!

If you would like to be a guest on Knowledge Cast, contact Enterprise Knowledge for more information.

The post Knowledge Cast – Michal Bachman, CEO of GraphAware appeared first on Enterprise Knowledge.

Enterprise Knowledge COO Joe Hilger speaks with Amy Hodler, Founder and Executive Director of GraphGeeks. GraphGeeks is a global community for data enthusiasts, researchers, and professionals passionate about graph technology.

In their conversation, Joe and Amy discuss interesting use cases for graph and graph product innovations, how a graph is like a fungus (“The Last of Us” fans, watch out), trends in the graph space, and how being a “graph geek” can lead to more efficient collaboration.

If you would like to be a guest on Knowledge Cast, contact Enterprise Knowledge for more information.

The post Knowledge Cast – Amy Hodler, Founder & Executive Director of GraphGeeks appeared first on Enterprise Knowledge.

• AI tools make data in all forms more accessible than ever before.
• Data is captured in a broader range of tools (both in the cloud and on-premises), each with its own security model.
• Hackers are more sophisticated than ever, and the need for highly decentralized information repositories with strong security models is now seen as a critical way to deter them.

In the same way that we now have technologies that enable better information access, we also have technologies that make securing this information more robust and scalable. You can learn more about how this is done in our blog post, “Inside the Unified Entitlements Architecture.” In this article, we describe how a Unified Entitlements Service (UES) can be set up to consistently replicate information access rules from a central source across a wide range of products so that these rules are the same throughout the organization. 

As with most problems, technology is only part of the solution. Implementing a UES is not merely a technical project, but a transformational journey. As part of this journey, organizations typically progress through several maturity stages:

• Discovery and Assessment: Mapping the current entitlement landscape across platforms and identifying the highest-risk inconsistencies.
• Policy Standardization: Creating a unified policy framework that translates business rules into technical controls.
• Incremental Implementation: Rolling out UES capabilities gradually, starting with the most critical data sources and expanding over time.
• Continuous Improvement: Refining policies, enhancing performance, and expanding coverage to new data platforms as they enter the enterprise ecosystem.

The Discovery and Assessment stage is critical to understanding the complexity of implementing unified entitlements across an organization. During this stage, analysts identify which repositories need content with specific entitlement rules, the rules that need to be described, and how they will be implemented. Most organizations focus on securing their datasets and SharePoint online. While that is a good starting point, there are many other repositories that likely need to be properly secured. Information like contracts, client data, pricing, and product specifications may all require their own security policies. It is important to put together a list of these repositories and their business owners so that the true scope of the problem is understood correctly. Once this list is in place, the security rules (or policies) can be enumerated. These rules might look like the following:

Limit access to client team members, the project sponsor, and senior leadership only

This list of rules for different information assets should be understandable by both business and technical people and is often quite lengthy. Having discovered the repositories and established the rules, it is important to identify who is responsible for ensuring these rules are in place both at the time of the analysis and in the future. Once this discovery work is complete, the entitlements team can start to move into iterative project implementation.

After defining the repositories and rules, the Policy Standardization process begins. During this stage, the security rules defined in the first stage are aligned with the systems to which they apply to, and the security policy models are developed. Each system has its own way of managing security, and the new security policy models need to account for these requirements. Since most security models are either role-based or attribute-based, the new policy models typically address requirements for groups and attributes at an enterprise level. One of the key outputs of this stage are the guidelines for how groups need to be managed and what personal attributes need to be captured, managed, and shared with other applications.

After a core set of policies are defined, the Incremental Implementation stage can begin. During this stage, IT works with repository owners to automate the application of entitlements using the UES. This is a collaborative effort where IT implements the rules to automate entitlements, and business users identify the exceptions that inevitably arise. Both parties then work through the exceptions until the entitlements are correct. Then, this process is repeated with other repositories across the enterprise, focusing on the most critical repositories first.

The Continuous Improvement stage begins once the initial implementations are completed. Information management should never be static. As new information types are captured, new systems are implemented, and new security policies are required, the entitlements must be updated. We help our clients define a repeatable process to update their UES with the latest policies to keep their entitlements aligned with continuously changing business needs.

This journey yields progressive benefits at each stage, from reduced administrative overhead to enhanced security and an improved compliance posture. Organizations that successfully navigate this transformation gain not just better governance but a strategic advantage: the ability to safely democratize data access while maintaining robust protection for sensitive information.

Our Unified Entitlements team has helped others through this journey. If you want to solve your entitlement problems, please contact our team for guidance at info@enterprise-knowledge.com.

The post The Journey to Unified Entitlements appeared first on Enterprise Knowledge.

Effective management of information access across the enterprise is one of the most difficult problems that large organizations deal with today. Unified entitlements offer a solution by providing a comprehensive definition of access rights, ensuring consistent and correct privileges across every system and asset type in the organization.

A Unified Entitlements Service (UES) addresses these challenges by creating a centralized policy management system. It translates high-level business rules into controls specific to each platform. UES acts as the universal translator for security policies, allowing governance teams to define rules once and apply them everywhere.

A strong UES consists of several interlocking components that work together to provide seamless policy enforcement while still respecting each platform’s native security model. The diagram below illustrates how these components interact in a comprehensive UES implementation:

Figure 1. High-level architecture of a Unified Entitlements Service showing the key components and their interactions

The Core Components

Entitlement Integration Core: This stateless microservice cluster serves as the brain of the UES, managing the complex relationships between users, roles, and permissions. It utilizes high-performance caching (typically implemented with Redis or similar technologies), it provides entitlement lookups to maintain performance.

Policy Engine: Built on frameworks like Open Policy Agent (OPA), this component evaluates access requests against enterprise-wide policies expressed in a domain-specific language. For example, a policy might state: “Users in the Marketing department can access customer demographic data, but not payment information, unless they also belong to the Finance team and are working on the Q4 campaign.”

Provenance & Lineage Tracking: Every access decision is logged with comprehensive context, creating an immutable audit trail for compliance and security investigations. Implementations typically leverage systems like Apache Atlas alongside Kafka Streams for real-time audit logging.

Query Federation Layer: Beyond simply enforcing access at the resource level, advanced UES implementations apply entitlements directly to query execution. Using technologies like Trino (formerly PrestoSQL) with custom connectors, the system can modify queries in-flight to add entitlement-aware filters.

Entitlement Integrations: These connectors translate UES decisions into platform-specific access controls within native Identity and Access Management (IAM) systems. This typically involves the use of OAuth 2.0 and SAML for authentication flows.

Metadata Management Portal: A user-friendly interface empowers governance teams to define, test, and monitor entitlement policies. Modern implementations often use React-based front-ends with GraphQL APIs to provide a responsive management experience.

The Lifeblood of UES: Entity Resolution

At the heart of effective entitlement management lies a critical challenge: accurately resolving user identities across disparate systems. A single individual might exist as three distinct identities, such as:

• john.smith@company.com in Azure AD
• jsmith_finance in Snowflake
• employee_456789 in AWS IAM

Without proper resolution, John might inadvertently gain excessive privileges through the combination of his separate identities or face frustrating access denials where legitimate access should be granted.

A sophisticated UES employs entity resolution algorithms—combining deterministic matching rules, probabilistic methods, and sometimes machine learning—to create a unified identity graph. Products like Senzing are designed for this very purpose. This graph connects all representations of a user across systems, enabling consistent policy enforcement regardless of which system they’re accessing.

The resulting unified user profile might look like this:

This unified view becomes the foundation for consistent entitlement decisions across the entire data ecosystem.

Architectural Pattern for Enterprise Deployment

Federated Enforcement with Local Agents

The Unified Entitlement Service employs a layered and federated architecture designed for scalability, interoperability, and governance across enterprise data environments. At its core, the system is structured into distinct layers, each responsible for key functions:

• Entitlement Integration Core Service (EIS) manages access control, policy enforcement, and lineage tracking.
• Metadata Management Service ensures governance and transparency.
• Query Federation enables distributed query execution.
• Entitlement Integrations provide seamless access to diverse data sources.

This architecture diverges from the traditional hub-and-spoke model, operating as a federated governance framework. In this model, entitlement decisions are enforced dynamically across multiple platforms without centralizing sensitive data. The Distributed Query Engine plays a crucial role in aggregating results across entitlement sources, ensuring that governance policies are applied at the time of query execution.

Real-World Implementation Challenges

Despite its compelling benefits, implementing a UES presents significant challenges that organizations must carefully navigate.

Case Study

In recent work with a large global investment firm, we implemented role-based access control (RBAC) and attribute-based access control (ABAC) as one component of a unified entitlements solution. In this work, graph data was persisted in a Neo4j database. Read and traversal entitlements for properties were implemented to control what nodes were discoverable, and what properties of nodes were viewable in downstream applications. Through single sign-on (SSO) connections to Neo4j, a UES can maintain awareness of data source grants while implementing higher level entitlements.

Policy Drift

Without proper controls, UES policies may diverge from actual platform rules. For example, a database administrator might make an emergency change directly in PostgreSQL, bypassing the UES. Over time, these discrepancies accumulate, creating security gaps.

Solution: Implement continuous compliance scanning that compares actual platform entitlements against UES policies, flagging and remediating discrepancies.

Performance Considerations

Real-time entitlement validation adds overhead to data access requests. For analytical workloads processing billions of records, even milliseconds of added latency per decision can significantly impact performance.

Solution: Employ a hybrid approach that combines pre-computed access decisions for common patterns with just-in-time validation for edge cases. Aggressive caching of entitlement decisions can reduce overhead to negligible levels for most scenarios.

Organizational Alignment

Perhaps the most overlooked challenge is organizational: UES crosses traditional boundaries between security, data, and platform teams. Without clear ownership and governance, implementation efforts can stall amid competing priorities.

Solution: Establish a federated governance model with representatives from security, data management, compliance, and platform engineering. This cross-functional team should own the UES strategy and roadmap, ensuring alignment across organizational boundaries.

The Future of Unified Entitlements

As UES technology matures, several emerging trends point to its future evolution:

AI-Driven Entitlement Intelligence: Advanced UES implementations are beginning to incorporate machine learning to detect anomalous access patterns, suggest policy improvements, and automatically remediate compliance gaps. These capabilities will transform UES from a passive enforcement layer to an active participant in security governance.

Context-Aware Access Policies: Next-generation entitlement systems will incorporate contextual factors beyond identity—such as device health, location, time of day, and behavioral patterns—to make more nuanced access decisions. For example, a finance analyst might have full access to sensitive data when working from corporate headquarters but receive masked results when connecting from a coffee shop.

Federated Multi-Cloud Governance: As enterprises adopt multi-cloud strategies, UES will evolve to provide consistent governance across cloud boundaries, ensuring that security policies remain portable even as workloads move between environments.

Conclusion: A Services Based Approach

Managing entitlements in a consistent manner across all of your applications, both on-premises and in the cloud, feels like an impossible challenge. As a result, many organizations avoid the problem, hoping it will resolve itself. A services-oriented approach like the one that described above makes solving this problem possible. If you would like to learn more about how this works and how you can solve entitlements at your organization, please email us at info@enterprise-knowledge.com.

The post Inside the Unified Entitlements Architecture appeared first on Enterprise Knowledge.

These aren’t hypothetical situations. They happen daily across enterprises that have invested millions in data infrastructure but neglected the crucial layer that governs who can access what data, when, and how. As organizations expand their data ecosystems across multiple clouds, databases, and analytics platforms, the challenge of maintaining consistent access control becomes exponentially more complex. This review provides a technical follow-up to the concepts outlined in Why Your Organization Needs Unified Entitlements and details the architecture, implementation strategies, and integration patterns needed to build a robust Unified Entitlements System (UES) for enterprise environments. I will address the complexities of translating centralized policies to platform-specific controls, resolving user identities across systems, and maintaining consistent governance across cloud platforms.

The Entitlements Dilemma: A Perfect Storm

Today’s enterprises face a perfect storm in data access governance. The migration to cloud-native architectures has created a sprawling landscape of data sources, each with its own security model. A typical enterprise might store customer data in Snowflake, operational metrics in PostgreSQL, transaction records in MongoDB, and unstructured content in AWS S3—all while running analytics in Databricks and feeding AI systems through various pipelines.

This diversity creates several critical challenges that collectively undermine data governance:

Inconsistent Policy Enforcement: When a new employee joins the marketing team, their access might be correctly configured in Snowflake but misaligned in AWS Lake Formation due to differences in how these platforms structure roles and permissions. Snowflake’s role-based access control model bears little resemblance to AWS Lake Formation’s permission structure, making uniform governance nearly impossible without a unifying layer.

Operational Friction: Jennifer, a data governance officer at a financial services firm, spends over 25 hours a week manually reconciling access controls across platforms. Her team must update dozens of platform-specific policies when regulatory requirements change, leading to weeks of delay before new controls take effect.

Compliance Blind Spots: Regulations like GDPR, HIPAA, and CCPA mandate strict data access controls, but applying them uniformly across diverse platforms requires expertise in multiple security frameworks. This creates dangerous compliance gaps as platform-specific nuances escape notice during audits.

Identity Fragmentation: Most enterprises operate with multiple identity providers—perhaps Azure AD for corporate applications, AWS IAM for cloud resources, and Okta for customer-facing services. Without proper identity resolution, a user might exist as three separate entities with misaligned permissions.

Beyond Simple Access Control: The Semantics Challenge

The complexity doesn’t end with technical implementation. Modern AI workflows rely on a semantic layer that gives meaning to data. Entitlement systems must understand these semantics to avoid breaking critical data relationships.

Consider a healthcare system where patient records are split across systems: demographics in one database, medical history in another, and insurance details in a third. A unified approach to managing entitlements should be developed to understand these semantic connections and ensure that when doctors query patient information, they receive a complete view according to their access rights rather than fragmented data that could lead to medical errors.

The Unified Entitlements Solution

A UES addresses these challenges by creating a centralized policy management system that translates high-level business rules into platform-specific controls. Think of it as a universal translator for security policies—allowing governance teams to define rules once and apply them everywhere.

How UES Transforms Entitlement Management

Let’s follow how a UES transforms the experience for both users and administrators:

For Maria, the Finance Analyst: When she logs in through corporate SSO, the UES immediately identifies her role, department, and project assignments. As she queries the data lake, the UES dynamically evaluates her request against centralized policies, translating them into AWS Lake Formation predicates and Snowflake secure views. When she exports data to Excel, column-level masking automatically obscures sensitive fields she shouldn’t see. All of this happens seamlessly without Maria even knowing the UES exists.

For the Data Governance Team: Instead of managing dozens of platform-specific security configurations, they define policies in business terms: “Finance team members can access aggregated revenue data but not customer PII” or “EU-based employees cannot access unmasked US customer data.” The UES handles the complex translation to platform-native controls, dramatically reducing administrative overhead.

Conclusion: The New Foundation for Data Governance

As enterprises continue their data-driven transformation, a UES emerges as the essential foundation for effective governance. UES enables organizations to enforce consistent access rules across their entire data ecosystem by bridging the gap between high-level security policies and platform-specific controls.

The benefits extend beyond security and compliance. With a properly implemented UES, organizations can accelerate data democratization while remaining confident that appropriate guardrails are in place. They can adopt new data platforms more rapidly, knowing that existing governance policies will translate seamlessly. Most importantly, they can unlock the full value of their data assets without compromising on protection or compliance.

In a world where data is the lifeblood of business, unified entitlements isn’t just a security enhancement—it’s the key to unlocking the true potential of enterprise data.

The post Unified Entitlements: The Hidden Vulnerability in Modern Enterprises appeared first on Enterprise Knowledge.

In this presentation, Hilger and Thompson explored the evolving challenges of securing data in an era of exponential growth, cloud adoption, and increasing cyber threats, starting with the limitations of traditional perimeter-based security approaches and the need for scalable, automated solutions. They introduced key modern security strategies – including zero trust architecture, data-centric security, and AI/ML-driven threat detection – to help organizations enhance their data protection. The session also covered shadow/dark data discovery and data classification techniques to mitigate risks and improve security posture.

By the end of the session, attendees gained insight into:

• The limitations of traditional perimeter-based security and why modernization is necessary
• Zero trust architecture and how it strengthens security through strict identity verification
• Data-centric security strategies to protect data throughout its lifecycle
• The role of AI/ML in detecting threats and automating security decisions
• Techniques for discovering and classifying shadow/dark data to close security gaps
• Actionable strategies for implementing scalable, future-proof data security frameworks

The post Modern Methods for Managing Data Security appeared first on Enterprise Knowledge.

Unified entitlements provide a holistic definition of access rights, enabling consistent and correct privileges across every system and asset type in the organization. These information assets may be documents in SharePoint, wiki pages, discussion threads in Microsoft Teams or Slack, or data sets in a data lake. In most organizations, each of these systems has its own model for securing information. As a result, most organizations have an inconsistent application of their entitlement rules across their knowledge ecosystem. These inconsistencies create risk for the organization and impact the development of knowledge management solutions.

There are several legal, compliance, and reputational risks associated with the inconsistent application of entitlements. In the next few paragraphs, I will share how some of these risks can be realized and how unified entitlements would have fixed the issue.

Automating Access

A consulting firm that we worked with used team sites to collaborate on client materials. The head of the project was allowed to add or remove access to the site. As people left the project, their access was not removed. In addition, a few people from separate divisions were granted access so that they could see deliverables that could help them with their own work. When the client did an audit to see who had access to their materials, they saw several people who were not on the project. The consulting firm was in breach of its contractual obligations, and while it managed to keep the client, it lost the client’s trust and negatively affected its reputation. If they did not have as good of a relationship with their client, they might have been sued. A unified entitlements solution would have synced access to the site with access to the charge code to do the work. As people left the project, they would have automatically lost access to the project workspace, and the client audit would have strengthened the relationship.

Catching Errors

In another example, a manufacturing company had an R&D division that developed plans for new products in their product line. They were in a highly competitive industry where being the first to market could mean millions of dollars in additional revenue. The designs of the new products were stored in a closely guarded Product Lifecycle Management (PLM) system. Access to the PLM was managed by an IT person in the R&D department. An employee with the same name as one of the R&D researchers was accidentally granted access to the PLM. This person did not log into the PLM, but found the upcoming designs in the semantic search that the company rolled out. The person assumed this was public information. They took a job with a competitor and shared what they had seen with their new employer. The competitor copied the approach and closed the gap with the manufacturer. This simple mistake cost the manufacturer millions of dollars in product revenue and directly affected the stock price. In this case, the unified entitlements solution would have granted access to the PLM only to those people in the R&D department. Access permissions would be driven by the department of record in the HR system. All of this would automatically be replicated between systems so that no individual would have the responsibility to grant access to the PLM. 

Aligning Systems

A pharmaceutical company stored data about the results of their drug trials in their data lake. Access to the trial results was limited to people who worked on the clinical trials. In addition, the team captured notes about their interpretations of the results on a separate team site. The person who managed access to the data lake was not the same person who managed access to the team site. One of the tests was executed incorrectly, which led to disappointing results. The cause for the improper results was identified by the team and documented on the team site. New tests were run that produced better results, and the old ones were ignored but left in the data lake. Someone from outside the trials team was accidentally granted access to the test result data but not the notes about the findings. They saw the result data and immediately escalated that there was a problem with their leadership. The clinical trial team spent weeks explaining what they found. This confusion delayed the trial timeline and distracted the team. A unified entitlements solution would have identified the system of record for the trial teams and automatically granted access to both the data tables and the team site based on who was assigned to the trials. 

Conclusion

These three simple examples show the kinds of risks that organizations accept when they do not implement unified entitlements. If your organization has an entitlements problem, it is best to start with a strategy that allows you to understand the scope of the problem and create a reasonable plan for addressing entitlements across the enterprise. Once this is in place, the organization can:

• Identify the products needed to support unified entitlements;
• Start building the models for applying the security rules; and
• Develop the integrations to automate security to all major systems.  

Consistent and accurate access permissions to knowledge assets can no longer be ignored or deprioritized. Semantic solutions like semantic search, knowledge portals, knowledge graphs, and generative AI chatbots make access to information easier than ever before. Organizations that lack the structure of a unified entitlements solution have greater risk of information leakage than ever before. If you need a Unified Entitlements program, our consultants have solved this problem for other large organizations and can help you better understand the problem and help you jump-start your initiative – contact us.

The post Why Your Organization Needs Unified Entitlements appeared first on Enterprise Knowledge.

The conversation also touches on the challenges and opportunities of competing with major players like Microsoft while differentiating their offerings through precision and human-in-the-loop methodologies. Naso and Andreas underscore the importance of “whole data” and its role in unlocking the potential of generative AI and semantic web technologies. This merger represents an exciting step forward in enabling businesses to tackle complex data challenges effectively.

If you would like to be a guest on Knowledge Cast, contact Enterprise Knowledge for more information.

The post Knowledge Cast Product Spotlight – Graphwise appeared first on Enterprise Knowledge.

Austin highlights the challenges of managing increasingly complex data ecosystems, especially for large enterprises dealing with fragmented and siloed data sources. Atlan tackles these issues by embedding data catalog functionalities directly into the workflows of business intelligence tools, allowing users to access metadata seamlessly without leaving their dashboards. By focusing on transparency, flexibility, and automation, Atlan helps organizations build trust in their data assets, ensuring that users can rely on accurate and contextually relevant data.

The discussion also explores how Atlan leverages AI to automate metadata documentation, minimizing the manual burden on data stewards. Austin emphasizes Atlan’s commitment to adaptability, positioning the platform as a control plane for data and AI. This forward-looking approach aims to empower organizations to make data-driven decisions effectively while supporting the evolving needs of knowledge management and data governance.

If you would like to be a guest on Knowledge Cast, contact Enterprise Knowledge for more information.

The post Knowledge Cast Product Spotlight – Austin Kronz of Atlan appeared first on Enterprise Knowledge.

In their conversation, Matthieu discusses how Linkurious empowers users—from analysts to investigators—by making complex data relationships visible and actionable through cutting-edge graph visualization technology. From fraud detection and anti-money laundering to supply chain risk management and cybersecurity, Matthieu explains how organizations are leveraging graph technology to break down data silos, uncover hidden insights, and improve decision-making.

Tune in to learn how Linkurious is driving innovation in graph technology and why visualization is key to unlocking the full potential of knowledge graphs at scale.

If you would like to be a guest on Knowledge Cast, contact Enterprise Knowledge for more information.

The post Knowledge Cast Product Spotlight – Matthieu Besozzi of Linkurious appeared first on Enterprise Knowledge.