Abstract: A method for rapid deployment by a service provider of a data lake in association with a cloud computing service. In response to a request to provision the data lake, a new cloud account is created. Within the new cloud account, a service provider access role and associated permissions are created. The new cloud account is then associated, by cross-trust, with an account in the cloud computing service that is one of: a service provider deployment account, and a customer account. A private data cloud is then associated with the service provider deployment account or the customer account, as the case may be. The private data cloud is uniquely associated with the new cloud account and the data lake. A firewall service enabling secure access between the data lake and an external enterprise network is provisioned. The data lake is then provisioned in the private data cloud to complete the rapid deployment.

Abstract: A method and SaaS-based computing platform implemented by a service provider provide for authentication and authorization services in association with the provisioning of a cloud data lake. According to the method, a data lake is provisioned across one or more cloud computing services, preferably within a private data cloud. The data lake comprises at least a first service and a second service, wherein the first and second services use different authentication mechanisms. An authentication framework including an identity and access manager (e.g., Keycloak provisioned to support both OpenLDAP and Kerberos) is configured to enable a permitted user to use a single identity to access the first and second services in the data lake. An authorization framework also is provisioned in association with the authentication framework. The authorization framework configured to apply authorization or data access rules to the single identity across the first and second services in the data lake.

Abstract: A method and scalable security service is implemented by a service provider in association with a set of cloud computing services. The method begins by the service provider provisioning a plurality of data lakes across one or more cloud computing services. A data lake is provisioned within a private data cloud of the one or more cloud computing services. To provide scalable security, the service provider configures a virtual firewall in each of two or more regions of the one or more cloud computing services. In particular, the firewall in a given region is associated with a subset of the plurality of data lakes, and wherein the subset comprises at least first and second data lakes associated to at least first and second distinct external enterprise networks. Using the virtual firewall, the service provider then enforces security requirements associated with the subset of the plurality of data lakes via the virtual firewall.

Abstract: A method for rapid deployment by a service provider of a data lake in association with a cloud computing service. In response to a request to provision the data lake, a new cloud account is created. Within the new cloud account, a service provider access role and associated permissions are created. The new cloud account is then associated, by cross-trust, with an account in the cloud computing service that is one of: a service provider deployment account, and a customer account. A private data cloud is then associated with the service provider deployment account or the customer account, as the case may be. The private data cloud is uniquely associated with the new cloud account and the data lake. A firewall service enabling secure access between the data data lake and an external enterprise network is provisioned. The data lake is then provisioned in the private data cloud to complete the rapid deployment.