Secure AI and analytics pipelines with Protegrity AI Team Edition
Learn More
Back to Integration Hub
Partner integration

Protegrity & Denodo

Build trusted analytics and GenAI workflows on distributed data—Denodo unifies access while Protegrity enforces field-level protection and policy-based access in real time.

tags

Live Demo

View Demo

  • Protegrity Native

    Native integration embeds Protegrity protection directly into Denodo’s virtualization layer—so sensitive fields are protected at query time with centralized policy and audit logging.

  • Integration type

    • Federated Engine

  • Partner

    Yes

  • Supported platforms

overview

The Protegrity and Denodo integration delivers persistent, field-level data protection within Denodo’s data virtualization layer, enabling secure, compliant, and seamless access to distributed data sources.

By combining Denodo’s unified access with Protegrity’s policy-based tokenization, encryption, and masking, organizations can enable governed self-service analytics, secure data products, and privacy-first AI pipelines across cloud, on-prem, and hybrid environments. Protection is enforced at the point of access, with centralized policies, audit logging, and role-based controls that help meet requirements like GDPR, HIPAA, and PCI-DSS. 

Key Integration Feature

The Protegrity and Denodo integration empowers organizations to securely access and analyze distributed data across hybrid, multi-cloud, and on-premises environments by combining Protegrity’s granular data protection with Denodo’s powerful data virtualization platform. Persistent, field-level protection is applied directly within the virtualized data layer, ensuring sensitive information remains governed and compliant while enabling secure collaboration across departments, partners, and geographies without moving or replicating raw data.

This joint solution removes barriers to data accessibility, accelerates decision-making, and simplifies compliance in regulated industries such as financial services, healthcare, and manufacturing—delivering a trusted foundation for secure, agile innovation where virtualized data is protected, accessible, and actionable at scale.

Features & Capabilities

Enable secure self-service access across Denodo virtual views. Protegrity protects sensitive fields at query time while preserving performance and usability.

  • 01

    Unified Data Security: Protect everywhere, enforce centrally 

    Why it matters

    Sensitive data such as PII, PHI, and financial information remains protected across all Denodo-connected sources, while policies are managed from a single control point.

    How it works

    A global bank uses Protegrity with Denodo to tokenize customer identifiers across multiple databases, enabling analysts to query unified views without exposing raw values.

  • 02

    Native Virtualization Integration: Security built into the data fabric

    Why it matters

    Protegrity’s encryption, tokenization, and masking integrate seamlessly into Denodo’s virtualization layer—eliminating the need for data movement or duplication.

    How it works

    Customers maintain fast query performance across federated data sources, even when sensitive data is persistently protected. 

  • 03

    Trusted Data Collaboration: Share confidently across ecosystems

    Why it matters

    Consistent, persistent protection policies travel with the data, ensuring secure access for internal teams, subsidiaries, and external partners.

    How it works

    A healthcare provider leverages Denodo + Protegrity to share virtualized, de-identified patient records with research institutions, supporting HIPAA-compliant innovation. 

  • 04

    Analytics & AI Empowerment: Insights without compromise

    Why it matters

    Protected data can still be analyzed, visualized, and used to train AI/ML models—maximizing business value while minimizing compliance risk.

    How it works

    A retail enterprise combines tokenized sales and customer data from multiple systems through Denodo to build advanced recommendation models without PCI violations.

  • 05

    Simplified Compliance: Regulations met by design

    Why it matters

    Consistent application of Protegrity’s protection across Denodo’s data virtualization environment helps meet GDPR, HIPAA, PCI-DSS, and other regulatory requirements.

    How it works

    Enterprises cut compliance audit preparation time by 40% through centralized reporting of Protegrity’s protection policies within Denodo.

Architecture &
Sample Data Flow

At the foundation of the Protegrity–Denodo integration is an architecture built to deliver persistent, field-level protection directly within Denodo’s virtual data layer. Instead of moving or replicating data, Protegrity safeguards sensitive information at the point of access—whether it originates from on-premises databases, cloud platforms, or hybrid environments. This ensures that data remains consistently protected as it is virtualized, queried, and delivered across the enterprise. 

The data journey
Visualizing the data journey
The data journey
The data journey explained
  • 01
    Data Ingestion

    Protegrity-enabled connectors ensure that as data from ERP, CRM, and other systems is virtualized in Denodo, sensitive fields are automatically identified and prepared for protection.

  • 02
    Data Protection & Transformation

    Protegrity enforces encryption, tokenization, or masking policies at the field level, during query execution or transformation within Denodo. Centralized policies applied via Protegrity APIs ensure consistency across all data sources.

  • 03
    Data Consumption & Analytics

    Analysts and business users can query unified Denodo views without accessing sensitive raw data. Protected datasets remain fully usable for BI dashboards, reporting, and operational queries.

  • 04
    AI/ML Enablement

    De-identified or tokenized datasets are securely delivered through Denodo to AI/ML pipelines, enabling predictive modeling and advanced analytics without risking exposure of sensitive values.

  • 05
    Data Sharing & Collaboration

    Denodo’s data virtualization and delivery capabilities are enhanced by Protegrity’s persistent protection, ensuring that shared datasets remain secure across geographies, subsidiaries, or partner ecosystems.

  • 06
    Monitoring & Auditing

    All Protegrity protection activities in Denodo are logged for auditability. Detailed reports and automated alerts allow organizations to demonstrate compliance with GDPR, HIPAA, PCI-DSS, and other regulations. 

DEPLOYMENT

Deployment of Protegrity Data Protection with Denodo is typically executed by Denodo SMEs, using a well-defined integration approach that embeds Protegrity’s protection capabilities directly into Denodo’s virtualization layer.

Integration via Custom Functions (UDFs):

The core mechanism involves creating Denodo User-Defined Functions (UDFs) that invoke Protegrity’s Java Application Protector SDK (AP Java). These UDFs call into the Protegrity PEP (Protect Enforcement Platform) server, a lightweight proxy that enforces protection policies, caches tokens, and locally performs de-tokenization while synchronizing policy changes with the Protegrity ESA every minute.

Policy Enforcement in Action:

When a UDF such as unprotect() is called within a Denodo view, it passes the protected value and context (e.g., dataElementName and user identity) to the PEP server. Protegrity evaluates the request against defined policies—returning either a de-tokenized value (if the user is authorized) or a secured version of the data (e.g., token or masked).

Enterprise Deployment Pattern:

In a real-world implementation, a major retailer deployed Protegrity tokenization together with Denodo’s virtualization and RBAC controls. They tokenized sensitive customer data upstream and used Denodo to serve protected data from Snowflake and other sources. Authorized users were able to see detokenized data through Denodo views, while others accessed only protected forms.

Scalable and Secure Architecture:

The PEP server runs on the Denodo Virtual DataPort Server host, enabling efficient local enforcement of data protection policies. This configuration minimizes latency and avoids unnecessary data movement. Role-based access is enforced through Denodo’s RBAC framework, while Protegrity’s logs feed auditing and compliance workflows for GDPR, HIPAA, PCI-DSS, and more.

RESOURCES

Guides and references for building governed analytics and AI workflows with Denodo—while enforcing Protegrity’s field-level tokenization, encryption, and access controls at query time.

Protegrity Integration with Denodo

Step-by-step instructions to deploy Protegrity protection in Denodo—UDFs, view patterns, performance tuning, and governance workflows for secure data access.

READ MORE

Docs Center

Explore product docs for tokenization, encryption, masking, policy administration, audit logging, and AI-ready governance—plus reference architectures and best practices.

READ MORE

Frequently
Asked Questions

See the
Protegrity
platform
in action

Accelerate data access and turn data security into a competitive advantage with Protegrity’s uniquely data-centric approach to data protection.

Get an online or custom live demo.

TRY FOR FREEBOOK A DEMO