Partner integration

Protegrity & Starburst

The Protegrity + Starburst integration enables secure federated analytics across cloud and on-prem sources by applying field-level tokenization, encryption, and masking at query time—so teams can analyze distributed data without exposing sensitive values.

overview

The Protegrity and Starburst integration empowers enterprises to securely query and analyze distributed data across cloud, on-premises, and hybrid environments by combining Protegrity’s granular, policy-based protection with Starburst’s federated query engine. Persistent encryption, tokenization, and masking are applied directly within Starburst’s SQL-based architecture, ensuring sensitive data is protected in real time during query execution without requiring data movement or replication.

This joint solution accelerates time-to-insight, simplifies compliance in regulated industries such as financial services, healthcare, and retail, and delivers a trusted foundation for secure, federated analytics—where distributed data remains protected, accessible, and actionable at scale.

Key Integration Feature

The Protegrity + Starburst integration delivers enterprise-grade data protection across federated queries, enabling secure, compliant analytics on distributed data without sacrificing performance or accessibility.

Features & Capabilities

01
Granular Data Protection: Security Embedded at the Query Level
Why it Matters
Protecting sensitive data such as PII, PHI, and financial information during federated queries is essential for regulatory compliance and risk mitigation. By embedding security at the query level, organizations can confidently enable analytics across distributed sources without compromising data privacy.
How it Works
Protegrity with Starburst to tokenize account numbers across multiple data lakes and warehouses, ensuring that raw values are never exposed during analysis. This enables analysts to run cross-source aggregate queries securely, supporting both compliance and operational efficiency.
02
Seamless Integration with Starburst Query Engine: Security Without Disruption
Why it Matters
Protegrity’s direct integration with Starburst’s Trino-based architecture ensures that encryption, masking, and tokenization are applied dynamically during query execution. This minimizes performance impact, allowing organizations to maintain interactive analytics experiences even with protected datasets
How it Works
Customers report that interactive query performance is maintained even when working with protected datasets, thanks to Protegrity’s efficient integration. The dynamic application of security policies ensures that data remains secure without slowing down analytics operations.
03
Unified and Secure Data Access: Collaboration Without Risk
Why it Matters
Consistent protection policies across all Starburst-connected sources ensure governed data access for internal teams, subsidiaries, and external partners. This reduces the risk of data breaches and supports compliance with industry regulations.
How it Works
A healthcare provider uses Starburst + Protegrity to securely expose virtualized, de-identified patient records from multiple systems to research partners, supporting HIPAA compliance. This enables collaborative research without compromising patient privacy.
04
AI & Analytics Enablement: Unlock Insights from Distributed Data
Why it Matters
Protegrity-protected data remains usable for advanced analytics, reporting, and AI/ML training, empowering organizations to innovate without regulatory risk. This ensures that sensitive information does not hinder progress in data-driven initiatives.
How it Works
A retail enterprise combines tokenized sales and customer data from multiple clouds through Starburst to build personalization models without violating PCI compliance. This enables targeted marketing and improved customer experiences.
05
Compliance Simplification: Consistent Protection Across Hybrid Environments
Why it Matters
Centralized data protection policies enforced across Starburst’s federated query ecosystem help organizations meet GDPR, HIPAA, PCI-DSS, and other regulatory mandates. This simplifies compliance management and reduces audit complexity.
How it Works
Enterprises cut audit preparation time by 40% through automated reporting of Protegrity’s field-level protections applied across distributed data sources. This streamlines compliance processes and enhances visibility for regulatory teams.

Architecture &
Sample Data Flow

At the core of Protegrity’s Starburst integration is an architecture designed to deliver persistent, field-level data protection directly within Starburst’s distributed query engine. Sensitive data is safeguarded as it is queried across data lakes, warehouses, cloud storage, or relational databases—and remains protected throughout its lifecycle.

Protegrity integrates seamlessly with Starburst’s Trino-based, massively parallel processing (MPP) query architecture, applying tokenization, encryption, and dynamic masking during query execution. Using Protegrity UDFs embedded in Starburst, protection policies are invoked in real time through the Protegrity Policy Enforcement Platform (PEP) server. This ensures data can be securely queried, federated, and shared across diverse sources—without performance trade-offs or data movement

The data journey

Visualizing the data journey

The data journey

The data journey explained

01
Data Access

Starburst enables organizations to query data across data lakes, relational databases, NoSQL stores, and cloud platforms without moving it. As queries are executed, Protegrity UDFs ensure sensitive fields are identified for protection.
02
Data Protection & Transformation

Protegrity applies encryption, tokenization, or masking to sensitive values at runtime. Policies are centrally managed in the Protegrity ESA and enforced by the PEP server, ensuring consistency across hybrid environments.
03
Data Consumption & Analytics

Business analysts, data engineers, and scientists can query and analyze protected datasets across sources, while unauthorized users see only tokenized or masked data.
04
AI/ML Enablement

De-identified or tokenized datasets accessed via Starburst can be securely exported into AI/ML pipelines, enabling advanced analytics while meeting GDPR, HIPAA, PCI-DSS, and CCPA requirements.
05
Data Sharing & Collaboration

With Protegrity policies applied natively within Starburst queries, organizations can securely expose governed datasets to subsidiaries, partners, and external consumers without risk of sensitive data leakage.
06
Monitoring & Auditing

Protegrity logs every protect/unprotect event triggered through Starburst. These logs feed into enterprise monitoring systems, enabling compliance teams to audit usage and demonstrate adherence to regulatory frameworks.

Use Cases

See how teams unlock cross-source analytics, secure data sharing, and AI/ML workflows with Starburst—while Protegrity enforces field-level protection and policy controls at query time.

Finance

Protecting Sensitive Customer Data Across Distributed Systems

Challenge

Financial institutions must modernize analytics while managing strict regulations (PCI-DSS, GDPR). Sensitive customer data—account numbers, card details, and transaction histories—resides across multiple lakes, warehouses, and databases, making compliance difficult and slowing innovation.

Solution

With Protegrity integrated into Starburst, banks can apply tokenization or encryption at the field level across all federated queries. Starburst allows analysts and data scientists to securely run cross-platform queries, build dashboards, and train fraud detection models—without exposing raw PII.

Result

A global bank reduced compliance reporting efforts by 40% and accelerated fraud detection capabilities, while maintaining PCI compliance and enabling faster insights across its distributed data estate.

Healthcare Payers

Enabling Secure Patient Data Sharing Across Federated Sources

Challenge

Healthcare providers must collaborate with external research partners while ensuring HIPAA and GDPR compliance. Patient data (PHI) is often fragmented across EHR systems, data lakes, and cloud storage, making secure collaboration difficult.

Solution

Protegrity’s integration with Starburst applies tokenization and masking to PHI dynamically during query execution. This enables researchers and clinicians to query de-identified, federated views across systems without replicating or moving raw patient data.

Result

A major healthcare network securely shared de-identified patient datasets with research institutions, reducing time-to-insight for clinical trials by 30% while maintaining HIPAA compliance across federated sources.

DEPLOYMENT

Deployment of Protegrity Data Protection with Starburst offers flexible models to meet enterprise, hybrid, and cloud-native needs. In all cases, sensitive data is persistently protected at query time, ensuring compliance without disrupting Starburst’s federated analytics workflows.

Node-Level Protector (Enterprise / On-Prem Clusters):

In traditional Starburst deployments, Protegrity provides the Starburst Protector, a lightweight agent installed on each Starburst worker node. This ensures data protection (encryption, tokenization, masking) is applied locally as queries are processed. Because every node runs its own agent, protection scales in parallel with cluster growth, enabling high-throughput, fault-tolerant execution across large, distributed environments.

Kubernetes Sidecar Protector (EKS / OpenShift / Containerized Deployments):

For Kubernetes-based deployments, Protegrity can be deployed as a sidecar container alongside each Starburst worker pod. This model offers the same local, parallelized protection as the node-level protector, but with added advantages of container orchestration: simplified scaling, rolling upgrades, and workload isolation. The sidecar ensures that sensitive data is protected or unprotected as part of the pod lifecycle, integrating seamlessly with Kubernetes features like autoscaling and service discovery.

Cloud Function Protector (Cloud-Native Elasticity):

In fully cloud-native models, Protegrity leverages serverless cloud functions (e.g., AWS Lambda, Azure Functions, Google Cloud Functions) to apply protection policies dynamically during query execution. This approach allows Starburst clusters to scale elastically, offloading protection workloads to parallelized, on-demand services that can handle bursts in query volume with minimal latency.

Across all deployment models, policies are centrally defined and managed in Protegrity’s Enterprise Security Administrator (ESA) and enforced dynamically via Starburst UDFs. The Policy Enforcement Platform (PEP) server synchronizes with ESA to ensure consistent protection logic across nodes, pods, or functions. Auditing and logging of all protection/unprotection events feed into enterprise monitoring systems and compliance frameworks, while integration with Starburst’s RBAC ensures that only authorized users can access unprotected values.

This flexible architecture allows organizations to deploy Protegrity with Starburst in the way that best fits their environment—whether enterprise data centers, Kubernetes clusters, or public cloud—while always delivering parallelized, scalable, and policy-driven protection for sensitive data.

RESOURCES

Guides and demos to help your team deploy Protegrity with Starburst and run governed federated queries—fast, compliant, and AI-ready.

Solution Brief: Protegrity + Starburst

A concise overview of how Protegrity secures federated queries in Starburst with tokenization, encryption, and masking—enabling compliant analytics and AI across hybrid data sources.

READ BRIEF

Watch the Starburst Demo

See real-time, query-time protection in action—how Protegrity policies apply inside Starburst so teams can analyze distributed data without exposing sensitive fields.

VIEW DEMO

Frequently
Asked Questions

Protegrity integrates with Starburst through multiple deployment models:

Starburst Protector agents installed on each worker node (on-prem or enterprise clusters).
Sidecar containers for Kubernetes-based deployments (EKS, OpenShift, etc.).
Cloud functions for cloud-native elasticity. In all models, Starburst UDFs call Protegrity APIs at query time to protect or unprotect data, ensuring sensitive values are secured with minimal impact on performance.

See for yourself

Technical Demos

Practical Guide

Start Building Today

Protegrity & Starburst

overview

Key Integration Feature

Features & Capabilities

Granular Data Protection: Security Embedded at the Query Level

Why it Matters

How it Works

Seamless Integration with Starburst Query Engine: Security Without Disruption

Why it Matters

How it Works

Unified and Secure Data Access: Collaboration Without Risk

Why it Matters

How it Works

AI & Analytics Enablement: Unlock Insights from Distributed Data

Why it Matters

How it Works

Compliance Simplification: Consistent Protection Across Hybrid Environments

Why it Matters

How it Works

Architecture & Sample Data Flow

The data journey

Visualizing the data journey

The data journey

The data journey explained

Data Access

Data Protection & Transformation

Data Consumption & Analytics

AI/ML Enablement

Data Sharing & Collaboration

Monitoring & Auditing

Use Cases

Finance

Challenge

Solution

Result

Healthcare Payers

Challenge

Solution

Result

DEPLOYMENT

Node-Level Protector (Enterprise / On-Prem Clusters):

Kubernetes Sidecar Protector (EKS / OpenShift / Containerized Deployments):

Cloud Function Protector (Cloud-Native Elasticity):

RESOURCES

Solution Brief: Protegrity + Starburst

Watch the Starburst Demo

Frequently Asked Questions

See the Protegrity platform in action

Architecture &
Sample Data Flow

Frequently
Asked Questions

See the
Protegrity
platform
in action