New Oasis Integration for Databricks Secures access to data and AI

Databricks empowers organizations to process and analyze data at scale, transforming raw data into actionable insights and enabling advanced AI and machine learning workflows. Databricks has become a critical system for many enterprises. Like other PaaS solutions, Databricks relies on non-human identities (NHIs), such as Personal Access Tokens (PATs), Service Principals and Secrets, and consumer installations (applications), for AI, operations and connectivity. If left unmanaged, these NHIs can introduce significant security risks. 

Today, we are excited to announce the Oasis integration with Azure Databricks redefining how organizations manage and secure Databricks NHIs—enabling innovation without compromising on security.

‍

Why Databricks Security Hinges on Non-Human Identities

Databricks thrives on automation and scalability. From API calls and workflow orchestration to third-party integrations, NHIs are central to how the platform operates. Here are the key non-human identities in Databricks:

• Personal Access Tokens (PATs): Commonly used by individual users to interact with Databricks resources through APIs, often automating critical workflows such as data pipeline operations or scheduled jobs. PATs inherit the permissions of their creator (user), making them high-value targets if compromised.‍
• Service Principals: These non-human accounts handle production jobs and integrations within Databricks. They authenticate using secrets, such as OAuth tokens, to access resources. ‍
• Secrets: Vaulted secrets in Databricks store sensitive credentials used for various data analysis jobs and internal applications. ‍
• Consumer installations (Applications): These represent third-party tools or integrations connected to Databricks, often requiring specific permissions to interact with your data and execute operations. 

We’ve previously discussed why managing Non-Human Identities (NHIs) is critical, but let’s focus on the specific case of Databricks identities.

When NHIs in Databricks are left unmanaged, they create serious security gaps that attackers can exploit—whether stale secrets, long-lived tokens, or over-permissioned integrations. This is particularly important because Databricks serves as a unified platform connecting your data sources. A breach could disrupt operations, expose sensitive data, damage customer trust, and lead to severe financial and reputational losses.

Securing these identities isn’t just about compliance—it’s about ensuring Databricks operates securely and efficiently, without becoming a prime target for breaches.

‍

How Oasis Secures Databricks Identities

Once Oasis is connected to your Databricks environment, Oasis NHI Cloud Security brings a comprehensive, automated approach to managing Databricks identities, addressing vulnerabilities at their source. Here’s what makes Oasis stand out:

1. Single-pane of glass for complete visibility

Oasis provides a real-time inventory of every non-human identity in your Databricks environment. For each identity, you will see its consumers, resources, permissions, human owners and secrets. Additionally, you will also be able to view the exact actions that each consumer performed, such as  - such as getCluster or deleteList-,  the authentication methods used -Oauth token-, the originating IP addresses. The integration supports multiple Databricks Workspaces (Databricks Workspace is an environment for accessing all of your Databricks assets.)

Databricks NHI dependency graph in Oasis: 

2. Proactive Risk Detection and Mitigation

By continuously monitoring NHIs, Oasis is able to identify and mitigate the following risks: 

• Stale Secrets and Unrotated and Long Expiration PATs
• Stale Service Principal
• Over-privileged Service Principals.
• Anomalous or unauthorized Service Principal activity.
  

3. Third-Party Risk Management

Unused or over-permissioned consumer installations (application) can quietly expand your attack surface. Oasis flags these vulnerabilities, providing actionable insights to secure your environment.

4. Automated Lifecycle Management

Oasis simplifies key security practices:

• Secret Rotation: Ensures secrets like PATs and secrets are automatically refreshed on a regular basis. 
• Human Ownership Assignment: Suggests and assigns NHIs owners automatically, enhancing accountability and enabling streamlined management of critical actions. 
• Human Ownership Attestation: Flags unnecessary permissions or outdated ownership assignments for review and removal.
• Inactive Identity Cleanup: Identifies and deactivates unused accounts and tokens that are no longer in use. 

‍

Build a Resilient Databricks Environment with Oasis

Databricks powers modern data innovation, enabling organizations to harness the full potential of big data and AI workflows—but protecting it starts with securing the NHIs that keep it running. Oasis provides the tools, automation, and insights you need to secure your Databricks environment without adding complexity.

And this is just the beginning. As Databricks continues to play a critical role in today’s data-driven and multi-cloud environments deployments, we’re expanding our capabilities to cover Databricks deployments across other platforms, such as AWS or GCP. 

Ready to elevate your Databricks security? Contact Oasis today for a free assessment and see how we can help you protect what matters most while staying ahead of what’s next.