Security DAIS 2026

Security & Compliance: Scaling AI in Regulated Environments

Databricks announces automatic identity management, simplified private connectivity for serverless workloads, and new global compliance certifications across AWS, Azure, and GCP.

What's new

  • AIM for Microsoft Entra ID is GA on AWS and GCP; AIM for Okta in Public Preview
  • Context-Based Ingress (CBI) in Public Preview across all three clouds for zero-trust access
  • Private Network Gateway simplifies serverless connectivity to private systems
  • Lakebase Private Connectivity GA on AWS, Public Preview on Azure
  • HITRUST available across all three major clouds
Source: Databricks Blog
Security & Compliance
certification matrix
LAKEWATCH
Certification AWSAzureGCP Stage
HITRUST CSF GA
ISMAP GA
FedRAMP High In Progress
ISO 27001 GA
SOC 2 Type II GA
PCI DSS GA
AIM — Agent Identity Management
Microsoft Entra
Identity Provider
Okta
SSO + MFA
Databricks AIM
Agent Identity Core
Unity Catalog
Governed data access
Unity AI Gateway
Model policies
14+ Integrated Security Partners
AI Runtime Security
Alice CrowdStrike Cyera HiddenLayer Netskope Noma Obsidian Openlayer Palo Alto Zscaler
Identity & Access
Okta Ping Identity SailPoint Saviynt
Simulated threat detection — Lakewatch
Full analysis

Overview

As organizations democratize data access through AI interfaces and scale serverless infrastructure, security teams face growing pressure: maintain compliance without becoming an operational bottleneck. At DAIS 2026, Databricks announced three key advances that address this tension directly.

The announcements cover: expanded automatic identity management for Genie and AI applications, simplified private connectivity for serverless workloads, and new global compliance certifications broadening support for regulated industries.

Automatic Identity Management (AIM) Expansion

AIM for Microsoft Entra ID reached General Availability on AWS and GCP, building on existing Azure support. AIM for Okta entered Public Preview on AWS and GCP.

These solutions eliminate manual user provisioning bottlenecks by using identity providers as the authoritative source for user and service principal management. For organizations with hundreds or thousands of Databricks users, this means directory additions, removals, and changes propagate automatically — no custom sync scripts required.

Context-Based Ingress (CBI), now in Public Preview across AWS, Azure, and Google Cloud, enables zero-trust access policies based on network source, identity, and access scope. This allows secure exposure of Genie, dashboards, Databricks Apps, and AI Gateway endpoints to external users without compromising security posture. Inbound Private Link expansion for account-level resources is launching in Beta by June 2026.

Simplified Secure Connectivity

Private Network Gateway enables serverless workloads to connect securely to private data sources, APIs, and enterprise applications — eliminating the need to manage individual connections to every resource. Currently available in Private Preview on Azure Databricks.

Lakebase Private Connectivity expands inbound Private Link support for Lakebase, Zerobus, and account services: Generally Available on AWS, Public Preview on Azure. This maintains network isolation while supporting high-throughput operational and AI workloads.

Expanded Compliance Coverage

Azure Serverless Compliance: Serverless compute now offers the same compliance certifications as classic compute across regulated industries.

Saudi Arabia Framework Support (GCP): Adding support for National Cybersecurity Authority frameworks (CCC, DCC, ECC), planned later in 2026.

HITRUST: Now available across AWS, Azure, and Google Cloud, supporting healthcare organizations seeking widely-adopted security frameworks.

ISMAP (Japan): Now certified on Azure and AWS, validating adherence to Japan’s government security standards for public sector and regulated industries.

AWS GovCloud: Added Databricks Apps, Model Serving, AI Search, Predictive Optimization, Genie, and Genie Code, strengthening capabilities for highly regulated public sector workloads.

FedRAMP High: Coming to Azure Commercial later in 2026, extending compliance support for public sector and regulated organizations.

Key Points

  • AIM for Microsoft Entra ID is GA on AWS and GCP; AIM for Okta in Public Preview
  • Context-Based Ingress (CBI) in Public Preview across all three clouds for zero-trust access
  • Private Network Gateway simplifies serverless connectivity to private systems
  • Lakebase Private Connectivity GA on AWS, Public Preview on Azure
  • HITRUST available across all three major clouds
  • ISMAP certified on Azure and AWS for the Japanese public sector
  • AWS GovCloud with Genie, Model Serving, AI Search, and more
  • FedRAMP High on Azure Commercial coming in 2026
  • Serverless on Azure with the same certifications as classic compute

Why It Matters

AI adoption in regulated industries — banking, healthcare, government — has been limited by two frictions: the complexity of maintaining identities synchronized at scale, and the difficulty of obtaining compliance certifications for new cloud capabilities like serverless.

AIM eliminates the first friction: instead of manual synchronization, corporate directories become the source of truth for Databricks access. Context-Based Ingress eliminates the second: instead of exposing entire platforms to external users (with all the risks that entails), organizations can define exactly what surface they expose and under what conditions.

The HITRUST and ISMAP certifications, combined with AWS GovCloud expansion, signal Databricks’ commitment to being a viable platform in the most regulated environments globally — removing one of the last barriers to enterprise AI adoption in industries where compliance is non-negotiable.

Previous Next
Based on official content from Databricks Official source