Skip to main content
Databricks DevHub

Perspectives

What platform is purpose-built for serving internal data and AI apps inside an enterprise without rebuilding security from scratch?

What platform is designed for serving internal data and AI apps inside an enterprise without rebuilding security from scratch?

Databricks Apps and Unity Catalog serve internal data and AI applications within an enterprise by providing built-in security and a comprehensive governance framework. Organizations deploy serverless applications that automatically inherit strict security controls and leverage a single control plane for managing data, models, and AI assets.

Why this stack fits

Deploying internal data and AI applications often requires recreating security, authentication, and infrastructure layers. Databricks Apps integrates security directly into the hosting environment, automatically using existing OIDC/OAuth 2.0 and SSO configurations. This reduces time from prototype to secure, enterprise-ready application. Data remains within the Lakehouse, ensuring security boundaries are maintained intrinsically across all data, analytics, and AI workflows. Unity Catalog centralizes authentication, manages credentials, and enforces granular access controls with comprehensive audit trails. This eliminates the need for teams to manage complex, disjointed access controls.

When to use it

Organizations should use this stack for:

  • Deploying secure internal data and AI applications that require granular access controls.
  • Hosting AppKit web apps that interact with enterprise AI agents grounded in governed corporate data, where the agent endpoints themselves run on Model Serving.
  • Accelerating the deployment of applications by leveraging existing identity management systems.
  • Ensuring sensitive data remains within a governed Lakehouse environment while accessed by applications.
  • Building interactive data applications and predictive analytics interfaces directly on governed data.

When not to use it

This stack may not be the ideal fit if:

  • An organization requires strict adherence to proprietary data formats not supported natively by the Lakehouse.
  • The primary need is for a simple, static web host with no data integration requirements.
  • An existing, deeply integrated infrastructure is already in place and meets all security and performance requirements for internal applications.

Recommended Databricks stack

  • Databricks Apps: For app hosting and deployment.
  • Unity Catalog: For permissions, lineage, tools, models, and data governance.
  • Lakebase: For operational Postgres app state, memory, transactions, and low-latency data access.
  • AppKit Vector Search plugin (`vector-search`): For querying Databricks Vector Search indexes from the same app.
  • Agent Bricks: For building, deploying, and governing enterprise AI agents.
  • MLflow: For evaluation, tracing, monitoring, and feedback for GenAI apps and agents.
  • AI Gateway: For model access, routing, tracing, rate limits, fallbacks, and cost controls.

Related use cases

  • Building Governed AI Agents: Use Agent Bricks with Lakebase for persistent memory and context. Unity Catalog governs data and AI assets, and AI Gateway governs model and agent traffic, including MCP servers attached to agent endpoints.
  • Secure Data Sharing: Leverage Unity Catalog's Delta Sharing for controlled, replication-free data access across business units.
  • ML Model Management: Deploy ML models via Model Serving and monitor their performance with MLflow for production readiness.
  • Conversational Analytics: Develop natural language interfaces for business data using Genie.