Snowflake's cloud native data architecture allows users to easily create shares and materialized views without making copies. The Snowflake Marketplace makes it easier than ever to access external third party data to share as well.
Sharing data can speed up innovation, drive growth and help avoid risks, but it can be challenging. The larger the organization and the more diverse the data sources - the higher the risk that data sharing can cause more problems than it solves.
What are those problems? If you are CISO, you worry that any analyst in the firm could accidentally share sensitive data and unprotected personal data causing fiscal and reputational harm. What is in the data to start with, and who is actually allowed to share it under what circumstances? Also, what if you implement several rules for data sharing? You worry that if you mandate complex data sharing and access policies across teams and lines of business, you will end up with different data masking policies in different teams and a siloed approach that delivers varied results to auditors and 3rd parties.
If you are CDO, you worry that you must clearly understand what sensitive data exists in Snowflake now and as it migrates into the environment. Humans who know the data are few and far between - you need AI to tell you what sensitive information is in the data so your CISO can protect it.
So for data protectors and data policy leads, if you want to get the best out of Snowflake's data sharing, you want 1) a capability that uses AI to id and label all the data with high accuracy, 2) you want a Data Command Center plane that provides granular access policy creation and enforcement that is the same for Snowflake as it is for every other system, line of business and user; and finally, 3) you want an automated way to set up workflows and remediation so data sharing can happen without friction for end users.
Securiti and Snowflake work together to ensure that all obligations around sensitive data in your Snowflake data sharing environment are met. Securiti leverages automation around sensitive data insight, governance, and masking. When this automation is embedded into your Snowflake sharing environment, it provides continuous, autonomous protection of your shared data.
Understand Shared Sensitive Data
Securiti’s Sensitive Data Intelligence scans all of the data that exists with Snowflake. It automatically detects and classifies sensitive data, including sensitive data elements such as medical identifiers, financial information and more. The solution automatically applies metadata tags and labels sensitive data allowing you to track and enforce security policies on shared data.
Understand Roles and Users Accessing Shared Sensitive Data
Securiti’s Access Intelligence and Governance solution goes a step farther by providing deep insight into which users and roles are accessing sensitive data within your data shares. The solution delivers an overall picture of user access on your platform, including users and the roles they have, the tables accessed, data element types and data accessed. This insight provides you the information to better understand and protect your shared data, and put in place more secure sharing access models such as a least privileged access model.
Mask Shared Sensitive Data
Snowflake provides the foundational infrastructure within the platform to enable organizations to mask specific data within the platform. Masking data has a huge benefit in data sharing environments by enabling companies to share their data with users to drive business value without actually sharing specific sensitive data. The goal of data masking in a Snowflake data sharing environment is to protect sensitive data, while providing a functional alternative when real data is not needed.
Securiti’s Data Access Intelligence and Governance solution simplifies and streamlines the data masking process for shared data in Snowflake. The solution harnesses sensitive data classification and tags to create dynamic masking policies via a centralized policy engine, working in conjunction with Snowflake's native masking capabilities.
Any time data is added or changed within your Snowflake data sharing environment that has the same tags, it will be dynamically masked for the defined user or role.
Automate Access to Shared Data
Data shares in Snowflake utilize standard role-based access control that Snowflake provides for all objects in the system. With rapidly growing and changing Snowflake environments there is a need to automate the process of mapping users and roles to underlying sensitive data in data shares.
Securiti’s Data Access Intelligence and Governance provides the ability to automate role and user access in Snowflake based on an understanding of sensitive information in data shares. Policies can be created based on sensitive data element groups or tags vs. having to manually define access rights at a row or column level. . If any data is added or changed within a store that is tagged, then data access restrictions will automatically apply to that updated or changed data.
Securiti can enhance your existing Snowflake data sharing environment by enabling your organization to:
- Better secure and protect shared sensitive data with insight into sensitive data access
- Implement automatic policies around Snowflake data masking
- Streamline Snowflake user access management around sensitive data
- Make your Snowflake data sharing environments more compliant to data privacy and protection regulations
