Categories
Blog

TrustLogix Data Security Platform Integrates with Snowflake Data Governance Framework

TrustLogix Data Security Platform Integrates with Snowflake Data Governance Framework

TrustLogix delivers insights into data misuse and detects unprotected data that helps businesses proactively control access and implement Least Privilege security model

Authors: Srikanth Sallaka, Co-Founder and Head of Product at TrustLogix
Date: November 16, 2021

TrustLogix has worked closely with the Snowflake team on this integration architecture. We'd like to acknowledge Paul Gancz, Partner Solutions Architect at Snowflake for his valuable contributions to this blog.

Organizations are transforming their business processes, culture, and customer experiences to rely more on digital technologies to achieve better business outcomes. Data is the critical part for each of these digital transformations. In many cases this involves PII data or an organization’s sensitive data, which brings a need for oversight on how this data is used. Furthermore, regulations, compliance and security controls can create conflicts with business teams and data security operations. A cross-team strategy is required to reduce the friction between these teams. Data security operations require a tool that serves as an accelerator to data-led innovation without impeding the process. The tool should:

  • Provide the governance team the necessary visibility on who is accessing data
  • Give the data security team a unified console to create consistent data security policies across multiple data platforms
  • Make it easy for data consumers such as Analysts, Data Engineers, and Data Scientist to get immediate access to the data they are entitled to

As a Snowflake Data Governance partner, TrustLogix provides a single pane console to intelligently discover unauthorized data usage and protect sensitive data in the Snowflake Data Cloud.

We recommend that our customers start with observability to discover possible misuse of data in Snowflake, then use the recommendations provided by our patent-pending Trustlet to protect sensitive data.

TrustLogix leverages Snowflake Access History to analyze and establish data access patterns:

Discover Data Access Issues

Governance and regulation teams require visibility into who is accessing data. They need to be alerted if anydata access violates compliance such as SOX (Sarbanes-Oxley), SoC2, GDPR, etc.

To help them, TrustLogix furnishes a library of policies to monitor user and data activity in Snowflake. It also provides alerts when there is any deviation from the organization’s established security rules. Additionally, some Key Risk Indicators listed below are also highlighted:

  • Identify Shadow IT tools used to connect to Snowflake or unexpected geo-locations used
    to log into Snowflake. For example, in the diagram below “ SQL Workbench/J” is not an approved
    IT tool
  • Alert when users export sensitive data into AWS S3 buckets
  • Alert when sensitive data is shared between accounts

TrustLogix analyzes data in Snowflake’s Account Usage views, Access History, and Session tables to derive these insights.

Recommendations to Enforce Least Privilege Access

Data owners are required to establish a Least Privilege Access model for their data in Snowflake or any other cloud data platform. TrustLogix analyzes various Snowflake data security policies, audit logs, and identity and role assignments to detect possible deviations from industry standards for the Least Privilege Model and offers actionable recommendations. These recommendations include:

  • Privileged User Activity: Recommendations-based analysis of user activity. Some users have roles or permissions that give them access to privileged operations like Export/Import Copy/Duplicate sensitive data. TrustLogix analyzes the Snowflake Access History View to detect anomalies & provides recommendations 
  • Overly Defined Privilege Assignments: Analyze privileges granted to a role and compare with access logs to determine which privileges are least used. Offer recommendations to modify the policy to adhere to the principle of least privilege accesss
  • Data Security Policy Effectiveness: Use access patterns to understand the level of policy effectiveness on classified data objects. Provide recommendations based on usage patterns. Example: Un-protected or publicly granted Sensitive Data Objects

Define and Enforce Data Access and Entitlement Policies

Data owners require the power of fine and coarse-grained Access Control on data to satisfy compliance regulations, internal business mandates, and basic security principles.

Snowflake provides customers with Row Access policy, Conditional Masking, Dynamic DataMasking, and Tagging capabilities. TrustLogix leverages Row access Policies and Dynamic data masking capabilities to deliver a simplified UI console for data owners to build high-precision data security policies.

TrustLogix also complements Snowflake’s native data security constructs by providing business entitlements based on fine-grained data security. Organizations typically have externalized business entitlement policy data that is required to determine what data a user is entitled to.

For example: In a publicly traded company users in the marketing organization cannot view financial data for the current quarter. In this scenario TrustLogix integrates with the external business policy and converts it into the appropriate Snowflake native policy.

Summary

With the TrustLogix solution, data owners, data engineers, data governance practitioners, and data security officers gain visibility into data misuse discover data access and sharing patterns, and enforce access control policies with an easy to use policy console and scalable cloud-native Trustlet architecture.
Watch this demo video to learn more.

Categories
Blog

TrustLogix Data Security Governance Platform Simplifies Securing Data in Snowflake Data Cloud

TrustLogix Data Security Governance Platform Simplifies Securing Data in Snowflake Data Cloud

Author: Srikanth Sallaka, Co-Founder and Head of Product at TrustLogix
Date: November 3, 2021

TrustLogix has worked closely with the Snowflake team on this integration architecture. We'd like to acknowledge Paul Gancz, Partner Solutions Architect at Snowflake for his valuable contributions to this blog.

As the speed at which data is generated continues to increase, businesses rely on multiple data platforms to process, store, and analyze data. This explosion of data leads to siloed data security and operations, which in turn is creating a nightmare for data owners, data security operations, and governance teams. At TrustLogix, we believe that securing data at the source will empower business users and organizations with greater control over their data, and deliver actionable insights while streamlining data security and privacy operations. As a Snowflake Data Cloud partner, the TrustLogix platform strategy is to lead with data usage monitoring, identify security blind spots, and then enable data teams with access control policies to secure data within Snowflake, data pipelines, data lakes, and BI analytics platforms.

Given the ease of adding data to the Snowflake Data Cloud, and the desire to make that data available to as many users in an organization as possible, securing the data through standard policies and controls is obviously important, and is a key piece of the TrustLogix solution. Equally important is the need to identify and control attempts to access data in ways that, while technically allowed, could potentially violate security policies. The combination of policy definition and enforcement, along with monitoring and automated detection of improper data access, provides the security and privacy controls that organizations require.

TrustLogix Monitoring & Access Service for Snowflake uses a patent pending cloud-native technology, called a Trustlet, to monitor and secure data in the Snowflake data cloud. With this solution, data engineers, security teams, and governance teams can monitor and secure access to data. The TrustLogix solution provides the following key capabilities:

  • Observe and learn any mis-use of data
  • Automate enforcement of granular access controls
  • Cloud-native Trustlet architecture

TrustLogix Leverages Snowflake Java UDF and Snowpark Preview Features to Deliver Advanced Data-Security-as-a-Service Capabilities in the Snowflake Data Cloud

Snowflake has recently announced many new features, including Snowpark and Java User Defined Functions (UDFs). These new features deliver more control to data owners and consumers to process data without moving data out of the Snowflake cloud. We are excited to use these features, allowing us to deliver advanced security use cases such as building risk scores and preventing Separation of Duties (SoD) and Sarbanes-Oxley (SOX) compliance violations in real time.

Automated Detection of Separation of Duties Violations

As many organizations move to cloud-based data platforms they need to establish a framework for managing regulatory and compliance requirements. SOD is a basic building block to minimize any fraudulent or non-compliant behavior. In an organization that uses Snowflake for managing their accounting data, a person responsible for building analytics reports on Journal entries should not be the same person who is also responsible for loading this data into the system. Similarly in organizations that use Data warehouses to improve product offerings by analyzing customer usage patterns, GDPR mandates that individuals responsible for designing and implementing security must not be the same person as the person responsible for testing security or conducting security audits.

Trustlogix’ patent pending risk-based access control model will continuously monitor for SOD and SOX compliance violations and help achieve the required business compliance. We use ML Models to build a risk score to identify conflicts in privilege and role assignments. We are leveraging Snowpark to implement these models. We use Snowpark dataframes in the implementation to get the latest roles, privileges, policies, and access data from the Snowflake Information Schema to build the model and implement a risk score. We use this risk score in a secure view to block any data access requests by users who use the conflicting role and stop risky actions before they occur.

The sequence diagram below illustrates the steps on how TrustLogix enforces risk based access controls to ensure complaint usage of data.

Users will access the data in Snowflake via a secure view created by TrustLogix. This view has a built-in UDF to compare the risk score for this data request. The request is approved or denied based on the acceptable threshold of the risk score.

Here is a video which demonstrates automated detection of SoD violations using the Snowpark and Java UDF features:

With the TrustLogix solution, data engineers, data governance, and data security officers can get visibility into data mis-use, discover data access and sharing patterns, and enforce access control policies with an easy to use policy console and scalable cloud-native Trustlet architecture. Contact us at hello@trustlogix.io to schedule a demo. Please visit Product Page to learn more. You can also download our Snowflake Product Overview to read about the benefits of our Snowflake product integration.