A leading healthcare enterprise embarked on an enterprise-wide data modernization journey moving from legacy on-prem providers to working with Cloud data storage such as Snowflake, DataBricks and AWS. The organization brought together clinical and payer data from multiple practices, hospitals, and systems with a vision that data should not be siloed but instead democratized to enable a wide range of employees to explore, analyze, and collaborate on critical data.
Challenges - Manage Complex Data Access Policies to Meet Healthcare Compliance
A manual approach using a spreadsheet/word document was used to track hundreds of roles which determined the datasets accessed by patients, healthcare providers, business partners, and internal governance teams. They also had to meet healthcare, state, and patient privacy regulations with intricate data access policies that needed changes on a monthly basis.
They followed a code-based approach to writing access control leveraging natively supported data access controls in Snowflake such as row and column tagging. The manual deployment meant that the process was error-prone, non-scalable, with no evidence of which users have access to what data, potential data leakage, and, most importantly, they could not onboard their customers/ consumers faster without being blocked by security and compliance restrictions.
Requirements - Streamlining Data Access and Securing Sensitive Data
The enterprise wanted to separate the access rules for independent management of databases. TrustLogix proved an ideal tool allowing automated access control management and securing sensitive data. The organization had the following requirements:
- Ensure that healthcare data can be seen only by roles entitled
- Implement masking or other mechanisms to ensure that certain sensitive data / highly classified data is protected
- A no-code method of managing and providing fine-grained data access
- Visualize role entitlements and revoke/assign roles seamlessly.
How TrustLogix is Helping
TrustLogix is a cloud-native data security solution that cannot see or touch the data itself and enables fine-grained data access control for Snowflake and various other cloud data platforms. The sequence of providing access and securing sensitive data are as follows :
- TrustLogix gets the user context from the IAM Platform
- TrustLogix reads the Data classification/data catalog information to identify sensitive data / highly classified data such as PII, and PHI information from Data Classification tools such as Ataccama, Alation etc.
- Mapping of functional roles to the access role is done through TrustLogix Access Analyzer and pushed natively into Snowflake. TrustLogix Access Analyzer also helps in revoking/assigning access seamlessly
- TrustLogix applied granular Access Policies - Role-based (RBAC) and Attribute-Based (ABAC) as per the user’s access privileges and attributes.
- Row-level filtering was applied to restrict access to specific rows and exclude data with member confidentiality based on PHI information.
- Column Filtering(Data Masking) ensured that non-entitled users saw restricted data(such as financial, competitive and state regulations-based fields) masked with stars.
- Using the Schema Access(Privilege template) certain similar types of access roles were granted standardized privileges/permissions to access specific data objects.
- Fine-grained policies are pushed natively to Snowflake using TrustLogix
Healthcare Analytics Data Access Control & Governance
Benefits
The healthcare enterprise gained the following benefits through the TrustLogix :
- Managing role entitlements from a centralized place improved operational effort and time.
- Row-level filtering meant reusable entitlement definitions in multiple policies and centralized visibility of all the conditions
- Column Filtering(Data Masking) ensured the conditions could span multiple data products reducing the number of engineering FTEs.
- Privilege templates helped standardize permissions granted to similar types of access roles across the enterprise adding to simplified operations.
- Eventually, all of this helped quick data access and faster onboarding of customers/ consumers without being blocked by security and compliance restrictions.
Want to learn more about how TrustLogix can help you streamline your data access and secure your sensitive data? Get a free data security assessment on your Snowflake accounts by registering for a free 90-day data protection service.