How do you keep your data safe from hackers? Do you have a safe and effective way to get it to your business partners? Can you make sure they have the latest and most up-to-date copy?
This article will talk about Snowflake and how to securely share data with the Snowflake platform.
Snowflake is a fully-managed data warehouse service for data engineering, data science, data lakes, and data warehouses. It's also an excellent platform for sharing and consuming shared data. Snowflake is available in Amazon Web Services, Microsoft Azure, and Google Cloud.
Snowflake comes with on-the-fly scalability and robust automation capabilities. And, of course, it has powerful data-sharing features that we'll cover in-depth below.
It's helpful to understand a few key points about Snowflake.
Security is an essential aspect of Snowflake's offering. They argue that they built security into their system rather than "bolting it on." It's deployed at government agencies and is approved for several certified levels of access.
Snowflake's robust platform has many uses case, including:
Data sharing is the process of distributing collections of data with other users and apps. Effective data sharing does this while maintaining data integrity. It also restricts access to only the people who need to have access to it.
Wikipedia's definition of data sharing discusses sharing scholarly and scientific information. It covers the reasons, methods, and problems involved with those activities. For a long time, data sharing was primarily an academic issue. But that's not true anymore. Now, as data sets grow in size, scope, and importance, data sharing is an important business activity.
Data sharing for business presents a significant set of problems. Some are new, and some have been around for a long time.
The new problems emerge from the nature of the data businesses collect and analyze. Business data often contains sensitive information about customers or business operations, and companies collect vast quantities of information.
Here are some of the problems effective data sharing must account for:
Secure data sharing guarantees the safety and integrity of data. It enforces access control so that users only see the data they should. And, it locks out users that shouldn't see any data at all. It also ensures that data stays safe and complete until it reaches its final destination.
Snowflake enables data sharing without moving or copying it. They use their services layer to provide read-only access to information that data owners mark as eligible for sharing.
This design solves several issues:
In Snowflake terminology, Providers share data with Consumers.
Providers share data by creating Snowflake Shares. Shares contain the information Snowflake needs to share a database:
The share makes the database and objects accessible in the consumer's accounts. New objects are available in real-time, and the provider can revoke access at any time.
With Snowflake, you can share data with more than one consumer and from more than one database. It's the foundation of their Data Marketplace, and any Snowflake user can contribute data to the marketplace using these tools.
Providing your Snowflake data to consumers is a straightforward process. Let's see how it's done.
We'll perform these steps using Snowflake's SQL. So, you'll need a session via the web interface or another SQL tool.
For this tutorial, we'll assume the following:
So let's get started!
First, we need to create a share:
create share myshare;
Then, we need to add the shared objects to the share. In order to see shared_table, our consumers need to have usage access to the database and schema. Then they need select access on the table.
So, we'll add three objects to the share:
grant usage on database mydata_db to share myshare;
grant usage on schema mydata_db.myschema to share myshare;
grant select on table mydata_db.myschema.shared_table to share myshare;
Before adding users to the share, we can view its privileges to make sure we didn't miss anything.
show grants to share myshare;
+-------------------------------+-----------+------------+---------------------------------+------------+-----------------+--------------+--------------+
| created_on | privilege | granted_on | name | granted_to | grantee_name | grant_option | granted_by |
|-------------------------------+-----------+------------+---------------------------------+------------+-----------------+--------------+--------------|
| 2022-02-15 16:45:07.307 -0700 | USAGE | DATABASE | MYDATA_DB | SHARE | MYSTUFF.MYSHARE | false | ACCOUNTADMIN |
| 2022-02-15 16:45:10.310 -0700 | USAGE | SCHEMA | MYDATADB.MYSCHEMA | SHARE | MYSTUFF.MYSHARE | false | ACCOUNTADMIN |
| 2022-02-15 16:45:12.312 -0700 | SELECT | TABLE | MYDATADB.MYSCHEMA.SHARED_TABL | SHARE | MYSTUFF.MYSHARE | false | ACCOUNTADMIN |
+-------------------------------+-----------+------------+---------------------------------+------------+-----------------+--------------+--------------+
There are the three grants we gave to the share!
Now, we need to add the consumers. We can add them as a list with a single command.
alter share myshare add accounts=customer1, customer2;
The share is ready to go! So, let's see what it looks like:
show shares;
+-------------------------------+----------+-------------------------+-----------------------+----------------------+--------------+---------------------------+
| created_on | kind | name | database_name | to | owner | comment |
|-------------------------------+----------+-------------------------+-----------------------+----------------------+--------------+---------------------------|
| 2022-02-15 17:02:29.625 -0700 | OUTBOUND | MYSTUFF.MYSHARE | MYDATA_DB | CUSTOMER1, CUSTOMER2 | ACCOUNTADMIN | |
+-------------------------------+----------+-------------------------+-----------------------+----------------------+--------------+---------------------------+
And just like that, you're ready to share data with your consumers.
TrustLogix provides monitoring and visibility into data sharing activities which will help with faster collaboration among cross organizations. The solution provides visibility into:
Based on sharing activity patterns, TrustLogix can detect and alert on anomalous sharing activities, non compliance data sharing, SoD violations, unexpected grants of data sharing permissions, and unexpected sharing of sensitive data.
We've discussed what data sharing is and what's required to make it successful. Secure data sharing needs solid access control and the data needs to remain secure while it's at rest.
We also discussed Snowflake, a robust data cloud platform for data warehousing and engineering. It makes consuming, processing, and sharing last data sets easy, safe, and secure. It implements secure data sharing via its strong security features and by making it possible to share data without moving or copying it.
Finally, we used Snowflake's SQL tools to create a data share and share it with two consumer accounts. Then, we used the same tools to examine the share and see that it was configured correctly.
Contact TrustLogix for a demonstration of how we can enable faster collaboration and secure Data Sharing in Snowflake.