Authors: Srikanth Sallaka, Co-Founder and Head of Product at TrustLogix
Date: November 16, 2021
TrustLogix has worked closely with the Snowflake team on this integration architecture. We'd like to acknowledge Paul Gancz, Partner Solutions Architect at Snowflake for his valuable contributions to this blog.
Organizations are transforming their business processes, culture, and customer experiences to rely more on digital technologies to achieve better business outcomes. Data is the critical part for each of these digital transformations. In many cases this involves PII data or an organization’s sensitive data, which brings a need for oversight on how this data is used. Furthermore, regulations, compliance and security controls can create conflicts with business teams and data security operations. A cross-team strategy is required to reduce the friction between these teams. Data security operations require a tool that serves as an accelerator to data-led innovation without impeding the process. The tool should:
As a Snowflake Data Governance partner, TrustLogix provides a single pane console to intelligently discover unauthorized data usage and protect sensitive data in the Snowflake Data Cloud.
We recommend that our customers start with observability to discover possible misuse of data in Snowflake, then use the recommendations provided by our patent-pending Trustlet to protect sensitive data.
TrustLogix leverages Snowflake Access History to analyze and establish data access patterns:
Governance and regulation teams require visibility into who is accessing data. They need to be alerted if anydata access violates compliance such as SOX (Sarbanes-Oxley), SoC2, GDPR, etc.
To help them, TrustLogix furnishes a library of policies to monitor user and data activity in Snowflake. It also provides alerts when there is any deviation from the organization’s established security rules. Additionally, some Key Risk Indicators listed below are also highlighted:
TrustLogix analyzes data in Snowflake’s Account Usage views, Access History, and Session tables to derive these insights.
Data owners are required to establish a Least Privilege Access model for their data in Snowflake or any other cloud data platform. TrustLogix analyzes various Snowflake data security policies, audit logs, and identity and role assignments to detect possible deviations from industry standards for the Least Privilege Model and offers actionable recommendations. These recommendations include:
Data owners require the power of fine and coarse-grained Access Control on data to satisfy compliance regulations, internal business mandates, and basic security principles.
Snowflake provides customers with Row Access policy, Conditional Masking, Dynamic DataMasking, and Tagging capabilities. TrustLogix leverages Row access Policies and Dynamic data masking capabilities to deliver a simplified UI console for data owners to build high-precision data security policies.
TrustLogix also complements Snowflake’s native data security constructs by providing business entitlements based on fine-grained data security. Organizations typically have externalized business entitlement policy data that is required to determine what data a user is entitled to.
For example: In a publicly traded company users in the marketing organization cannot view financial data for the current quarter. In this scenario TrustLogix integrates with the external business policy and converts it into the appropriate Snowflake native policy.
With the TrustLogix solution, data owners, data engineers, data governance practitioners, and data security officers gain visibility into data misuse discover data access and sharing patterns, and enforce access control policies with an easy to use policy console and scalable cloud-native Trustlet architecture.
Watch this demo video to learn more.