Today, Snowflake announced a new Data Governance Accelerated Program at its annual event, Snowday. At Privacera, we’re proud to be a part of this program and support Snowflake’s vision for the future of the Data Cloud with our unified data access governance and security platform, natively integrated with the Snowflake Platform.
Since launching our partnership in 2020, we have worked with Snowflake to help enterprises rapidly migrate their analytical workloads to Snowflake and safely democratize critical business data across their organizations – including sensitive and PII data – while maintaining compliance with stringent privacy and industry regulations. Our partnership also helps joint clients drastically accelerate onboarding of data analysts and users, while ensuring rigorous adherence to compliance and security requirements.
Challenges in Modern Cloud Data Ecosystems
As enterprises continue to modernize their data stacks for the cloud using services like Snowflake, governing enterprise-wide data access can place a heavy burden on data teams, as there can be numerous data storage and compute services and in-house applications used across data ecosystems. This means data and IT teams are forced to manually provision and grant appropriate access to large and diverse user populations, while dealing with the complex permutations of varying security and policy settings of each cloud service or application. Not only does this require a deep understanding of each individual system, but it requires a significant amount of time, manpower, and resources. It also can increase the risk of human error, which leaves enterprises vulnerable to security and privacy breaches if sensitive data is misused or accessed by an unauthorized user. When these challenges are overlaid with ever-increasing demands on data access by a broader population of users, the result is lengthy delays in getting critical data in the hands of people who need it to make decisions.
To complicate this challenge even further, as enterprises scale, collect more data, and add new data users and applications to their data ecosystems, it is unreasonable to expect manual data management processes to keep pace with the vast influx of data and its users, which would require new access policies to be individually created and enforced for each new data user or role– compounding delays in onboarding analysts and granting access to data. These delays impact data science and business initiatives and cause enterprises to lose out on critical insights that propel their business ahead of their competitors.
Enter: Privacera and Snowflake. Our native integration enables enterprises to rapidly migrate data into Snowflake’s Data Cloud (including data for business intelligence, analytics, or data science initiatives) and leverage a centralized location for policy management, security, and analytics across all data sources (including Snowflake and other public cloud services) – so data scientists and analysts get fast, self-service access to the data they need, administrators aren’t bogged down with manually recreating access policies over and over, and enterprises are confident their sensitive customer data is secured and compliant across all business units and data sources.
How it Works
Data administrators set policies in Privacera, and Privacera’s PolicySync module automatically translates those policies into corresponding Snowflake-native syntax using GRANT and REVOKE commands.
Figure 1: PolicySync integration option to enforce consistent policies in Snowflake service
Privacera’s PolicySync monitors any policy changes in Apache Ranger and automatically synchronizes them in Snowflake.
Figure 2: Policy synchronization in Privacera
Privileges or policies are assigned to specific roles, and users are associated with those roles. Each role is given privileges to access specific tables in the database. The same table can be accessed by multiple roles; however, if a specific role is assumed, only tables for which that role has permission can be accessed. This process can be extremely time-consuming and complex if attempted manually, as the number of both tables and users in an enterprise rapidly grows, easily overwhelming administrators and increasing the risk of human error.
With Privacera, Snowflake users can simplify policy management by implementing user, group, and role-based access policies, which are created once in the Privacera Platform, automatically translated into Snowflake policies, and managed from a unified interface across all cloud data sources.
For example, if Jane is a member of the Finance and Machine Learning group and has an analyst role, a Snowflake security admin would typically create three separate Snowflake roles. Jane would have to know which role had access to what data and choose the correct one for each task. However, with Privacera, all of the mapping from her group memberships and roles happens automatically – within seconds – and Jane is granted access without needing to pick from a confusing list.
This automation and consolidation has saved Privacera’s enterprise customers thousands of hours in administration costs and cut provisioning times from weeks to minutes.
Figure 3: Privacera creates a corresponding role for each user and group
How Enterprises Benefit
So what does all this mean for enterprises?
First, it means they can leverage their existing investments and access policies in Apache Ranger, as Privacera automatically migrates them to Snowflake, saving significant time and money, and removing labor-intensive, manual processes from data teams and administrators, as no policies need to be rewritten from scratch. Privacera and Snowflake work together closely to ensure tight integration of native Snowflake features like Dynamic Data Masking and Row Access Policies. This means improved query performance, lower compute cost, and easy-to-understand controls and audit.
Second, it means data scientists and analysts get fast, compliant access to the data they need, without having to wait around for data access to be granted, make multiple requests to access data they need to do their jobs efficiently, or accidentally access data they are not authorized to access. Privacera’s use of native Snowflake capabilities like Row Access Policies and External Functions for dynamic encryption and decryption means no code changes for data scientists and analysts, leading to reduced risk and improved time-to-insights. No extra layers or piling views on top of views like other solutions force customers to use, means getting answers faster.
Third, Privacera brings all of the enterprise’s data access audit information together with one simple set of dashboards, reports, and convenient extraction and integration with tools like Splunk and SIEM products. Privacera leverages Snowflake’s comprehensive Access History for both reads and writes and combines it with administrative audits, access request and data sharing activities, and access control status, and builds the complete picture needed for regulatory compliance and data breach forensics, incident management and response.
And lastly, in PrivaceraCloud 4.0 we bring a new framework for data sharing and access control called Governed Data Sharing. With Governed Data Sharing, data domains and owners are established representing logical data set groupings (eg. Sales, marketing). Data owners can then in a self service manner manage approving access requests by analysts and data consumers – alleviating the burden on scarce centralized IT resources – while still maintaining centralized visibility and management.
Figure 4: Governed Data Sharing Framework
For example, a large multinational retailer leveraging Privacera and Snowflake together, went from needing a large IT team to manage a complex web of interrelated users, roles, and policies– numbered in the millions– to a much more manageable few dozen policies, coupled with an automated provisioning capability to manage data permissions and security instantly with the click of a button. This automation reduced the time needed to onboard new data analysts from several weeks to minutes.
Together, Privacera and Snowflake will continue to help enterprises globally simplify the migration and management of their cloud data and ensure its security at scale. To learn more about our integration, stay tuned for more information to come, as we work together closely and leverage the Accelerated Data Governance Program to make our integration rapidly accessible to the data community.
Learn more about Privacera and Snowflake, or contact us to schedule a call to discuss how we can help your organization meet its dual mandate of balancing data democratization with security to maximize business insights while ensuring privacy and compliance.