Submit Search
Upload
Snowflake Data Governance
•
1 like
•
483 views
S
ssuser538b022
Follow
Snowflake Data Governance
Read less
Read more
Data & Analytics
Report
Share
Report
Share
1 of 20
Download now
Download to read offline
Recommended
Snowflake: The Good, the Bad, and the Ugly
Snowflake: The Good, the Bad, and the Ugly
Tyler Wishnoff
Melbourne: Certus Data 2.0 Vault Meetup with Snowflake - Data Vault In The Cl...
Melbourne: Certus Data 2.0 Vault Meetup with Snowflake - Data Vault In The Cl...
Certus Solutions
How to Take Advantage of an Enterprise Data Warehouse in the Cloud
How to Take Advantage of an Enterprise Data Warehouse in the Cloud
Denodo
Snowflake for Data Engineering
Snowflake for Data Engineering
Harald Erb
Intro to Data Vault 2.0 on Snowflake
Intro to Data Vault 2.0 on Snowflake
Kent Graziano
Data Mesh for Dinner
Data Mesh for Dinner
Kent Graziano
Snowflake Datawarehouse Architecturing
Snowflake Datawarehouse Architecturing
Ishan Bhawantha Hewanayake
Data Sharing with Snowflake
Data Sharing with Snowflake
Snowflake Computing
Recommended
Snowflake: The Good, the Bad, and the Ugly
Snowflake: The Good, the Bad, and the Ugly
Tyler Wishnoff
Melbourne: Certus Data 2.0 Vault Meetup with Snowflake - Data Vault In The Cl...
Melbourne: Certus Data 2.0 Vault Meetup with Snowflake - Data Vault In The Cl...
Certus Solutions
How to Take Advantage of an Enterprise Data Warehouse in the Cloud
How to Take Advantage of an Enterprise Data Warehouse in the Cloud
Denodo
Snowflake for Data Engineering
Snowflake for Data Engineering
Harald Erb
Intro to Data Vault 2.0 on Snowflake
Intro to Data Vault 2.0 on Snowflake
Kent Graziano
Data Mesh for Dinner
Data Mesh for Dinner
Kent Graziano
Snowflake Datawarehouse Architecturing
Snowflake Datawarehouse Architecturing
Ishan Bhawantha Hewanayake
Data Sharing with Snowflake
Data Sharing with Snowflake
Snowflake Computing
Snowflake Architecture.pptx
Snowflake Architecture.pptx
chennakesava44
Master the Multi-Clustered Data Warehouse - Snowflake
Master the Multi-Clustered Data Warehouse - Snowflake
Matillion
Snowflake Data Science and AI/ML at Scale
Snowflake Data Science and AI/ML at Scale
Adam Doyle
The Marriage of the Data Lake and the Data Warehouse and Why You Need Both
The Marriage of the Data Lake and the Data Warehouse and Why You Need Both
Adaryl "Bob" Wakefield, MBA
Elastic Data Warehousing
Elastic Data Warehousing
Snowflake Computing
Actionable Insights with AI - Snowflake for Data Science
Actionable Insights with AI - Snowflake for Data Science
Harald Erb
Data Lakehouse, Data Mesh, and Data Fabric (r1)
Data Lakehouse, Data Mesh, and Data Fabric (r1)
James Serra
Snowflake Overview
Snowflake Overview
Snowflake Computing
Introducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data Warehouse
Snowflake Computing
How a Semantic Layer Makes Data Mesh Work at Scale
How a Semantic Layer Makes Data Mesh Work at Scale
DATAVERSITY
Data Mesh
Data Mesh
Piethein Strengholt
Introduction to snowflake
Introduction to snowflake
Sunil Gurav
Demystifying Data Warehousing as a Service - DFW
Demystifying Data Warehousing as a Service - DFW
Kent Graziano
Delivering Data Democratization in the Cloud with Snowflake
Delivering Data Democratization in the Cloud with Snowflake
Kent Graziano
How to Strengthen Enterprise Data Governance with Data Quality
How to Strengthen Enterprise Data Governance with Data Quality
DATAVERSITY
Data Warehousing Trends, Best Practices, and Future Outlook
Data Warehousing Trends, Best Practices, and Future Outlook
James Serra
Building the Data Lake with Azure Data Factory and Data Lake Analytics
Building the Data Lake with Azure Data Factory and Data Lake Analytics
Khalid Salama
Zero to Snowflake Presentation
Zero to Snowflake Presentation
Brett VanderPlaats
Time to Talk about Data Mesh
Time to Talk about Data Mesh
LibbySchulze
Enterprise Architecture vs. Data Architecture
Enterprise Architecture vs. Data Architecture
DATAVERSITY
Data Privacy Patterns in databricks for data engineering professional certifi...
Data Privacy Patterns in databricks for data engineering professional certifi...
TusharAgarwal49094
Organizational compliance and security SQL 2012-2019 by George Walters
Organizational compliance and security SQL 2012-2019 by George Walters
George Walters
More Related Content
What's hot
Snowflake Architecture.pptx
Snowflake Architecture.pptx
chennakesava44
Master the Multi-Clustered Data Warehouse - Snowflake
Master the Multi-Clustered Data Warehouse - Snowflake
Matillion
Snowflake Data Science and AI/ML at Scale
Snowflake Data Science and AI/ML at Scale
Adam Doyle
The Marriage of the Data Lake and the Data Warehouse and Why You Need Both
The Marriage of the Data Lake and the Data Warehouse and Why You Need Both
Adaryl "Bob" Wakefield, MBA
Elastic Data Warehousing
Elastic Data Warehousing
Snowflake Computing
Actionable Insights with AI - Snowflake for Data Science
Actionable Insights with AI - Snowflake for Data Science
Harald Erb
Data Lakehouse, Data Mesh, and Data Fabric (r1)
Data Lakehouse, Data Mesh, and Data Fabric (r1)
James Serra
Snowflake Overview
Snowflake Overview
Snowflake Computing
Introducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data Warehouse
Snowflake Computing
How a Semantic Layer Makes Data Mesh Work at Scale
How a Semantic Layer Makes Data Mesh Work at Scale
DATAVERSITY
Data Mesh
Data Mesh
Piethein Strengholt
Introduction to snowflake
Introduction to snowflake
Sunil Gurav
Demystifying Data Warehousing as a Service - DFW
Demystifying Data Warehousing as a Service - DFW
Kent Graziano
Delivering Data Democratization in the Cloud with Snowflake
Delivering Data Democratization in the Cloud with Snowflake
Kent Graziano
How to Strengthen Enterprise Data Governance with Data Quality
How to Strengthen Enterprise Data Governance with Data Quality
DATAVERSITY
Data Warehousing Trends, Best Practices, and Future Outlook
Data Warehousing Trends, Best Practices, and Future Outlook
James Serra
Building the Data Lake with Azure Data Factory and Data Lake Analytics
Building the Data Lake with Azure Data Factory and Data Lake Analytics
Khalid Salama
Zero to Snowflake Presentation
Zero to Snowflake Presentation
Brett VanderPlaats
Time to Talk about Data Mesh
Time to Talk about Data Mesh
LibbySchulze
Enterprise Architecture vs. Data Architecture
Enterprise Architecture vs. Data Architecture
DATAVERSITY
What's hot
(20)
Snowflake Architecture.pptx
Snowflake Architecture.pptx
Master the Multi-Clustered Data Warehouse - Snowflake
Master the Multi-Clustered Data Warehouse - Snowflake
Snowflake Data Science and AI/ML at Scale
Snowflake Data Science and AI/ML at Scale
The Marriage of the Data Lake and the Data Warehouse and Why You Need Both
The Marriage of the Data Lake and the Data Warehouse and Why You Need Both
Elastic Data Warehousing
Elastic Data Warehousing
Actionable Insights with AI - Snowflake for Data Science
Actionable Insights with AI - Snowflake for Data Science
Data Lakehouse, Data Mesh, and Data Fabric (r1)
Data Lakehouse, Data Mesh, and Data Fabric (r1)
Snowflake Overview
Snowflake Overview
Introducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data Warehouse
How a Semantic Layer Makes Data Mesh Work at Scale
How a Semantic Layer Makes Data Mesh Work at Scale
Data Mesh
Data Mesh
Introduction to snowflake
Introduction to snowflake
Demystifying Data Warehousing as a Service - DFW
Demystifying Data Warehousing as a Service - DFW
Delivering Data Democratization in the Cloud with Snowflake
Delivering Data Democratization in the Cloud with Snowflake
How to Strengthen Enterprise Data Governance with Data Quality
How to Strengthen Enterprise Data Governance with Data Quality
Data Warehousing Trends, Best Practices, and Future Outlook
Data Warehousing Trends, Best Practices, and Future Outlook
Building the Data Lake with Azure Data Factory and Data Lake Analytics
Building the Data Lake with Azure Data Factory and Data Lake Analytics
Zero to Snowflake Presentation
Zero to Snowflake Presentation
Time to Talk about Data Mesh
Time to Talk about Data Mesh
Enterprise Architecture vs. Data Architecture
Enterprise Architecture vs. Data Architecture
Similar to Snowflake Data Governance
Data Privacy Patterns in databricks for data engineering professional certifi...
Data Privacy Patterns in databricks for data engineering professional certifi...
TusharAgarwal49094
Organizational compliance and security SQL 2012-2019 by George Walters
Organizational compliance and security SQL 2012-2019 by George Walters
George Walters
GDPR Webinar January 2018
GDPR Webinar January 2018
EDB
5 Ways to Make Your Postgres GDPR-Ready
5 Ways to Make Your Postgres GDPR-Ready
EDB
Isaca how innovation can bridge the gap between privacy and regulations
Isaca how innovation can bridge the gap between privacy and regulations
Ulf Mattsson
Data-Ed Webinar: Data Modeling Fundamentals
Data-Ed Webinar: Data Modeling Fundamentals
DATAVERSITY
How to Get More from Google Data Studio with SEMrush
How to Get More from Google Data Studio with SEMrush
Search Engine Journal
Security Quick Tour
Security Quick Tour
Active Base
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Ulf Mattsson
Database modeling and security
Database modeling and security
Neeharika Nidadavolu
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
DLT Solutions
Keeping Private Data Private
Keeping Private Data Private
Dobler Consulting
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Cillian Kieran
How to Maximize Data Governance in Snowflake Test Environment
How to Maximize Data Governance in Snowflake Test Environment
Jade Global
Delivering fast, powerful and scalable analytics #OPEN18
Delivering fast, powerful and scalable analytics #OPEN18
Kangaroot
Graph Database 101- What, Why and How?.pdf
Graph Database 101- What, Why and How?.pdf
Neo4j
Essential Reference and Master Data Management
Essential Reference and Master Data Management
DATAVERSITY
SEAGATE
SEAGATE
Christina Azzam
Mike lawell executionplansformeremortals_2015
Mike lawell executionplansformeremortals_2015
mlawell
Beware of the Risk Behind Big Data
Beware of the Risk Behind Big Data
EMC
Similar to Snowflake Data Governance
(20)
Data Privacy Patterns in databricks for data engineering professional certifi...
Data Privacy Patterns in databricks for data engineering professional certifi...
Organizational compliance and security SQL 2012-2019 by George Walters
Organizational compliance and security SQL 2012-2019 by George Walters
GDPR Webinar January 2018
GDPR Webinar January 2018
5 Ways to Make Your Postgres GDPR-Ready
5 Ways to Make Your Postgres GDPR-Ready
Isaca how innovation can bridge the gap between privacy and regulations
Isaca how innovation can bridge the gap between privacy and regulations
Data-Ed Webinar: Data Modeling Fundamentals
Data-Ed Webinar: Data Modeling Fundamentals
How to Get More from Google Data Studio with SEMrush
How to Get More from Google Data Studio with SEMrush
Security Quick Tour
Security Quick Tour
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Database modeling and security
Database modeling and security
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
Keeping Private Data Private
Keeping Private Data Private
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
How to Maximize Data Governance in Snowflake Test Environment
How to Maximize Data Governance in Snowflake Test Environment
Delivering fast, powerful and scalable analytics #OPEN18
Delivering fast, powerful and scalable analytics #OPEN18
Graph Database 101- What, Why and How?.pdf
Graph Database 101- What, Why and How?.pdf
Essential Reference and Master Data Management
Essential Reference and Master Data Management
SEAGATE
SEAGATE
Mike lawell executionplansformeremortals_2015
Mike lawell executionplansformeremortals_2015
Beware of the Risk Behind Big Data
Beware of the Risk Behind Big Data
Recently uploaded
20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf
Human37
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Universitat Politècnica de Catalunya
Call Girls in Saket 99530🔝 56974 Escort Service
Call Girls in Saket 99530🔝 56974 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
dajasot375
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
Pooja Nehwal
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships
ccctableauusergroup
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
Lars Albertsson
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
Suhani Kapoor
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
Pramod Kumar Srivastava
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样
vhwb25kk
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptx
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptx
Abdelrhman abooda
Call Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts Service
Sapana Sha
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
thyngster
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
hf8803863
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
ranjana rawat
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
Florian Roscheck
RadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdf
gstagge
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
Suhani Kapoor
GA4 Without Cookies [Measure Camp AMS]
GA4 Without Cookies [Measure Camp AMS]
📊 Markus Baersch
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data Storytelling
Neil Barnes
Recently uploaded
(20)
20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Call Girls in Saket 99530🔝 56974 Escort Service
Call Girls in Saket 99530🔝 56974 Escort Service
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptx
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptx
Call Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts Service
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
RadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdf
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
GA4 Without Cookies [Measure Camp AMS]
GA4 Without Cookies [Measure Camp AMS]
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data Storytelling
Snowflake Data Governance
1.
© 2021 Snowflake
Inc. All Rights Reserved SNOWFLAKE GOVERNANCE Natalie Nick - Novartis US Sales Engineer Tino Bourboulas - Novartis EMEA Sales Engineer
2.
© 2021 Snowflake
Inc. All Rights Reserved DATA GOVERNANCE CHALLENGES 2 Data Is Everywhere Must be able to eliminate silos inside and outside your organization Managing Data Is Unnecessarily Complex Knowing what your data is — and how it is being used — is hard Security and Governance Are Inherently Rigid Requires managing risk and changing regulations, while getting the most from your data
3.
© 2020 Snowflake
Inc. All Rights Reserved SNOWFLAKE PLATFORM 3 DATA SOURCES OLTP DATABASES ENTERPRISE APPLICATIONS THIRD-PARTY WEB/LOG DATA IoT DATA CONSUMERS DATA MONETIZATION OPERATIONAL REPORTING AD HOC ANALYSIS REAL-TIME ANALYTICS
4.
© 2021 Snowflake
Inc. All Rights Reserved SNOWFLAKE GOVERNANCE 4 Know Your Data Protect Your Data Understand, classify, and track data and its usage Secure sensitive data with policy-based access controls Securely collaborate and share data across teams Unlock Your Data
5.
© 2021 Snowflake
Inc. All Rights Reserved NEW / UPDATED GOVERNANCE CAPABILITIES Access History Object Tagging Classification Know Your Data – what it is, where it is Protect Your Data Know Your Data – who accessed it Conditional Masking Row Access Policies Anonymization 5 5
6.
© 2021 Snowflake
Inc. All Rights Reserved KNOW YOUR DATA Automatic Data Classification Why is it important? ● Risk management, compliance, and data security ● Personal data is easier to discover, protect, track and audit ● Prepares data for anonymization What is it? ● Process of analyzing data and tagging it according to its semantic and privacy categories Who does it impact? ● Data owner, Data engineer ● Security Admin, Compliance or Privacy Officer, CDO How does it work? ● System defined function invoked on a table returns the semantic and privacy categories of each column ● Data owner reviews the results, revises if necessary and then applies the tags ● Admin finds columns, applies policies and tracks usage Data owner runs Classification on specific table(s) Alex (Data Owner) name gender age zip_code phone John Smith male 39 79007 123-555-1234 Jane Doe female 50 77001 333-555-1236 Mary Taylor female 46 77020 222-333-1111 Ann Marshall female 48 77042 555-555-1234 Michael Gaines male 75 79003 666-666-1357 Admin finds columns with personal data based on classification Morgan ( Admin) PUBLIC GA PRIVATE DEV 6
7.
© 2021 Snowflake
Inc. All Rights Reserved PROTECT YOUR DATA Anonymization 7 Data Owner creates anonymized view Alex (Data Owner) Customer Table name gender age zip_code phone John Smith male 39 79007 123-555-1234 Jane Doe female 50 77001 333-555-1236 Mary Taylor female 46 77020 222-333-1111 Michael Gaines male 37 79003 666-666-1357 Taylor (Data Analyst) name gender age zip_code phone **** male [36-40] 790** ***-***-**** **** female [46-50] 770** ***-***-**** **** female [46-50] 770** ***-***-**** **** male [36-40] 790** ***-***-**** Anonymized View Data Analyst queries anonymized view Admin defines policies Morgan (Admin) PUBLIC GA PRIVATE DEV Why is it important? ● Risk management and compliance ● Retains analytical value ● Unique vs competitors (native anonymity) What is it? ● An irreversible process of de-identifying data according to k- Anonymity (industry standard) Who does it impact? ● Data Owner, Data Engineer ● Security Admin, Compliance or Privacy Officer, CDO ● Data Analyst, Data Scientist How does it work? ● Create an anonymized view that has the k-Anonymity property ● Remove directly identifying information ● Generalize or suppress indirectly or quasi identifying information into groups of at least size k
8.
© 2021 Snowflake
Inc. All Rights Reserved Data owner assigns with tag value OBJECT TAGGING ID SSN Phone 101 ********* 248-222-3333 102 ********* 800-778-9904 103 ********* 415-887-8888 Admin creates custom tags Alex (Data Owner) Admin audits tagged objects Morgan (Admin) Morgan (Admin) Confidentiality Track Sensitive Data and Compute Objects PII_Type Department Confidentiality Sensitive PII_Type Phone Department Sales PUBLIC GA PRIVATE 8 8 DEV Why is it important? ● Track sensitive information to satisfy regulatory compliance (GDPR/CCPA, SOX) audit and protection. ● Track resource usage for cost attribution by cost center, department, client etc. What is it? ● Easy-to-manage, scalable way to associate metadata with objects. ● Customers can custom create a tag (new Snowflake object) and assign to any supported object such as column, table, or warehouse in their account. Who does it impact? ● Data owner, Data engineer, Data Stewards ● Security Admin, Compliance or Privacy Officer, CDO How does it work? ● Track sensitive data and resources across an account in three simple steps: Create Tags, Assign to Objects, Audit. ● Privileges for centralized and decentralized tag assignment.
9.
© 2021 Snowflake
Inc. All Rights Reserved OBJECT TAGGING Key Capabilities Currently Available: ● Create tags ● Assign tags to objects (warehouse, role, user, database, schema, table, view, column) ● Display tags and relationships with objects using account usage views and functions (e.g. “display all columns associated with tag_x”, “display all tags associated with table_y”) ● Display tag lineage: a. If a tag is assigned to a database, all objects within that database will adopt the tag. b. Users can use a function (e.g. “get_tag_by_lineage”) to display all of the tags for an object that were assigned via lineage ● Today, customers leverage Stored Procedures to scan tags and apply policies based on the tag value Future Roadmap: ● Associate a policy with a tag: Users will be able to associate a policy with a tag, which will automatically enforce policies for other objects based on shared tags. For example - if tag “pii” is associated with policy “pii_string”, and the tag is applied to a table “customer_data”, then the table will automatically inherit the “pii_string” policy (which will dynamically mask the string columns). ● Use tags in conditional logic of policy: Instead of just using the user’s current role, look for the tag on the role (using function “get current tag on role”) - and if tag is approved for data, will grant/deny access.
10.
© 2021 Snowflake
Inc. All Rights Reserved DEMO OBJECT TAGGING
11.
© 2021 Snowflake
Inc. All Rights Reserved ROW ACCESS POLICIES Dynamically Filter Unauthorized Rows (Policy Admin) Role Allowed Region EU_RL Europe NA_RL North America Policy Look up Customer Spend Region ACME $820,000 North America Koko $2,100,00 North America AGM $5,757,00 Europe Kira $228,000 Asia Table: Sales Table: Entitlement Customer Spend Region AGM $5,757,000 Europe Customer Spend Region ACME $820,000 North America Koko $2,100,00 North America Jordan (Role: EU_RL) Alex (Role: NA_RL) Apply PUBLIC GA PRIVATE 11 11 DEV Why is it important? ● Saves cost and time by reducing management overhead associated with alternatives. ● Improves security posture by centralizing access policy. ● Unlocks data by eliminating data silos while complying with compliance requirements. What is it? ● Easy-to-manage row-level security that dynamically filters rows in a table based on querying user’s authorization. Who does it impact? ● Data Engineers, Security Admin, Compliance or Privacy Officer, CDO How does it work? ● Enforce row level security with four easy steps: Create a policy, Assign to Tables/Views, Enforce row filtering, Audit assignments. ● Privileges for centralized and decentralized policy assignment.
12.
© 2020 Snowflake
Inc. All Rights Reserved COLUMN LEVEL SECURITY 12 Dynamic Data Masking External Tokenization AND Alex (Unauthorized) Morgan (Authorized) ID Phone SSN 101 ***-***-5534 ********* 102 ***-***-3564 ********* 103 ***-***-9787 ********* ID Phone SSN 101 408-123-5534 ********* 102 510-335-3564 ********* 103 214-553-9787 ********* Masking Policies INGEST RAW DATA Alex (Unauthorized) Morgan (Authorized) ID Phone SSN 101 882-345-8344 213-44-5563 102 980-234-8934 369-77-0088 103 512-345-6443 802-44-9984 ID Phone SSN 101 408-123-5534 369-22-7781 102 510-335-3564 787-12-3345 103 214-553-9787 312-88-3421 Masking Policies INGEST TOKENIZED DATA External Functions API Gateway De- Tokenization API Customer VPC / VNet PUBLIC GA PRIVATE
13.
© 2020 Snowflake
Computing Inc. All Rights Reserved Ingestion And Consumption Policies ID Phone SSN 101 408-123-5534 387-78-3456 102 510-334-3564 226-44-8908 103 214-553-9787 359-9987-0098 ID Phone SSN 101 ***-**-5534 ******** 102 ***-**-3564 ******** 103 ***-**-9787 ******** Alice (unauthorized) Bob (authorized) Ingest raw data Dynamically mask protected (PII, PHI) column data at query time • No change to the stored data • Mask or partial mask using constant value, hash, and custom functions • Unmask for authorized users only Policy based control • Table/View owners and privileged users (such as accountadmin) unauthorized by default • Centralized policy mgt Ease of Management • Apply single policy to multiple columns • Prevent secure view explosion
14.
© 2020 Snowflake
Computing Inc. All Rights Reserved Dynamic Data Masking Policies DB 1 Table 1 Column 1 DB 1 View 1 Column 1 DB n Table n Column n <policy condition> <masking function> Masking Policy Resource(s) Policy Admin Apply CASE WHEN invoker_role() IN (‘pii_role’) THEN val WHEN invoker_role() IN (‘support’) THEN regexp_replace(val,'.+@','*****@') ELSE ‘********’ END; Masking Policy Example Unmask Partial mask Mask Masking Policy • Policy contains condition(s) and masking function to apply under those conditions • Policy is applied to one or more table, view, or external table columns in an account • Nested policy execution for views - policy on table executed before policy on view(s) Supports • All data types • Data sharing • Streams • Clone carries over policy associations
15.
© 2019 Snowflake
Computing Inc. All Rights Reserved CREATE MASKING POLICY <name> AS (val <data_type>) returns <data_type> -> (SQL expression on val); Example: CREATE MASKING POLICY email_mask AS (val string) returns string -> CASE WHEN current_role() IN ('ANALYST') THEN val ELSE '***MASKED***' END; Create Masking Policy
16.
© 2021 Snowflake
Inc. All Rights Reserved ALTER {TABLE | VIEW} <name> MODIFY COLUMN <col_name> [UN]SET MASKING POLICY <name>; Example: ALTER TABLE customer MODIFY COLUMN email SET MASKING POLICY email_mask; ALTER VIEW customer_v MODIFY COLUMN email SET MASKING POLICY email_mask; Note: policies can also be applied to external tables. Apply Masking Policy To Column(s)
17.
© 2021 Snowflake
Inc. All Rights Reserved DEMO COLUMN AND ROW-LEVEL POLICIES
18.
© 2021 Snowflake
Inc. All Rights Reserved Select * from Info; ID Phone Unique_ID 101 248-222-3333 333-78-9999 102 800-778-9904 779-66-8908 103 415-887-8888 111-00-8888 View: INFO (Directly Accessed) Table: SENSITIVE ID SSN 101 333-78-9999 102 779-66-8908 103 111-00-8888 Table: CONTACT ID Mobile 101 248-222-3333 102 800-778-9904 103 415-887-8888 Log Access History User Tables Columns Taylor Info, Sensitive, Contact ID, Phone, Unique_ID, SSN, Mobile Morgan Sensitive ID, SSN Select * from Sensitive; PUBLIC GA PRIVATE Taylor (Privileged User) Morgan (Admin) ACCESS HISTORY Satisfy Regulatory Compliance, Understand Usage with Column-level Access Visibility 18 18 DEV Why is it important? ● Satisfy Compliance Audits for SOX, PII, and other sensitive data access with audit reports. ● Optimize storage with visibility of unused tables and columns. ● Lowers cost by eliminating need to parse query statements. ● Unique column-level viz vs. Cloud competitors What is it? ● A new Account_Usage view with records of tables and columns directly and indirectly accessed by each query. Who does it impact? ● Data owner, Data engineer, Data Stewards ● Security Admin, Compliance or Privacy Officer, CDO
19.
© 2021 Snowflake
Inc. All Rights Reserved PUBLIC GA PRIVATE CONDITIONAL MASKING POLICIES Conditional Unmasking Jordan (Role: Sales) Alex (Role: Finance) name dept zip_code phone John Smith Sales 79007 123-555-1234 Jane Doe Sales 77001 333-555-1236 Mary Taylor Finance 77020 ***-***-1111 Ann Marshall Finance 77042 ***-***-1234 Michael Gaines Finance 79003 ***-***-1357 name dept zip_code phone John Smith Sales 79007 ***-***-1234 Jane Doe Sales 77001 ***-***-1236 Mary Taylor Finance 77020 222-333-1111 Ann Marshall Finance 77042 555-555-1234 Michael Gaines Finance 79003 666-666-1357 INGEST RAW DATA 19 19 DEV Conditionally Mask Based on Value in Other Column(s) Why is it important? ● Unique to Snowflake vs other Cloud DWs ● Demonstrates Snowflake investments to address fine- grained data access control needs ● Provides fine-grained access controls without creating silos or increasing management overhead What is it? ● Mask protected field-level data based on value in another column(s) Who does it impact? ● Data owner, Data engineer, Data Stewards ● Security Admin, Compliance or Privacy Officer, CDO How does it work? ● Enhances MASKING POLICY to take condition column(s) as input for masking decision.
20.
© 2021 Snowflake
Inc. All Rights Reserved
Download now