ALTR Brief: Snowflake Cybersecurity Investigation

ALTR Helps Global Logistics Leader Scale Data Governance and Maximize Snowflake Data Cloud Investment

At a Glance

  • ALTR accelerated this organization’s data access governance at scale from months to days.
  • Enhanced visibility and control of data access and usage
  • Realized cost savings and decreased workforce requirements for SOC2 Type II compliance.
  • Unleashed the full potential of Snowflake across the entire organization.

One of ALTR’s customers, a global leader in solving logistics challenges for companies worldwide, operates within a vast and diverse landscape of industries, addressing logistics needs ranging from the straightforward to the highly intricate. This customer is one of the world’s foremost logistics platforms with nearly $30B in freight under management and an annual handling of 10’s of millions of shipments. Their comprehensive suite of global services is pivotal in expediting international trade and facilitating the seamless flow of essential products and commodities that drive the global economy.

Within this landscape exists a vast and complex data ecosystem that houses and moves a considerable influx of critical, proprietary operational data and customers’ personally identifiable information (PII). As a result, this organization grapples with the multifaceted challenge of managing and safeguarding this sensitive data at scale in Snowflake, ensuring a multitude of regulatory requirements, all while struggling with the burdensome and time-consuming manual processes associated with DIY data governance practices.

Recognizing the complexity of its data governance challenges, this company turned to ALTR for its cost-effective, scalable and automated data governance solution. 

The Challenge

  • Lack of data structure and categorization 
  • Limited internal resources to manage data governance at scale
  • Manual and burdensome data governance processes
  • Adherence to strict compliance regulations

Unidentified Data in Snowflake

This logistics organization accumulates a massive volume of data within their intricate data ecosystem. Unfortunately, most of this sensitive data in Snowflake isn’t identified, making it impossible to protect, leaving gaps in both privacy and security. They needed to systematically identify and classify its data to effectively organize, secure, and derive value from its data assets. 

Complex Regulatory Requirements

With GDPR implications looming over their vast volume of personally identifiable information (PII), this data cannot be transferred into Snowflake until data privacy confirms comprehensive protection at rest, in transit, and during use.

Furthermore, this organization has been challenged to gain SOC 2 Type II certification for its Managed Services Division, a division that collaborates with a multitude of freight brokers. This division must orchestrate intricate data-sharing agreements within Snowflake, ensuring that each broker can access and view only data pertaining to the shipments in which they are directly involved. 

Need for Acceleration and Scale

The reliance on a small DIY team for data governance and security tasks has proven to be a substantial undertaking, highlighting the pressing need for automation. Striving to scale its operations to meet the growing volume of data further compounds this challenge as they sought to enhance compliance and accelerate the efficiency and effectiveness of its data security and governance processes.

Secure Data Migration to Snowflake

This organization’s compliance and privacy functions mandate that financial data be securely ingested into Snowflake’s raw layer, requiring tokenizing sensitive values during the ETL process to eliminate unprotected data. The challenge is to implement an efficient ETL solution that ensures compliance, privacy, and data integrity while enabling tagging, real-time or batch processing, robust data validation, monitoring, and scalability, all while generating compliance reports and providing comprehensive documentation and user training for the staff to maintain and operate the system effectively.

Data Sharing Across Snowflake Accounts

When it comes to internal data sharing across Snowflake accounts, attempting a do-it-yourself (DIY) approach becomes increasingly complex and cumbersome as the volume and complexity of data grow. This company needed to maintain robust security measures like data masking to protect confidential data, even when shared across accounts.

The Solution

Data Classification & Tokenization

Using ALTR’s automated data classification, this organization can swiftly and accurately identify sensitive data in lower environments requiring heightened protection. This proactive identification process is critical for ensuring the security and compliance of their data assets.  

Once the sensitive data is identified, ALTR’s versatile Tokenization-as-a-Service comes into play. This company can seamlessly configure Object Tags specifically designed to automatically tokenize values upon data ingestion into their lower environments. This automation streamlines the data protection process, eliminating the need for manual intervention and allowing the customer to scale as needed.

Row-Level Security

Addressing the challenges surrounding critical secondary data usage and internal data sharing, ALTR’s row-level security offers granular and robust access controls at scale. It enhances data confidentiality and privacy by allowing this organization to restrict access to specific rows of data based on user roles and permissions. This ensures that sensitive information remains protected from unauthorized access. Secondly, it simplifies data management and compliance, as administrators can easily define and enforce data access policies without altering the underlying database structure.

Data Activity Monitoring

With ALTR’s data activity monitoring, this company has real-time visibility into data access and usage, aiding in identifying suspicious or unauthorized activities. Moreover, it assists in compliance efforts, specifically in the case of facilitating SOC 2 Type II, by generating comprehensive audit trails and reports. Further, ALTR’s integration of all audit logs and events into S3 enables seamless consumption of these powerful security signals directly within the company’s Data Dog SIEM.  

The Result

  • Accelerated data access governance at scale from months to days
  • Enhanced visibility and control of data access and usage
  • Realized cost savings and decreased workforce requirements for SOC2 Type II compliance
  • Unleashed the full potential of Snowflake across the entire organization  

This organization encountered intricate data governance challenges within its vast and multifaceted logistics environment. The adoption of ALTR’s automated data governance solution marked a pivotal turning point for our customer, fundamentally reshaping their approach to sensitive data management and security within Snowflake. This strategic partnership has yielded significant advantages, including impressive efficiency enhancements, heightened operational flexibility, and scalability, all while bolstering their compliance initiatives to meet stringent regulatory requirements.