ALTR Risk Scanner is a Snowflake Native App available within the Snowflake Trust Center. It helps organizations manage security risks by identifying columns that may contain Personally Identifiable Information (PII). Once ALTR Risk Scanner has identified the sensitive columns, users can either implement access policies in SQL or with a no-code interface such as ALTR.
Drawbacks of Implementing Access Policy Using SQL
Many organizations attempt to implement column masking by writing and maintaining various worksheets in SQL. While this approach works, it has significant downsides that make it difficult to maintain.
- Masking policies live in separate SQL scripts across multiple databases, consuming an unnecessary amount of engineers’ time.
- Managing role-based access control (RBAC) with SQL policies becomes increasingly complex as organizations grow.
- Each new role requires manual SQL modifications, making it easy to introduce errors.
Example SQL Code for a New Masking Policy
CREATE MASKING POLICY mask_email_policy AS (val STRING)
RETURNS STRING ->
CASE
WHEN CURRENT_ROLE() IN ('HR_ADMIN', 'SECURITY_TEAM') THEN val
ELSE 'REDACTED'
END;
ALTER TABLE employees MODIFY COLUMN email SET MASKING POLICY mask_email_policy;
Use ALTR’s No-Code Interface to Manage Access Policies
Create an Access Policy in ALTR
ALTR allows security managers with no coding experience to set rules for who can access their company’s sensitive data. For more information on how to create security policies, view ALTR’s documentation here (link).
Optional Next Steps
- Set up monitoring and alerts to get notified when certain users attempt to access secure data.
- Protect sensitive fields with tokenization and rotate keys without causing data outages.
- Search query logs for internal security audits using simple drop-down menus.
- Run the ALTR Risk Scanner periodically as your database grows to stay on top of security risks.
Get Started with ALTR
Skip the complicated SQL worksheets and set security policies faster with ALTR. Use this page to get in touch with the ALTR sales team [https://altr.com/get-started/].
