Imagine this scenario: you’re a CISO for a multi-billion-dollar retailer or manufacturer. Data has become critical to how your business is run. So much so that you have one thousand-plus users accessing data from Snowflake, and you have a data analysis team of 40. Early one morning an analyst appears to run a query that would return more than 7 million rows of PII data.  

What happens next? Does he get the data, or do you stop him?  

It all depends on the choices you’ve made up to that point…  

Plot your data observability and security path

Before you get to this juncture, there are a few critical steps you can take to ensure you have the right information and options available to you.  

1. Everything starts with Observability – ALTR’s integration with Snowflake provides complete observability over any sensitive data you tell ALTR to watch. This ensures that every request for, and usage of, this data is recorded and available to you as soon as it’s added to ALTR.  

2. Next comes data consumption patterns - The next step is patterning data consumption so you can begin to understand what normal consumption looks like. The easiest way to do this is by setting up a scaled set of “alert and log” signals in ALTR, which can be streamed to your Snowflake Security Data Lake. This will allow you to group access records by tiered amounts and give you additional context into which roles and users access what types of data and in what quantities. A sample tier of Alerts could include logging any users and/or roles which request:

• 100 values (alert & log)
• 1,000 values (alert & log)
• 10,000 values (alert & log)
• 100,000 values (alert & log)
• 1,000,000 values (alert & log)

3. Seeing what "normal" looks like - After just a week, data usage alerts in your SIEM or in your Snowflake Security Data Lake can easily be visualized into a curve that represents your normal data consumption pattern. For example, the details below demonstrate that 99.5% of data consumption is made through requests for 10,000 or fewer records, while 81.4% occurred through requests for 1,000 records or less.

• (368) 100 value alerts = 28.5%
• (685) 1,000 value alerts = 53%
• (234) 10,000 value alerts =18.1%
• (6) 100,000 value alerts = .5%
• (0) 1,000,000 alerts = 0%

4. Reducing the risk - Understanding how various users and roles across the business consume data to perform their functions allows you to optimize your access, alerting and blocking polices based on normal and necessary usage. You can set consumption polices just outside of what your alert patterns show you represents normal consumption and, over time, you can refine these consumption limits on an ongoing basis to continually the reduce risk posed by credentialed access threats.  

Credentialed access threat detected and data loss halted

Let’s go back to our CISO and the analyst’s early morning access request. With ALTR and Snowflake Security Data Lake in place, the CISO will receive a real-time alert triggering a blocked access for the specific analyst (with no other analyst or data users affected). The CISO asks his team to take a look at the security data lake to investigate. They find that over the past 120 days:  

99.7% of all queries run by any role on the analyst team returned 100,000 rows or less

68.4% of queries returned 10,000 rows or less

32.6% returned 1,000 or less

12.7% returned 100 or less

For Analyst II role (this user), the largest query to date returned 1.2 million records ‍

Since his hire, this analyst has averaged 18,788 PII records a day

Daily and hourly details of PII consumption for every user and role:

• Analyst I – average usage is 430 records per hour
• Analyst II – average usage is 2,349 records per hour
• 96.5 % of consumption occurs on M-F between 8am and 6pm CT

With this historical visibility available, it’s obvious this request is completely abnormal. The CISO calls the Director of the analysis team to inform her that the analyst is blocked and that a security event is being investigated. The Director lets the CISO know that this particular analyst is on PTO today. The CISO can then take the step of de-authorizing the analyst’s access to all systems enterprise-wide due to the threat that his credentials have been compromised. A security incident is created, and an investigation is launched.  

Choose your own adventure

Credentialed access threats continue to be one of the top drivers of sensitive data breaches according to both the Verizon Data Breach Investigation Report and the IBM Cost of a Data Breach Report. They’re possible to stop, but it’s not as simple as turning on a firewall. It requires preparation and diligence to get ahead of the risk, to first understand what normal data consumption looks like so you can quickly spot abnormal access.

It’s up to you: would you rather be prepared or caught flat footed? Your choice will determine what happens when a credentialed access threat crosses your path.  

Congratulations on kicking off your Snowflake journey! Or at least thinking about starting your journey with Snowflake. This puts you among the thousands of companies working with Snowflake to extract the maximum value from their data. And, based on what we’ve seen so far, I feel pretty confident that your Snowflake project will be successful. Before you know it, you’ll be inundated with requests – your colleagues will want more and more and more – and they’ll all want the answer yesterday. You’ll go from two users to 10 to 1,000 with no time to catch a breath.  

To ensure you’re keeping up with the speed of your business and not lagging behind from day one, it’s critical to have the right tools for your journey from the very start. That means including a data governance and security solution. This may not be on your list of priorities today – maybe you’re focused on other tasks, don’t think you need it, or believe it’s too time-consuming, complicated or costly.

But you won’t be able to get the most value from your Snowflake project as quickly if you don’t have an effective data governance and security solution from the beginning. I’ll explain why.    

You will need to include sensitive data and you will need to protect it

One of the primary reasons you’re making the move to Snowflake is to extract the maximum insights from your data to make better business decisions. You might start with anonymized datasets, but you’ll quickly need to include sensitive data to get the most insights, so why wait? The sooner you can run analytics on data that really matters, the faster you can deliver that value to the business. If you plan to do that from the beginning, that means preparing to comply with regulations around data privacy and protection. With new laws popping up across the US monthly, there’s no industry exempt from making sure data is safe from leaks and misuse. And there’s no lag to the risk – the day after you add the data, a trusted user could be phished or data could be misused, violating regulations.  

Snowflake data governance and security features can be hard to manage at scale and don’t include all the protections you need

Snowflake delivers the enterprise class security we all expect from leading cloud providers as well as some crucial features for protecting sensitive data, with more added in each new release. However, executing and managing those features must be done manually via SQL code – limiting the number of people who can implement and update policies, restricting your ability to scale easily as your project ramps up with new users and more data.  

And, even Snowflake will tell you that it can’t be responsible for who has access, what data you include, or controlling how those two intersect: who should have access to what data. This means there’s no mechanism to stop credentialed access threats or privileged access to sensitive data – if someone has the right log in information, they can take as much data as they like. It’s on you to have a solution in place to stop this.  

“Snowflake has a phenomenal security team, world class security posture, but there’s still responsibility on the customer to keep the account secure. And if a user is compromised…there have to be controls in place on the customer’s side to detect that’s happened and to be able to remediate that quickly before the sensitive data gets out,” Omer Singer, Head of Cyber Security Strategy at Snowflake.  

Data governance and security don’t have to be complicated or costly or slow you down

Consider ALTR a light addition to your pack that helps you move more quickly down the road:  

• Our SaaS solution integrates natively with Snowflake,
• It creates only minimal latency and no scalability issues in your data access,
• It’s easily implemented and managed via a no-code user interface requiring no database engineers or additional FTEs,  
• Delivers advanced data governance and security features that Snowflake doesn’t, including consumption observability and limits; predictive consumption thresholds; alerts via text, messaging, email, phone, SIEM or SOC integrations; and tokenization of sensitive data,  
• And with our free-for-life plan available on ALTR.com or through Snowflake Partner Connect, you can get started at zero cost today. Download our Quick Start guide to see how easy it is to get going.  

Accelerate your Snowflake journey with a boost from ALTR

The best thing you can do for your business is accelerate your adoption of your cloud data platform so you can drive business value faster. Imagine six months down the road, you’re two years ahead of where you hoped to be. Planning your trip right from the start can enable you to do that. You eliminate the need to come to a screeching halt a few months in to think about how to manage data governance and security.

You can keep moving ahead of the speed of your business, leading the way to maximum data value, when you include ALTR from the start.  

A few weeks ago I attended the Gartner Security and Risk Summit in Washington, DC, where ALTR was sponsoring and meeting with analysts, customers, and prospects (ALTR is a Gartner client). As usual it was really interesting to see how the overall market is evolving and where the focus is. Here are a few of the major themes that I observed:

Automation as the way to cope with increasing complexity and a persistent labor shortfall. The opening keynote by Gartner focused pretty heavily here. I believe the key stat is that 70% of companies reported that they can’t even digest 60% of their event traffic (from a SIEM or SOAR perspective), meaning they actually aren’t watching parts of their network at all, despite all of the investment in tools. And that just gets worse when you consider that hiring to fill that gap is getting harder to do, not easier.

My take: I am reluctant here – the idea of automation is much simpler than the execution, and I am skeptical of this technology’s ability to close this gap. Today’s automation has very little real predictive ability, and often produces as much work in training and managing false positives as it does in saving work. I think the answer here is to focus what we are monitoring based on risk, not monitor everything and just turn it over to automation.

Identity is the new perimeter. This theme was dominant throughout and focuses on the fact that in today’s cloud-powered and mobile world, the traditional network perimeter has dissolved and been replaced by authentication and access management. It’s notable that user credentials are now far and away the most popular attack vector for bad actors, from credential-stuffing to phishing credentials out of users via email and other avenues.

My take: I agree. I think you must verify, and then re-verify that the person who is accessing resources is in fact who they say they are. Some encouraging statistics are that something simple like multi-factor authentication will stop 97% of credential-based attacks. Of course, even then that 3% is still a really large number in absolute terms, and pretty troubling.

Identity and data will always be your problem. A lot of the conference was about cloud security, and I saw some great sessions about trends in this space. But the thing that I found really compelling was a particular chart that showed how when you go from IaaS to PaaS to SaaS, you shed responsibilities for various parts of the stack . . . but managing identity and data remain your responsibility.

My take: I think this view was compelling because it separates the IT-driven benefits of cloud computing from the risks that holding data can pose, and makes the point that those risks are still there no matter where your application workloads and databases are hosted.

The rise of Data Security Governance. Gartner publishes a model on data security governance that is meant to focus on a risk-based approach to managing data across both security and privacy concerns. The emphasis is not to start with security products, but to consider data more broadly. This framework was present throughout the conference in various sessions.

My take: I think this is absolutely the right approach. Once you authenticate someone it is important to manage what data they have access to globally. However as with most great strategic concepts it has problems when it meets the real world. The “product first” mentality is driven by the fact that data security and governance products are isolated from each other in different quadrants like DLP or CASB tools and in market guides like DCAP, Tokenization, and Data Masking. I sense an opportunity for Gartner to collapse products into a Data Security Governance market that gives organizations more of a connection between the risks and the tools that address them. I believe that some of these tools, and even some of these categories, don’t actually do that much to decrease the risk to data – and Gartner could help clients differentiate the good investments from the not as good.

‍

Say you’re in a busy train station, looking for a store that sells water, and you spot someone handing out water for free. If you’re anything like me (read: paranoid), your first instinct is “This is either a charity or it’s a scam” and “Will that water make me sick?” Now imagine if the train station is the internet, and you’re looking for a service provider in the already sensitive space of data privacy. Alarm bells are definitely going off!

This might be caused by instinctual responses we have to the idea of a “free” product or solution. Even if (or especially if!) something seems genuinely disruptive like Amazon’s free delivery or Southwest’s no-fee changes, we could be skeptical. The value to us may seem obvious, but we wonder what’s in it for the vendor. What’s the catch?

So, let’s talk about where those reactions come from and see if they hold true for today’s free business software, especially SaaS solutions.  

#1: “A free product must be lower quality”

Simple economics has taught us that the higher priced a product is, the higher quality you should expect from it. This isn’t a hard and fast rule - sometimes we get fooled into paying for a brand or a logo - but it’s why you may not have a problem paying more for premium items, such organic foods or luxury goods. And when you go “cheap”, you generally accept lower quality and the consequences of that. Fast fashion is meant to be replaced yearly, and there’s a reason people celebrate moving on from furniture you put together yourself.  

However, software is not the same as consumer goods – the same pricing structure doesn’t apply. With the technologies we have today, Software-as-a-Service (SaaS) companies can build software that solves problems common to multiple companies, then simply serve up that same solution to customer after customer directly from the cloud. They can deliver those benefits to a significant slice of the market without requiring costly customizations, consultant implementation hours or onsite hardware installations. This allows companies built on SaaS from the ground up, with a business model just as streamlined and flexible, to leverage efficiencies of scale to offer powerful software at a much lower cost than legacy on-premises providers. You can’t do that with clothes or furniture. ALTR VP of Product Doug Wick explained very clearly how being built on the cloud from the beginning helps ALTR to deliver our solutions more quickly and for a lower cost than legacy on-premises solutions.  

I’d go even further: not only is free software not necessarily lower quality, it actually has to deliver even higher quality than a paid solution in order to retain and grow the customer base. Because there’s no financial commitment by the user, it’s easy to start but just as easy to stop using the product. A free tool quickly exposes any weaknesses, issues or flaws. Users will need a seamless experience that delivers value immediately in order to continue, let alone consider upgrading to a paid version.  

#2: “If you’re not paying, you’re the product (especially on the internet)”

This idea has been around a while, but really took off during the Facebook/Cambridge Analytica scandal. Many of us jumped onboard the Facebook train, adding our contacts, sharing our updates, checking in at locations – enjoying the opportunity to use technology to be more closely connected to our far-flung network. But most of us may not have considered what was happening with all that data. It turns out that our data is a commodity. We learned through scandal to be skeptical, and Facebook is far from alone. For example, a popular email cleanup tool turned out to be using the opportunity to collect and sell information on user purchases. In fact, a company co-founder accused users of being “naïve” to think the tool wasn’t “monetizing” their data.  

This is especially threatening for IT and security folks whose primary goal is to protect data! We know this feeling, as our founders come from data security in the financial services industry. They created ALTR to solve the problem of data control and privacy across the data ecosystem and built the company on a culture of data security.  

When users sign up for ALTR’s free plan, what we’re getting is not your data (we don’t need to store it in order to protect it - it’s as secure as ever) but information about your experience. A free plan allows us to greatly expand our user base and gain more insight into how the software can best solve problems and provide a better experience. Our users become active participants in our product development process, helping make the platform work better for them and future users. It’s a win/win.  

#3: “A free product can’t solve enterprise problems”

In the beginning, there was only enterprise software because only enterprises could afford it. It was developed to manage processes across the business, taking on big, complex problems on a massive scale. This came with expensive, years-long development cycles, complicated on-premises implementations by costly consultants, a big contractual commitment and a hefty price tag. The side effect was that even simple business problems could stay unsolved for months or years as the convoluted buying process wound its way along.  

Today, business solutions are taking their lead from consumer software: focusing on individual user needs and experiences instead of tackling enterprise-sized challenges out of the gate. Companies like Slack, Zoom, Canva, and even Google offer low-cost or free versions of their software for messaging, design, or content development. This allows individual users at large enterprises to test-drive solutions to solve a specific thorny issue, making overall processes more efficient.

Instead of needing buy-in from an endless number of executives and months-long contract negotiations followed by months- or years-long implementations, the users who will actually be using the software can simply sign up and try it. Once they understand intuitively how it works and determine if it will solve the problem, they can share with others throughout the organization for their review. If it gets traction, it’s much easier to upgrade to an enterprise-level subscription for additional features or support or to take on larger challenges across the business. This is buying from the ground up instead of the top down.  

ALTR’s free plan, for example, lets governance and data teams identify sensitive data in Snowflake, see who’s using it, and put basic access controls in place. It allows companies with a smaller need to address it immediately and users at larger orgs get a taste of how the solution would scale across all their data. A clear upgrade path makes it easy to grow as needed.  

Fact: “Free” can deliver more value than you might expect

So, while low cost or free may seem suspicious when it comes to clothes or furniture (or bottles of water!), software is a different beast. Technology advances have disrupted the way software is developed and the usefulness it can deliver to business users for low or even no investment. For those who associate free products with a drop in value or quality, it’s time to reconsider our general impulses around pricing to ensure you're not missing out on the real opportunity.  

We recently sat down with Fred Burton, a member of ALTR’s board of advisors, to hear his perspective on the landscape of threats to enterprise data security and integrity. Burton heads the global security practice of Stratfor. Before Stratfor, he was a counterterrorism agent for the U.S. State Department and leader of many high profile international investigations. He is an author whose four books include the best-selling “GHOST: Confessions of a Counterrorism Agent.”

ALTR: Your career in security has spanned the era of punch cards and rotary phones, the days of the first microcomputers, and now you have moved on to security in the age of cloud computing, AI and big data.  How has protection of data moved from the periphery to the center of your field of vision?

BURTON: Well, the first line of concern has always been the insider threat. And that threat has been transformed by an order of magnitude through the transformation of information storage from paper and filing cabinets to servers and the cloud. In the government space in particular, we had plenty of insider threats in the 1950s, 1960s and 1970s, but there were limits to  how many 201 files as we called them (source and personnel files) that you could walk out with in a briefcase or what you could photograph with a tiny Minox camera. Now even the ease of theft enabled by a memory stick is growing old as thievery is conducted from across the globe with stolen goods finding a ready market on the dark web. In today’s digital economy, the bad guys don’t even need to get out of their pajamas anymore.

ALTR: When you think about what we call insider threats, how do you see the interplay of internal threats conducted by truly bad actors vs. those that result from carelessness or ignorance, the classic problem of the 123321 password, for example?

BURTON: Actually, I think of it not in terms of the interplay of two categories of insider threat but three categories. For starters, you’ve got the need for digital solutions, be those at the heart of the data ecosystem as with ALTR or older solutions focused on the network or network endpoints.

The second category is what I call situational awareness. This is the training, the enforcement of internal security policies, the general commitment to security hygiene if you will. There’s a role of growing importance for HR to play in every enterprise. The last category that could use some more attention is the threat of intellectual property that can leak out of the C-suite if not protected by NDAs, policies for talent retention and ethics standards. Everybody’s chasing top talent these days and your most talented are usually reservoirs of knowledge about data if not data itself. This is where legal departments really need to step up their game.

ALTR: How are enterprises doing today? What’s working, what’s not?

BURTON: Well, cyber and data security is on the minds of just about every executive I talk to, from medium-sized domestic firms to global multinationals. And everyone is looking for a quick magic potion, a simplistic, brass ring of a solution that can be put on autopilot and spit out the next Edward Snowden before he’s done anything. What I think is more realistic and useful are security concepts that reduce and mitigate risks and those that quickly stem the bleeding when injury occurs. We need to think in terms of cocktail solutions and less about silver bullets.

ALTR: What do enterprises need to change to prevent future breaches?

BURTON: This follows really on my points about managing three categories of threats and the elusive hunt for magic potions. Enterprises need to be thinking broadly, not narrowly. But when it comes to action, it’s a similar kind of comprehensiveness in the solution architecture that is one of the things that appealed to me about ALTR’s technology from the first day I saw it. It’s not just about fire alarms to alert you to the conflagration – though you need those too. It’s about the smoke alarms that alert you before the fire actually erupts in flames and before the damage can spread. As a former investigator, you can well imagine that ALTR’s quick sand as I call it, the picture of digital truth that immutability records virtually all behavior in the interaction of personnel with data, is a very powerful and valuable tool. It’s this immutability enabled by blockchain that I believe is really critical to secure the future of the data economy.

ALTR: When it comes to data security, what keeps you up at night?

BURTON: I worry a great deal about systemic threats, the risks to the ecosystem of distinct businesses. It relates to our discussion of the transformation in a very short time from a world of filing cabinets to a world of cloud-based information measured in terabytes of data. And if enterprises need to spot the smoke before the fire, then business ecosystems need to spot the brush fire before it engulfs the entire forest. It’s not enough, sadly, for any enterprise to have its own house in order. If data integration along the supply chain is not protected, if vendors are breached or sales partners are careless, the result can be domino effects. From banking to hospitals to power grids, the potential of the domino effect is real and growing. And the fastest growing dimension of the overall threat matrix is, of course, the Internet of Things, IoT, that will be woven into the fabric of every enterprise. This is just one element of this that really does keep me up at night. It’s not a figure of speech.

ALTR: What’s your advice to security leaders out there?

BURTON: Think holistically. That’s the key in my view. A holistic approach to security, of course, needs to include the old school elements: hiring practices, an eye on personnel issues that may lead to desperation and carefully written contracts and NDAs. But far beyond that, the technology we use to confront threats to data, particularly insider threats, needs to be comprehensive and holistic. We need technology that protects data from being breached. But just building bigger walls and moats around the castle, which is where a great deal of thinking is stuck today, is not enough. To carry the analogy, we also need to know what’s going on inside the castle. We need deft use of technology that allows real time monitoring of data access, use and consumption. This is critical not only to enforcing policy on data, but also to establish policy. And lastly, as I mentioned, we need tools that yield a mitigation roadmap, a picture of digital truth, if and when a breach is attempted. This is the cocktail approach we need to embrace. Without this new tool set and attitude, risk mitigation and management is akin to a surgeon practicing without the benefit of X-rays.

‍

It’s been a little more than six months since we announced our direct cloud integration with Snowflake, and during that time the cloud data platform environment has only continued to heat up. In June, Snowflake's third annual user conference brought a focus on Global Data Governance as one of the platform’s five key pillars and with that, new capabilities like anonymized views and PII classification. And the company’s just announced Q2 results reflect its continued importance in the market with 103% year-over-year growth.

In the six months since the release of our integration, ALTR has added new joint customers including HumanN, The Zebra and Welltok. And we’ve utilized Snowflake’s native features like masking policies and external functions to deliver unique solutions to our shared customers.

‍Tarik Dwiek, Head of Technology Alliances at Snowflake, said,

“ALTR is an innovator in using Snowflake’s extensibility features. By utilizing these features, they’re able to deliver powerful data protection and security natively integrated, allowing our customers to get more value from their Snowflake investment.”  

We’ll continue to leverage new native capabilities to tackle crucial data governance and security challenges for our customers as they move to Snowflake.  

The Snowflake Security Road So Far:  ‍

A Security-First Approach to Re-Platforming Data in the Cloud

Q2's Chief Availability Officer Lou Senko, Snowflake's Head of Cyber Security Strategy Omer Singer, and ALTR CTO James Beecham discuss how innovative organizations like Q2 are taking a security-first approach to migrating from on-premises databases to cloud data warehouses, mitigating risk while maximizing their data strategy. ‍

Do You Know What Your Tableau Users Are Doing in Snowflake?


When companies use a shared service account for Tableau access to Snowflake, it becomes impossible to see and control sensitive data access by individual users. ALTR solves this with some sophisticated development in our platform that requires just a simple change in Tableau to activate. See how Snowflake DBAs can configure and manage one Tableau service account, yet get per user visibility and governance as if every end user had their own account.  ‍

Humann Utilizes Data Consumption Intelligence to Better Govern Customer Data

Customer-centric hyper growth company HumanN is focused on creating and delivering superior functional nutrition products for the health and fitness industry. Because customer outreach is a large part of its mission, the company holds a significant amount of customer personally identifiable information (PII) in Snowflake so protecting that data was essential to maintaining compliance and trust. See how ALTR helped with sensitive data discovery, consumption visibility, and purpose-based access control in Snowflake, all less than 40 days.   ‍

Plowing Through Data Governance Challenges and Security Risks on the Road to Snowflake

Our Director of Customer Success and Support, Jennifer Owens, works with companies to understand their challenges and help them build a plan to achieve their goals by utilizing the Snowflake + ALTR native solution. Here she shares use cases around securing consolidated enterprise data, enabling compliant PHI sharing, securing highly sensitive data and more.   ‍

Moving to the Cloud Doesn't Have to Be Daunting for Small and Mid-size Financial Institutions

Small- and mid-size financial institutions might think moving to the cloud is a huge lift or a big risk, but it doesn’t have to be. ALTR Account Director Paul Franz explains how you can move your enterprise data warehouse to the cloud, easily and safely with Snowflake + ALTR’s “secure cloud data warehouse-in-a-box”.    ‍

Snowflake Data Governance Buying Guide

Wherever you are in your Snowflake journey, it’s never too early or too late to think about how to handle sensitive data governance and security. But, it’s not always clear how the options stack up and what you really need. We put together this buying guide to help you understand the differences that really matter and what questions you should be asking as you evaluate your next move.  

It’s been an amazing six months, but like a lot of you, we feel like we’re just getting started on our Snowflake journey. And we can’t wait for the next step!  ‍

See how ALTR can help ensure your sensitive data is governed and secured in Snowflake: get a demo!

We are proud to announce that ALTR has been selected as a finalist for Bank Director’s Best of FinXTech Awards, in the category “Best Solution for Protecting a Bank.” This selection recognizes the power of our data security as a service (DSaaS) platform to protect the sensitive data created, stored, and shared by financial software applications.

Our DSaaS approach to safeguard data embeds governance and at-rest protection natively into applications. That allows application teams to implement security during the development cycle and then hand off the management of governance and protection policies to security and compliance teams, rather than having security added as an afterthought by IT departments. This approach results in better protection from breaches and intrusion for application data.

The highest level of data protection for financial services software

ALTR DSaaS has been adopted by companies in diverse industries. The FinXTech selection particularly cited our work with Q2 eBanking, a multi-billion dollar digital banking solutions company that selected the ALTR platform to create Q2 TrustView. ALTR renders the data used by Q2 TrustView virtually inaccessible to bad actors, providing the highest level of protection for the account holders at the financial institutions that Q2 serves.

Through the Best of FinXTech Awards, Bank Director recognizes the efforts of emerging financial technology solutions that best help a financial institution grow revenues, create efficiencies, or reduce risk. Bank Director, a leading information resource for banking leaders, awards its Best of FinXTech to top-rated financial technology companies in seven different categories. Awards are based on Bank Director’s analysis of each solution’s capabilities, which includes phone interviews with each of the finalists and their banking clients, in-depth case studies on each solution, and the votes of a panel of industry experts.

Mika Moser, President of Bank Director and FinXTech, offered more perspective on ALTR’s selection: “As a trusted resource for U.S. Banks, Bank Director are excited to recognize technology companies, like ALTR, who are driving real growth for financial institutions through new products, increased security, and operational enhancements.”

By delivering DSaaS, ALTR allows developers to embed data monitoring, governance, and at-rest protection natively at the application layer. Supported by private blockchain technology, our platform provides an API and scalable smart database drivers that make it possible to virtually eliminate data access risks, making applications more portable and cost efficient to implement and maintain than traditional applianceware or outdated endpoint security systems.

We are pleased that Bank Director, which connects U.S. bank leaders with technology partners driving innovation, has recognized us with this selection.

When Tableau was founded in 2003, business intelligence (BI) was still in its infancy. It was a critical but specialized skillset utilized by a handful of power users in a company who ran reports and pulled visualizations for the rest of the company. When the quantity of users was small it was doable to install the Tableau desktop client on that limited number of systems, and the relatively small number of users made tracking every user’s access to data feasible.  

Since then, the amount of data business creates, stores and utilizes has exploded, along with the value extracted in analysis of that data. Whether it was the insights gained by using a BI tool or just the dazzle of gorgeous charts and dashboards, business professionals have clamored for access to Tableau, drastically increasing the number of users.

In order to scale with this growth, Tableau transitioned to a more modern architecture. Multiple instances of Tableau Desktop are no longer installed on individual desktops but instead one instance of Tableau Online lives on a server – either in the company’s datacenter or on the cloud – that users access via web browser. With no need to install or manage software on each desktop, many thousands of employees from a single company can be set up as users and easily access the tool.  

However, just like with any move from a client/server application to a web-based application, there was a tradeoff. With the increase in scalability there came a loss in granularity over who is accessing the data. This leads to the critical question: how to govern individual user access to Snowflake data via Tableau?  

The Tableau-Snowflake conundrum

Users still have individual username and password to access Tableau, but the data itself lives in a separate cloud-based database like Snowflake. Tableau admins have at least two options for configuring the tool’s access to Snowflake:

1. Create individual Snowflake accounts for each Tableau user: This is the approach recommended by many experts in the data governance realm: Fred Bliss from Aptitive talked about why this is better on The Data Planet. Individual accounts enable visibility and control over specific user access and data usage, but also come with downsides. Set up requires a significant amount of work from DBAs: they have to create and administer two accounts for every user – a Tableau account and a Snowflake account. This becomes quickly unmanageable when you’re talking about 10,000 users. And, having thousands of access points into Snowflake creates an exponential data security risk; every additional account is another that could be compromised.

2. Utilize a single Snowflake service account for Tableau: this is the approach many companies take to get started faster. In this scenario, when individuals log into Tableau and request data, there is a single Tableau service account that accesses Snowflake and withdraws the data. This provides simplicity of management, but completely removes the ability to place user-based governance or security on the data. If you can’t see which user is accessing which data, you can’t apply masking on specific columns. You can’t stop credentialed access threats because there’s no way to limit consumption for specific users. It’s just one huge firehose of 10,000 users all appearing to Snowflake as if they’re one person. All of the users share the same permissions which gives any user the power to download all of the data because there’s simply no way to differentiate. This means there’s no audit trail or record of individual data consumption which can lead to serious compliance issues. And, if there is a breach, access would need to be cut off completely. It’s binary – data is either flowing to everybody or data is flowing to nobody. All of this combines to create a huge hole around data security in Tableau.

Ideally, governance and security policies could be configured and managed on the user accounts in Tableau, but that feature isn’t available today. Tableau sees this as a database function. Which brings us full circle back to creating thousands of user accounts in Snowflake in order to govern individual access.  

Tableau and Snowflake user-level data access visibility and control with ALTR

We’ve run into several companies facing this same issue and have developed a unique solution: ALTR can employ contextual info provided by Tableau to distinguish users and apply governance policies on the data in Snowflake. With a simple, one-time configuration of a SQL variable in Tableau server, the service account that Tableau uses to connect to Snowflake can send through information on which one of the thousands of Tableau users is making the request and share that information with ALTR. ALTR can then apply governance and security policy on that Tableau user as it would on any other individual Snowflake account.

And that’s it – there are no additional steps required in Tableau, Snowflake or ALTR. If you're an ALTR customer with Snowflake and you use Tableau server or Tableau online, you can get to this specific level of individual user visibility and governance in less than an hour just by making that one small change.  

The best of both worlds for Tableau and Snowflake users

Without a way to ensure that sensitive and regulated PII data can be monitored and controlled when accessed by BI tools via bulk service accounts, many companies are forced to exclude that data from their analytics tools, leading to a less than 360 view of the business.

ALTR’s solution delivers the best of both worlds: Snowflake DBAs only have to configure and manage the one Tableau Snowflake service account, yet they get per user visibility and governance as if every end user had their own account. This means they can implement access controls, apply masking policies, and stop credentialed access threats on thousands of end users — allowing continued access to data without putting the data at risk. That means companies can include the sensitive data they need in order to get a full view of the business and extract the most value from their data and Snowflake.

And ALTR is the only data governance and security provider for Snowflake delivering this capability. It’s another example of our drive to build SaaS-based functionality that is quick and easy for our customers to deploy while delivering powerful data control and protection.  

Get Tableau Snowflake service account user data governance in the ALTR Free plan: Start now!

The Data Governance and Information Quality Conference is just around the corner, and we’re hyped for it! Data Governance has screamed to the top of many priority lists this year as companies adopt the controls they need to get value from data while keeping it safe. It makes sense, as multiple US states now have privacy regulation in place, with US federal privacy laws looming as well. We’re crossing a point where governance tools and processes need to be in place before you can appropriately use data, otherwise your company is at risk of not just data breaches, but the new and increasing regulatory fines that come with them. At DGIQ this year, we’re excited to learn more about the governance standards that are firming up, along with the trends we can expect going into 2022. Below are some of the presentations we’re particularly looking forward to.  

Aligning Data Strategy with Data Governance

This session is all about how organizations can incorporate data governance into their overall data strategy. We look forward to Donna sharing her insights into how effective data governance can actually increase your organization’s ability to get value from data.

Description: In today’s data-driven enterprise, creating a data strategy can seem more complex than ever. Not only is innovation in technology occurring at a more rapid pace than ever before, but as more business stakeholders become involved with data-centric initiatives, “people-centric” initiatives such as data governance increase in importance as well. This workshop demystifies data governance and data strategy and provides practical steps in creating a robust data strategy that encompasses people, process, and technology to provide concrete and demonstrable business value.

Donna Burbank, Managing Director, Global Data Strategy, Ltd.

Using Data Governance to Help Cure Blood Cancer at Be the Match

Be the Match has a noble goal but has to deal with extremely sensitive information in order to achieve that goal. Any healthcare organization can gain some great insights from this session.

Description: Be the Match has an important job to do, we provide cures for blood cancer. Data is at the heart of our mission, but it’s not always easy to see the role that data governance plays in it. In this presentation, we will review how Be the Match is successfully approaching data governance in a way that keeps our life-saving mission at the forefront of our data governance initiatives, and vice versa.

Heidi Perry, Manager, Data Governance & Services, Be the Match

As a side note: joining the donor registry for Be the Match is simple and easy. We’d love it if you considered doing so.

Analytics-Focused Data Governance

This session discusses the importance of a Data Governance Center of Excellence (COE), and how it can help operationalize DG in your organization. We’re huge fans and look forward to seeing how West Monroe Partners helps their customers implement governance for the long term.

Description: Companies gather data at increasing volume and velocity. Many have realized the need to create a Data and Analytics Center of Excellence. While we recognize there are several key areas of development necessary to achieve this goal, we will focus on key elements to building a successful Data Governance (DG) CoE.

Like any enterprise asset, data needs to be curated with the ideal end state in mind. Standing up a DG CoE early will define organizational needs and reduce downstream challenges. The scope and structure will vary by organization, but the goal is the same: Optimize enterprise data management to maximize value for and empower end-users throughout the organization.

The DG COE should include:

• Organizational Structure and Engagement Model
• Data Governance Maturity Assessment
• Data Security, Privacy, and Compliance (e.g., GDPR, PHI, PII)
• Change Management

• Enterprise Data Management and Measurement

Alice S Huang, Senior Manager, West Monroe Partners

We look forward to seeing you at DGIQ! Be sure to stop by our booth (#18) while you’re there for some fun prizes and giveaways, along with a chance to see some incredible people in person for a change.

We had a great time last week at DGIQ in San Diego! Thanks to everyone who stopped by the booth to chat – it was fantastic to see you all in person! We had some thought-provoking conversations, and we heard some similar themes across those discussions. Many people we spoke to were focused on the process and policy-writing part of data governance, others were just starting their governance journey with a data catalogue, and many more were feeling the pressure from the disruption Snowflake is creating as their companies rapidly move data to the cloud.  

Although data governance has been around a while, the industry may be more confusing or bewildering or exciting than ever before. With that in mind, we’ve gathered a few resources to address some of the discussions we had:  

What does “data governance” even mean today?

While the idea of data governance is not new, how it is defined seems to be shifting as data becomes critical to more companies across every industry. In the past, vendors may have just focused on helping you know about your data: data discovery, data classification and data cataloging. ALTR CEO Dave Sikora has written a couple of posts explaining why just knowing about and cataloguing your data is not enough in today’s regulatory environment. The true end goal has to be keeping sensitive data safe and secure.  

• No Matter What You Call It, Data Governance Must Control and Protect Sensitive Data
• Thinking About Data Governance Without Data Security? Think Again!  

Is there just one right way to implement data governance?

Many of the people we spoke to seemed to believe that a data governance journey has to be sequential: you start with data cataloguing, then you write policies that define who gets access to the data and how, then you hand that off to your security team to implement the control and enforcement. But the truth is you don’t necessarily have to go in order and maybe you shouldn’t. What if you could easily find and classify sensitive data, place policy-based controls on it AND start to see how it’s used all at the same time, in one tool? What if seeing how data is used gave you surprising insights that affected the policies you place around it? These blog posts from ALTR’s Pete Martin, Doug Wick, and Paul Franz explain why to consider a different approach and how ALTR can help.  

• Introducing ALTR's Support for Sensitive Data Classification
• Why “Why?” is the Most Important Question in Governing Data Access
• The Hidden Power of Data Consumption Observability

When should you begin data governance and security?

The fast pace of data movement to the cloud has stirred up all kinds of issues, with data governance and security sometimes treated as an afterthought. Teams may think it’s too soon or they’re just getting started. ALTR CTO James Beecham explains why sooner is actually better to make sure you’re getting the most of your cloud data warehouse. And why it doesn’t have to be time-consuming, complicated, costly or slow down the project – embracing a data control and protection solution from the beginning can actually help teams keep up with the speed of their business.  

• Go Further, Faster with Snowflake and ALTR

If you didn’t get a chance to stop by the booth and want to hear more, contact us! We’d love to chat.

When many of us think about data security… Oh wait, many of us don’t think about it until there’s an incident or a breaking news story about a breach of our personal data. But if we do, it’s often a mysterious process, accessible only to large enterprises, hidden even from the rest of the company. The data security team is pictured secluded in a dark corner of the office, setting up and monitoring security controls like something out of the Matrix—with tools just as complicated and incomprehensible.  

This might have been acceptable when data was only gathered by the largest companies and safely ensconced inside the perimeter of their gigantic data centers. Data security could be centralized and siloed because data was as well. But with the increase in remote work, digital transformation, and the drive to utilize data across businesses of all sizes, sensitive data is now everywhere. And data security must follow. It must come out of the shadows and become accessible to everyone.  

Disempowered data users

While data is a key vulnerability for essentially every company, until recently most companies didn’t want to acknowledge the risk. But now, with a new data breach announcement like the recent Robinhood leak every few weeks, the problem is impossible to ignore. The combination of shadowy data security with the seemingly unending parade of breaches has led to a situation where everyone from users to companies to consumers might feel like it’s impossible to keep data safe.  

At the same time, new regulations around data privacy protection keep rolling out. In order to comply with these regulations, companies often run a siloed process where the laws are first interpreted by in-house lawyers or governance teams, then policies are created and handed over to data and/or security teams to implement. End users who actually understand how data needs to be utilized are often left out – rules are imposed from the outside, and enforcement is inscrutable. This can make data users feel cut off from the process of protecting it.  

Engaged consumers expect a more transparent process

This disjointed, top-down process is the complete opposite of today’s consumer buying experiences. When evaluating a new product or solution, they don’t want to be told – they want to be shown. They expect the opportunity to try things out for themselves and evaluate experiences through their own perspective.  

It only makes sense that the same would hold true for business users looking to protect sensitive data. They should have the opportunity to see for themselves how data security solutions work, and even more than that, they should have input into the data governance and control process. Policies should not just be handed down from above and left to be implemented in a black box.  

Unfortunately, the traditional buying process for enterprise software, let alone data security, has not been at all transparent. That was one of the big factors in our decision to release the ALTR free plan.  

A collaborative approach to data control and protection

We basically took the traditional software sales model and flipped it on its head. Now, people across the company can try it for themselves: they can implement ALTR on Snowflake for free. They can start to understand how the solution works and also how data is used in their company – what data is accessed and who needs it. Policies can be created collaboratively and organically with input from actual users.  

A free version also makes data security available to smaller businesses. Startups and mom and pops know they need business basics like credit card processing and a website, but data security may not be on the “essentials” list. However, even the smallest company now has a mailing list or a loyalty program containing customer PII that should be protected. In fact, it might be even more crucial as the reputational impact of a leak could be even more devastating. We believe data security should be a key component of business culture from the smallest to the largest organizations.  

Data governance and security based on insight

Bringing more users into the process means it’s imperative we make the ALTR solution as easy and intuitive as possible. But it also means guiding users who may be new to data security by providing insights into how data is used and how it needs to be protected.  

Some users may know exactly what they want to do, but others might be unsure. Either way you can start with just observing: see who is accessing what data, when and how much. You could think of this like an online banking account. Maybe you log in to pay specific bills, but you may also be interested in how you’re spending your money, looking at expenses grouped by category, and building a budget around that. You can find similar, helpful insights around data usage in ALTR.  

In our own product, we see that users are most likely to visit our Analytics feature both before and after viewing their data access policies. In fact, since adding the Heatmap and Analytics to the platform we’ve seen many users dive deep into these features with an uptick in how long users spend on these pages. The close relationship between these pages in the user experience is encouraging us to develop ways to help our users adjust their policies based on what they see in Analytics.  

Data security for all

We often hear companies say, “security is everyone’s responsibility.” But how could it be when most of us are left out of the process? Data security should be for all. We wouldn’t accept a world where only the largest homes behind security fences with guards at the gates were safe from break-ins. Today, consumers have access not only to effective window and door locks but also internet-connected cameras. They are now aware when a package is delivered or if there’s a porch pirate snooping around. Why wouldn’t we expect the same visibility and security for our private data?

With the right tools in place, everyone can feel in control and prepared to keep data safe.

Get started with ALTR Free right now.