BLOG SPOTLIGHT
Navigating the chaos of data security in the age of GenAI—let’s break down what needs to happen next.
Read more
Popular
Sep 20
0
min
ALTR Welcomes Laura Malins as VP of Product
ALTR continues to strengthen its leadership team, and the latest addition brings a wealth of technical expertise and a fresh perspective to our growing company. We’re thrilled to welcome Laura Malins as the newest member of the ALTR family and VP of Product. With over a decade of experience in data, Laura’s extensive background across industries and technical roles makes her an invaluable asset as we continue to push the boundaries of data security and governance.
From Matillion to ALTR: A Proven Leader in Data Innovation
Laura joins us from Matillion, where she spent the past ten years shaping the future of data transformation. As VP of Product, she ran the Matillion ETL Product and spearheaded the launch of their revolutionary SaaS offering, Data Productivity Cloud. Her ability to understand deeply technical challenges and translate them into user-friendly solutions has earned her recognition as a product leader in the data space.
“I’ve worked with ALTR for a few years now and have always admired the company and the product. Data security platforms are becoming more pertinent than ever, and ALTR’s innovative product is well-positioned to support compliance and security requirements. I’m delighted to join such a strong and ambitious team, and I look forward to taking the product to the next level,” Laura shares.
Laura’s deep technical expertise and user-focused approach will be pivotal in pushing ALTR’s product suite to new heights. Her ability to bridge the gap between complex data challenges and practical, user-friendly solutions aligns seamlessly with our vision of delivering powerful, scalable data access control. With her proven leadership, we anticipate not just product evolution but transformation—bringing enhanced capabilities to our customers while staying ahead of the ever-evolving data security landscape. Laura’s leadership will help us continue empowering businesses to protect their most valuable assets while driving innovation forward.
Sep 19
0
min
Data Security for Generative AI: Where Do We Even Begin?
If you haven’t noticed the wave of Generative AI sweeping across the enterprise hardware and software world, it certainly would have hit you within 5 minutes of attending Big Data London, one of the UK’s leading data, analytics, and AI events. Having attended last year’s show, I can confidently say AI wasn’t nearly as dominant. But now? It’s everywhere, transforming not just this event but countless others. AI has officially taken over!
As a data security focused person, it is exciting and terrifying to see all the buzz. I’m excited because it feels like we’re on the verge of a seismic shift in technology—on par with the rise of the web or the cloud—driven by GenAI. And I get to witness it firsthand! But it is terrifying to see all the applications, solution consultants, database vendors and others selling happy GenAI stories to customers. I could scream into the loud buzz of the show floor, “We have seen this movie before! Don’t let the development of GenAI applications outpace the critical need for data security!” I’m thinking about the rush to web, the rush to mobile, the rush to cloud. All of these previous shifts suffer from the same thing: security is boring and we don’t want to do it. What definitely wasn’t boring was using a groundbreaking mobile app from 1800flowers.com to buy flowers—that was cool! Let’s have more of that! Who cares about security, right? That can wait…
Cyber security, and data security in particular, have had the task of keeping up with the excitement of new applications for decades. The ALTR engineering office is in beautiful Melbourne, FL just a few hours away from Disney. When I see a young mother or father with a concerned look racing after their young child who couldn’t care less that they are about to get run over by a popcorn stand, I think “Application users are the kids, security people are the parent, and GenAI is whichever Disney character the kid can’t wait to hug.” It’s cute, but dangerous. This is what is happening with GenAI and security.
As applications have evolved so has data security. Below is an example of these application evolutions and how security has adapted to cover the new weaknesses of each evolution.
What is Making Generative AI Hard to Secure?
The simple answer is: we don’t fully know. It’s not just that we’re still figuring out how to secure GenAI (spoiler: we haven’t cracked that yet); it’s that we don’t even fully understand how these Large Language Models (LLMs) and GenAI systems truly operate. Even the developers behind these models can’t entirely explain their inner workings. How do you secure something you can’t fully comprehend? The reality is—you can’t.
So, what do we know?
We know two things:
1. Each evolution of applications and data products has been secured by building upon the principles of the previous generation. What has been working well needs to be hardened and expanded.
2. LLMs present two new and very hard problems to solve: data ownership and data access.
Let’s dive into the second part first. To get access to the hardware currently required to train and run LLMs we must use cloud or shared resources. Things like ChatGPT or NVIDA’s DGX cloud. Until these models require less hardware or the hardware magically becomes more available, this truth will hold.
Similar to the early days of the internet, sensitive information was desired to be sent and received on shared internet lines. The internet was great for transmitting public or non-sensitive information, but how could banking and healthcare use public internet lines to send and receive sensitive information? Enter TLS. This is the same problem facing LLMs today.
How can a business (or even a person for that matter) use a public and shared LLM/GenAI system without fear of data exposure? Well, it’s a very challenging. And not a problem that a traditional data security provider can solve. Luckily there are really smart people working on this solution like the folks at Protopia.ai.
So, data ownership is being addressed much like how TLS solved the private-information-flowing-on-public-internet-lines. And that’s a huge step forward. What about data access?
This one is a bit tougher. There are some schools of thought about prompt control and data classification within AI responses. But this feels a lot like CASB all over again, which didn’t exactly hit the mark for SaaS security. In my opinion, until these models can pinpoint exactly where their responses are coming from—essentially, identify the data sets they’ve learned from —and also understand who is asking the questions, we’ll continue to face risks. Only then can we prevent situations where an intern asks questions and gets answers that should only be accessible to the CEO.
Going back to what we know, the first item, we will need to build upon the solid data security foundations that got us to this point in the first place. It has become clear to me that for the next few years, Retrieval-Augmented Generation (RAG) will be how enterprises globally interact with LLMs and GenAI. While this is not a silver bullet, it’s the best shot busineses have to leverage the power of public models while keeping private information safe.
With the adoption of RAG techniques, the core data security pillars that have been bearing the load of a data lake or warehouse to date will need to be braced for extra load.
Data classification and discovery needs to be cheap, fast, and accurate. Businesses must continuously ensure that any information unsuitable for RAG workloads hasn’t slipped into the database from which retrieval occurs. This constant vigilance is crucial to maintaining secure and compliant operations. This is the first step.
The next step is to layer access control and data access monitoring such that the business can easily set the rules for which types of data are allowed to be used by the different models and use cases. Just as service accounts for BI tools need access control, so to do service accounts for the purposes of RAG. On top of these access controls, near-real-time data access logging must be present. As the RAG workloads access the data, these logs are used to inform the business if any access has changed and allows the business to easily comply with internal and external audits proving they are only using approved data sets with public LLMs and GenAI models.
Last step, keep the data secure at rest. The use of LLMs and GenAI will only accelerate the migration of sensitive data into the cloud. These data elements that were once protected on-prem will have to be protected in the cloud as well. But there is a catch. The scale requirements of this data protection will be a new challenge for businesses. You will not be able to point your existing on-prem-based encryption or tokenization solution to a cloud database like Snowflake and expect to get the full value of Snowflake.
When prospects or customers ask me, “What is ALTR’s solution for securing LLMs and GenAI” I used to joke with them and say, “Nothing!” But now I’ve learned the right response, “The same thing we’ve always done to secure your data—just with even more precision and focus for today’s challenges.” The use of LLMs and GenAI is exciting and scary at the same time. One way to reduce the anxiety is to start with a solid foundation of understanding what data you have, how that data is allowed to be used, and whether you prove that the data is safe at rest and in motion.
This does not mean you cannot use ChatGPT. It just means you must realize that you were once that careless child running with arms wide open to Mickey, but now you are the concerned parent. Your teams and company will be eager to dive headfirst into GenAI, but it’s crucial that you can articulate why this journey is complex and how you plan to guide them there safely. It begins with mastering the fundamentals and gradually tackling the tough new challenges that come with this powerful technology.
Sep 9
0
min
ALTR Expands GTM Team with Powerhouse Hires to Lead the Charge in Data Security
ALTR isn’t just keeping pace with the evolving data security landscape—we’re setting the speed limit. As businesses scramble to safeguard their data, ALTR is not just another player in the game; we’re the go-to solution for bulletproof data access control and security. And today, we’re doubling down on that promise with three strategic hires to turbocharge our Go-To-Market (GTM) strategy.
Meet the Heavy Hitters
Christy Baldassarre
Christy Baldassarre joins us as our new Director of Marketing, bringing a formidable blend of strategic vision and execution prowess. With a track record of driving brand growth and market penetration, Christy excels at crafting compelling narratives that resonate with target audiences. She’s a master at turning complex concepts into clear, impactful messaging and knows how to leverage the latest digital marketing tactics to amplify ALTR’s voice.
"I am excited to be on such a great team and to be a part of taking ALTR to the next level. I chose ALTR because of its excellence in Cloud Security and Data Protection. This is a great opportunity to collaborate with such a visionary team and contribute to groundbreaking solutions that not only push boundaries but set new standards of how to keep everyone’s data safe." - Christy
Rick McBride
Rick McBride, our new Demand Gen Manager, brings a deep expertise in go-to-market strategy. With a strong foundation in business development, Rick has honed his skills in identifying opportunities and driving pipeline growth from the ground up. He’s not just about crafting campaigns; Rick knows how to connect with decision-makers and convert interest into action.
“A successful go-to-market strategy thrives on seamless collaboration across various teams, and our GTM group is poised to be the driving force behind it. We're set to champion the Snowflake ecosystem—engaging with customers, Snowflake’s Field Sales team, and partners alike—to fuel strategic growth. By leveraging Snowflake's powerful native capabilities in Security and Governance, we aim to deliver at the speed and scale that Snowflake users expect. We're thrilled to extend this value to every organization that prioritizes and trusts Snowflake for their data management needs!” - Rick
George Policastro
Next, we've got George Policastro as our newest Account Executive. George is a seasoned sales professional with a proven track record of closing complex deals and delivering results. His strengths lie in his ability to deeply understand client needs, build lasting relationships, and strategically navigate the sales process to drive success.
"I’m thrilled to join ALTR and tackle one of the biggest challenges organizations face today: securing their sensitive data while unlocking its full potential to drive business growth." - George
ALTR: Defining the Future of Data Access Control and Security
The world of data security and governance has evolved dramatically from the days of simple perimeter defenses. Now, we’re dealing with sophisticated, multi-layered security strategies that need to keep up with cybercriminals who are more aggressive and resourceful than ever. The core principles—knowing where your data is, who can access it, and ensuring its protection—haven’t changed. However, as data moves to the cloud, the challenge is achieving these goals at an unprecedented scale and speed.
That’s where ALTR excels. We’re not just providing solutions; we’re reimagining what data access control and security can be in a cloud-first world. By cutting through the complexities and inefficiencies of traditional methods, we deliver a streamlined, scalable approach that makes data security both simple and powerful. Our intuitive automated access controls, policy automation, and real-time data observability empower organizations to protect sensitive data at rest, in transit, and in use—effortlessly and at lightning speed. With ALTR, securing your data isn’t just more accessible; it’s smarter, faster, and designed for today’s dynamic cloud environments.
With our latest GTM team expansion, we’re fortifying our foundation to evolve into a cloud data security market leader who’s not just part of the conversation but is driving it.
Sep 3
0
min
Unleashing the Power of FPE: ALTR Key Sharing Meets Snowflake Data Sharing
In a world where data breaches and privacy threats are the norm, safeguarding sensitive information is no longer optional—it's critical. As regulations tighten and privacy concerns soar, our customers are demanding cutting-edge solutions that don't just secure their data but do so with finesse. Enter Format Preserving Encryption (FPE). When paired with ALTR's capability to seamlessly share encryption keys with trusted third parties via platforms like Snowflake's data sharing, FPE becomes a game-changer.
Understanding Format Preserving Encryption (FPE)
Format Preserving Encryption (FPE) is a type of encryption that ensures the encrypted data retains the same format as the original plaintext. For example, if a credit card number is encrypted using FPE, the resulting ciphertext will still appear as a string of digits of the same length. This characteristic makes FPE particularly useful in scenarios where maintaining data format is crucial, such as legacy systems, databases, or applications requiring data in a specific format.
Key Benefits of FPE
Seamless Integration
FPE maintains the data format, allowing easy integration into existing data pipelines without requiring significant changes. This minimizes the impact on business operations and reduces the costs associated with implementing encryption.
Compliance with Regulations
Many regulatory frameworks, such as the GDPR, PCI-DSS, and HIPAA, mandate the protection of sensitive data. FPE helps organizations comply with these regulations by ensuring that data is encrypted to preserve its usability and format, which can sometimes be a requirement in these standards.
Enhanced Data Utility
Unlike traditional encryption methods, FPE allows encrypted data to be used in its existing form for specific operations, such as searches, sorting, and indexing. This ensures organizations can continue to derive value from their data without compromising security.
The Role of Snowflake in Data Sharing
Snowflake is a cloud-based data warehousing platform that allows organizations to store, process, and analyze large volumes of data. One of its differentiating features is data sharing, which enables companies to share live, governed data with other Snowflake accounts in a secure and controlled manner while also shifting the cost of the computing operations of the data over to the share's consumer.
Key Features of Snowflake Data Sharing
Real-Time Data Access
Snowflake's data sharing allows recipients to access shared data in real-time, ensuring they always have the most up-to-date information. This is particularly valuable in scenarios where timely access to data is critical, such as in financial services or healthcare.
Secure Data Exchange
Snowflake's platform is designed with security at its core. Data sharing is governed by robust access controls, ensuring only authorized parties can view or interact with the shared data. This is crucial for maintaining the confidentiality and integrity of sensitive information.
Scalability and Flexibility
Snowflake's architecture allows for easy scalability, enabling organizations to share large volumes of data with multiple parties without compromising performance. Additionally, the platform supports a wide range of data formats and types, making it suitable for diverse use cases.
The Power of Combining FPE with Snowflake’s Key Sharing
When FPE is combined with the ability to share encryption keys via Snowflake's data sharing, it unlocks a new level of security and flexibility for organizations. This combination addresses several critical challenges in data protection and sharing:
Controlled Access to Encrypted Data
By leveraging FPE, organizations can encrypt sensitive data while preserving its format. However, there are scenarios where this encrypted data needs to be shared with trusted third parties, such as partners, auditors, or service providers. Through Snowflake's data sharing and ALTR's FPE Key Sharing, companies can securely share encrypted data along with the corresponding encryption keys. This allows the third party to decrypt the data within the policies that they have defined and use it as needed.
Data Security Across Multiple Environments
In a multi-cloud or hybrid environment, data often needs to be moved between different systems or shared with external entities. Traditional encryption methods can be cumbersome in such scenarios, as they require extensive reconfiguration or critical management efforts. However, with FPE and Snowflake's key sharing, organizations can seamlessly share encrypted data across different environments without compromising security. The encryption keys can be securely shared via Snowflake, ensuring only authorized parties can decrypt and access the data.
Regulatory Compliance and Auditing
Many regulations require organizations to demonstrate that they have implemented appropriate security measures to protect sensitive data. By using FPE, companies can encrypt data that complies with these regulations. At the same time, the ability to share encryption keys through Snowflake ensures that data can be securely shared with auditors or regulators. Additionally, Snowflake's robust logging and auditing capabilities provide a detailed record of who accessed the data and when which is essential for compliance reporting.
Enhanced Collaboration with Partners
In finance, healthcare, and retail industries, collaboration with external partners is often essential. However, sharing sensitive data with these partners presents significant security risks. By combining FPE with ALTR's key sharing, organizations can securely share encrypted data with partners, ensuring that sensitive information is transmitted throughout the data's lifecycle, including across shares. This enables more effective collaboration without compromising data security.
Efficient and Secure Data Processing
Specific data processing tasks, such as data analytics or AI model training, require access to large volumes of data. In scenarios where this data is sensitive, encryption is necessary. However, traditional encryption methods can hinder the efficiency of these tasks due to the need for decryption before processing. With FPE, the data can remain encrypted during processing, while ALTR's key sharing allows the consumer to decrypt data only when absolutely necessary. This ensures that data processing is both secure and efficient.
Use Cases of FPE with ALTR Key Sharing
To better understand the value of combining FPE with ALTR's key sharing, let's explore a few use cases:
Financial Services
In the financial sector, organizations handle a vast amount of sensitive data, including customer information, transaction details, and credit card numbers. FPE can encrypt this data while preserving its format, ensuring it can still be used in legacy systems and applications. Through Snowflake's data sharing, financial institutions can securely share encrypted transaction data with external auditors, partners, or regulators, along with the necessary encryption keys. This ensures compliance with regulations while maintaining the security of sensitive information.
Healthcare
Healthcare organizations often need to share patient data with external entities, such as insurance companies or research institutions. FPE can encrypt patient records, ensuring they remain secure while preserving the format required for healthcare applications. Snowflake's data sharing allows healthcare providers to securely share this encrypted data with third parties. At the same time, ALTR enables the sharing of the corresponding encryption keys, enabling them to access and use the data while ensuring compliance with HIPAA and other regulations.
Retail
Retailers often need to share customer data with marketing partners, payment processors, or logistics providers. FPE can be used to encrypt customer information, such as names, addresses, and payment details while maintaining the format required for retail systems. Snowflake's data sharing enables retailers to securely share this encrypted data with their partners; with ALTR, the encryption keys are also shared, ensuring that customer information is always protected.
The Broader Implications for Businesses
The combination of Format Preserving Encryption and ALTR's key-sharing capabilities represents a significant advancement in the field of data security. This approach addresses several critical challenges in data protection and sharing by enabling organizations to securely share encrypted data with trusted third parties.
Strengthening Trust and Collaboration
In an increasingly interconnected world, businesses must collaborate with external partners and share data to remain competitive. However, this collaboration often comes with significant security risks. By leveraging FPE and ALTR's key sharing, organizations can strengthen trust with their partners by ensuring that sensitive data is always protected, even when shared. This leads to more effective and secure collaboration, ultimately driving business success.
Reducing the Risk of Data Breaches
Data breaches, including financial losses, reputational damage, and regulatory penalties, can devastate businesses. Organizations can significantly reduce the risk of data breaches by encrypting sensitive data with FPE and securely sharing it via Snowflake. Even if the data is intercepted, it remains protected, as only authorized parties with the corresponding encryption keys can decrypt it.
Enabling Innovation While Ensuring Security
As organizations continue to innovate and leverage new technologies, such as artificial intelligence and machine learning, the need for secure data sharing will only grow. The combination of FPE and ALTR's key sharing enables businesses to securely share and process data innovatively without compromising security. This ensures that organizations can continue to innovate while protecting their most valuable asset – their data.
Wrapping Up
Integrating Format Preserving Encryption with ALTR's key sharing capabilities offers a powerful solution for organizations seeking to protect sensitive data while enabling secure collaboration and innovation. By preserving the format of encrypted data and allowing for secure key sharing, this approach addresses critical challenges in data protection, regulatory compliance, and data sharing across multiple environments. As businesses navigate the complexities of the digital age, the value of this combined solution will only become more apparent, making it a vital component of any robust data security strategy.
ALTR's Format-preserving Encryption is now available on Snowflake Marketplace.
Browse All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Jan 4
0
min
Can You Halt a Credentialed Access Threat in its Tracks?
ALTR Blog
Imagine this scenario: you’re a CISO for a multi-billion-dollar retailer or manufacturer. Data has become critical to how your business is run. So much so that you have one thousand-plus users accessing data from Snowflake, and you have a data analysis team of 40. Early one morning an analyst appears to run a query that would return more than 7 million rows of PII data.
What happens next? Does he get the data, or do you stop him?
It all depends on the choices you’ve made up to that point…
Plot your data observability and security path
Before you get to this juncture, there are a few critical steps you can take to ensure you have the right information and options available to you.
1. Everything starts with Observability – ALTR’s integration with Snowflake provides complete observability over any sensitive data you tell ALTR to watch. This ensures that every request for, and usage of, this data is recorded and available to you as soon as it’s added to ALTR.
2. Next comes data consumption patterns - The next step is patterning data consumption so you can begin to understand what normal consumption looks like. The easiest way to do this is by setting up a scaled set of “alert and log” signals in ALTR, which can be streamed to your Snowflake Security Data Lake. This will allow you to group access records by tiered amounts and give you additional context into which roles and users access what types of data and in what quantities. A sample tier of Alerts could include logging any users and/or roles which request:
- 100 values (alert & log)
- 1,000 values (alert & log)
- 10,000 values (alert & log)
- 100,000 values (alert & log)
- 1,000,000 values (alert & log)
3. Seeing what "normal" looks like - After just a week, data usage alerts in your SIEM or in your Snowflake Security Data Lake can easily be visualized into a curve that represents your normal data consumption pattern. For example, the details below demonstrate that 99.5% of data consumption is made through requests for 10,000 or fewer records, while 81.4% occurred through requests for 1,000 records or less.
- (368) 100 value alerts = 28.5%
- (685) 1,000 value alerts = 53%
- (234) 10,000 value alerts =18.1%
- (6) 100,000 value alerts = .5%
- (0) 1,000,000 alerts = 0%
4. Reducing the risk - Understanding how various users and roles across the business consume data to perform their functions allows you to optimize your access, alerting and blocking polices based on normal and necessary usage. You can set consumption polices just outside of what your alert patterns show you represents normal consumption and, over time, you can refine these consumption limits on an ongoing basis to continually the reduce risk posed by credentialed access threats.
Credentialed access threat detected and data loss halted
Let’s go back to our CISO and the analyst’s early morning access request. With ALTR and Snowflake Security Data Lake in place, the CISO will receive a real-time alert triggering a blocked access for the specific analyst (with no other analyst or data users affected). The CISO asks his team to take a look at the security data lake to investigate. They find that over the past 120 days:
99.7% of all queries run by any role on the analyst team returned 100,000 rows or less
68.4% of queries returned 10,000 rows or less
32.6% returned 1,000 or less
12.7% returned 100 or less
For Analyst II role (this user), the largest query to date returned 1.2 million records
Since his hire, this analyst has averaged 18,788 PII records a day
Daily and hourly details of PII consumption for every user and role:
- Analyst I – average usage is 430 records per hour
- Analyst II – average usage is 2,349 records per hour
- 96.5 % of consumption occurs on M-F between 8am and 6pm CT
With this historical visibility available, it’s obvious this request is completely abnormal. The CISO calls the Director of the analysis team to inform her that the analyst is blocked and that a security event is being investigated. The Director lets the CISO know that this particular analyst is on PTO today. The CISO can then take the step of de-authorizing the analyst’s access to all systems enterprise-wide due to the threat that his credentials have been compromised. A security incident is created, and an investigation is launched.
Choose your own adventure
Credentialed access threats continue to be one of the top drivers of sensitive data breaches according to both the Verizon Data Breach Investigation Report and the IBM Cost of a Data Breach Report. They’re possible to stop, but it’s not as simple as turning on a firewall. It requires preparation and diligence to get ahead of the risk, to first understand what normal data consumption looks like so you can quickly spot abnormal access.
It’s up to you: would you rather be prepared or caught flat footed? Your choice will determine what happens when a credentialed access threat crosses your path.
Sep 15
0
min
Go Further, Faster with Snowflake and ALTR
ALTR Blog
Congratulations on kicking off your Snowflake journey! Or at least thinking about starting your journey with Snowflake. This puts you among the thousands of companies working with Snowflake to extract the maximum value from their data. And, based on what we’ve seen so far, I feel pretty confident that your Snowflake project will be successful. Before you know it, you’ll be inundated with requests – your colleagues will want more and more and more – and they’ll all want the answer yesterday. You’ll go from two users to 10 to 1,000 with no time to catch a breath.
To ensure you’re keeping up with the speed of your business and not lagging behind from day one, it’s critical to have the right tools for your journey from the very start. That means including a data governance and security solution. This may not be on your list of priorities today – maybe you’re focused on other tasks, don’t think you need it, or believe it’s too time-consuming, complicated or costly.
But you won’t be able to get the most value from your Snowflake project as quickly if you don’t have an effective data governance and security solution from the beginning. I’ll explain why.
You will need to include sensitive data and you will need to protect it
One of the primary reasons you’re making the move to Snowflake is to extract the maximum insights from your data to make better business decisions. You might start with anonymized datasets, but you’ll quickly need to include sensitive data to get the most insights, so why wait? The sooner you can run analytics on data that really matters, the faster you can deliver that value to the business. If you plan to do that from the beginning, that means preparing to comply with regulations around data privacy and protection. With new laws popping up across the US monthly, there’s no industry exempt from making sure data is safe from leaks and misuse. And there’s no lag to the risk – the day after you add the data, a trusted user could be phished or data could be misused, violating regulations.
Snowflake data governance and security features can be hard to manage at scale and don’t include all the protections you need
Snowflake delivers the enterprise class security we all expect from leading cloud providers as well as some crucial features for protecting sensitive data, with more added in each new release. However, executing and managing those features must be done manually via SQL code – limiting the number of people who can implement and update policies, restricting your ability to scale easily as your project ramps up with new users and more data.
And, even Snowflake will tell you that it can’t be responsible for who has access, what data you include, or controlling how those two intersect: who should have access to what data. This means there’s no mechanism to stop credentialed access threats or privileged access to sensitive data – if someone has the right log in information, they can take as much data as they like. It’s on you to have a solution in place to stop this.
“Snowflake has a phenomenal security team, world class security posture, but there’s still responsibility on the customer to keep the account secure. And if a user is compromised…there have to be controls in place on the customer’s side to detect that’s happened and to be able to remediate that quickly before the sensitive data gets out,” Omer Singer, Head of Cyber Security Strategy at Snowflake.
Data governance and security don’t have to be complicated or costly or slow you down
Consider ALTR a light addition to your pack that helps you move more quickly down the road:
- Our SaaS solution integrates natively with Snowflake,
- It creates only minimal latency and no scalability issues in your data access,
- It’s easily implemented and managed via a no-code user interface requiring no database engineers or additional FTEs,
- Delivers advanced data governance and security features that Snowflake doesn’t, including consumption observability and limits; predictive consumption thresholds; alerts via text, messaging, email, phone, SIEM or SOC integrations; and tokenization of sensitive data,
- And with our free-for-life plan available on ALTR.com or through Snowflake Partner Connect, you can get started at zero cost today. Download our Quick Start guide to see how easy it is to get going.
Accelerate your Snowflake journey with a boost from ALTR
The best thing you can do for your business is accelerate your adoption of your cloud data platform so you can drive business value faster. Imagine six months down the road, you’re two years ahead of where you hoped to be. Planning your trip right from the start can enable you to do that. You eliminate the need to come to a screeching halt a few months in to think about how to manage data governance and security.
You can keep moving ahead of the speed of your business, leading the way to maximum data value, when you include ALTR from the start.
Jul 10
0
min
Top 4 Takeaways From the Gartner Security & Risk Management Summit
ALTR Blog
A few weeks ago I attended the Gartner Security and Risk Summit in Washington, DC, where ALTR was sponsoring and meeting with analysts, customers, and prospects (ALTR is a Gartner client). As usual it was really interesting to see how the overall market is evolving and where the focus is. Here are a few of the major themes that I observed:
Automation as the way to cope with increasing complexity and a persistent labor shortfall. The opening keynote by Gartner focused pretty heavily here. I believe the key stat is that 70% of companies reported that they can’t even digest 60% of their event traffic (from a SIEM or SOAR perspective), meaning they actually aren’t watching parts of their network at all, despite all of the investment in tools. And that just gets worse when you consider that hiring to fill that gap is getting harder to do, not easier.
My take: I am reluctant here – the idea of automation is much simpler than the execution, and I am skeptical of this technology’s ability to close this gap. Today’s automation has very little real predictive ability, and often produces as much work in training and managing false positives as it does in saving work. I think the answer here is to focus what we are monitoring based on risk, not monitor everything and just turn it over to automation.
Identity is the new perimeter. This theme was dominant throughout and focuses on the fact that in today’s cloud-powered and mobile world, the traditional network perimeter has dissolved and been replaced by authentication and access management. It’s notable that user credentials are now far and away the most popular attack vector for bad actors, from credential-stuffing to phishing credentials out of users via email and other avenues.
My take: I agree. I think you must verify, and then re-verify that the person who is accessing resources is in fact who they say they are. Some encouraging statistics are that something simple like multi-factor authentication will stop 97% of credential-based attacks. Of course, even then that 3% is still a really large number in absolute terms, and pretty troubling.
Identity and data will always be your problem. A lot of the conference was about cloud security, and I saw some great sessions about trends in this space. But the thing that I found really compelling was a particular chart that showed how when you go from IaaS to PaaS to SaaS, you shed responsibilities for various parts of the stack . . . but managing identity and data remain your responsibility.
My take: I think this view was compelling because it separates the IT-driven benefits of cloud computing from the risks that holding data can pose, and makes the point that those risks are still there no matter where your application workloads and databases are hosted.
The rise of Data Security Governance. Gartner publishes a model on data security governance that is meant to focus on a risk-based approach to managing data across both security and privacy concerns. The emphasis is not to start with security products, but to consider data more broadly. This framework was present throughout the conference in various sessions.
My take: I think this is absolutely the right approach. Once you authenticate someone it is important to manage what data they have access to globally. However as with most great strategic concepts it has problems when it meets the real world. The “product first” mentality is driven by the fact that data security and governance products are isolated from each other in different quadrants like DLP or CASB tools and in market guides like DCAP, Tokenization, and Data Masking. I sense an opportunity for Gartner to collapse products into a Data Security Governance market that gives organizations more of a connection between the risks and the tools that address them. I believe that some of these tools, and even some of these categories, don’t actually do that much to decrease the risk to data – and Gartner could help clients differentiate the good investments from the not as good.
Jan 10
0
min
Free Data Control and Protection Sounds Great! What’s the Catch?
ALTR Blog
Say you’re in a busy train station, looking for a store that sells water, and you spot someone handing out water for free. If you’re anything like me (read: paranoid), your first instinct is “This is either a charity or it’s a scam” and “Will that water make me sick?” Now imagine if the train station is the internet, and you’re looking for a service provider in the already sensitive space of data privacy. Alarm bells are definitely going off!
This might be caused by instinctual responses we have to the idea of a “free” product or solution. Even if (or especially if!) something seems genuinely disruptive like Amazon’s free delivery or Southwest’s no-fee changes, we could be skeptical. The value to us may seem obvious, but we wonder what’s in it for the vendor. What’s the catch?
So, let’s talk about where those reactions come from and see if they hold true for today’s free business software, especially SaaS solutions.
#1: “A free product must be lower quality”
Simple economics has taught us that the higher priced a product is, the higher quality you should expect from it. This isn’t a hard and fast rule - sometimes we get fooled into paying for a brand or a logo - but it’s why you may not have a problem paying more for premium items, such organic foods or luxury goods. And when you go “cheap”, you generally accept lower quality and the consequences of that. Fast fashion is meant to be replaced yearly, and there’s a reason people celebrate moving on from furniture you put together yourself.
However, software is not the same as consumer goods – the same pricing structure doesn’t apply. With the technologies we have today, Software-as-a-Service (SaaS) companies can build software that solves problems common to multiple companies, then simply serve up that same solution to customer after customer directly from the cloud. They can deliver those benefits to a significant slice of the market without requiring costly customizations, consultant implementation hours or onsite hardware installations. This allows companies built on SaaS from the ground up, with a business model just as streamlined and flexible, to leverage efficiencies of scale to offer powerful software at a much lower cost than legacy on-premises providers. You can’t do that with clothes or furniture. ALTR VP of Product Doug Wick explained very clearly how being built on the cloud from the beginning helps ALTR to deliver our solutions more quickly and for a lower cost than legacy on-premises solutions.
I’d go even further: not only is free software not necessarily lower quality, it actually has to deliver even higher quality than a paid solution in order to retain and grow the customer base. Because there’s no financial commitment by the user, it’s easy to start but just as easy to stop using the product. A free tool quickly exposes any weaknesses, issues or flaws. Users will need a seamless experience that delivers value immediately in order to continue, let alone consider upgrading to a paid version.
#2: “If you’re not paying, you’re the product (especially on the internet)”
This idea has been around a while, but really took off during the Facebook/Cambridge Analytica scandal. Many of us jumped onboard the Facebook train, adding our contacts, sharing our updates, checking in at locations – enjoying the opportunity to use technology to be more closely connected to our far-flung network. But most of us may not have considered what was happening with all that data. It turns out that our data is a commodity. We learned through scandal to be skeptical, and Facebook is far from alone. For example, a popular email cleanup tool turned out to be using the opportunity to collect and sell information on user purchases. In fact, a company co-founder accused users of being “naïve” to think the tool wasn’t “monetizing” their data.
This is especially threatening for IT and security folks whose primary goal is to protect data! We know this feeling, as our founders come from data security in the financial services industry. They created ALTR to solve the problem of data control and privacy across the data ecosystem and built the company on a culture of data security.
When users sign up for ALTR’s free plan, what we’re getting is not your data (we don’t need to store it in order to protect it - it’s as secure as ever) but information about your experience. A free plan allows us to greatly expand our user base and gain more insight into how the software can best solve problems and provide a better experience. Our users become active participants in our product development process, helping make the platform work better for them and future users. It’s a win/win.
#3: “A free product can’t solve enterprise problems”
In the beginning, there was only enterprise software because only enterprises could afford it. It was developed to manage processes across the business, taking on big, complex problems on a massive scale. This came with expensive, years-long development cycles, complicated on-premises implementations by costly consultants, a big contractual commitment and a hefty price tag. The side effect was that even simple business problems could stay unsolved for months or years as the convoluted buying process wound its way along.
Today, business solutions are taking their lead from consumer software: focusing on individual user needs and experiences instead of tackling enterprise-sized challenges out of the gate. Companies like Slack, Zoom, Canva, and even Google offer low-cost or free versions of their software for messaging, design, or content development. This allows individual users at large enterprises to test-drive solutions to solve a specific thorny issue, making overall processes more efficient.
Instead of needing buy-in from an endless number of executives and months-long contract negotiations followed by months- or years-long implementations, the users who will actually be using the software can simply sign up and try it. Once they understand intuitively how it works and determine if it will solve the problem, they can share with others throughout the organization for their review. If it gets traction, it’s much easier to upgrade to an enterprise-level subscription for additional features or support or to take on larger challenges across the business. This is buying from the ground up instead of the top down.
ALTR’s free plan, for example, lets governance and data teams identify sensitive data in Snowflake, see who’s using it, and put basic access controls in place. It allows companies with a smaller need to address it immediately and users at larger orgs get a taste of how the solution would scale across all their data. A clear upgrade path makes it easy to grow as needed.
Fact: “Free” can deliver more value than you might expect
So, while low cost or free may seem suspicious when it comes to clothes or furniture (or bottles of water!), software is a different beast. Technology advances have disrupted the way software is developed and the usefulness it can deliver to business users for low or even no investment. For those who associate free products with a drop in value or quality, it’s time to reconsider our general impulses around pricing to ensure you're not missing out on the real opportunity.
Apr 18
0
min
Defending Data: Q&A With Security Expert Fred Burton
ALTR Blog
We recently sat down with Fred Burton, a member of ALTR’s board of advisors, to hear his perspective on the landscape of threats to enterprise data security and integrity. Burton heads the global security practice of Stratfor. Before Stratfor, he was a counterterrorism agent for the U.S. State Department and leader of many high profile international investigations. He is an author whose four books include the best-selling “GHOST: Confessions of a Counterrorism Agent.”
ALTR: Your career in security has spanned the era of punch cards and rotary phones, the days of the first microcomputers, and now you have moved on to security in the age of cloud computing, AI and big data. How has protection of data moved from the periphery to the center of your field of vision?
BURTON: Well, the first line of concern has always been the insider threat. And that threat has been transformed by an order of magnitude through the transformation of information storage from paper and filing cabinets to servers and the cloud. In the government space in particular, we had plenty of insider threats in the 1950s, 1960s and 1970s, but there were limits to how many 201 files as we called them (source and personnel files) that you could walk out with in a briefcase or what you could photograph with a tiny Minox camera. Now even the ease of theft enabled by a memory stick is growing old as thievery is conducted from across the globe with stolen goods finding a ready market on the dark web. In today’s digital economy, the bad guys don’t even need to get out of their pajamas anymore.
ALTR: When you think about what we call insider threats, how do you see the interplay of internal threats conducted by truly bad actors vs. those that result from carelessness or ignorance, the classic problem of the 123321 password, for example?
BURTON: Actually, I think of it not in terms of the interplay of two categories of insider threat but three categories. For starters, you’ve got the need for digital solutions, be those at the heart of the data ecosystem as with ALTR or older solutions focused on the network or network endpoints.
The second category is what I call situational awareness. This is the training, the enforcement of internal security policies, the general commitment to security hygiene if you will. There’s a role of growing importance for HR to play in every enterprise. The last category that could use some more attention is the threat of intellectual property that can leak out of the C-suite if not protected by NDAs, policies for talent retention and ethics standards. Everybody’s chasing top talent these days and your most talented are usually reservoirs of knowledge about data if not data itself. This is where legal departments really need to step up their game.
ALTR: How are enterprises doing today? What’s working, what’s not?
BURTON: Well, cyber and data security is on the minds of just about every executive I talk to, from medium-sized domestic firms to global multinationals. And everyone is looking for a quick magic potion, a simplistic, brass ring of a solution that can be put on autopilot and spit out the next Edward Snowden before he’s done anything. What I think is more realistic and useful are security concepts that reduce and mitigate risks and those that quickly stem the bleeding when injury occurs. We need to think in terms of cocktail solutions and less about silver bullets.
ALTR: What do enterprises need to change to prevent future breaches?
BURTON: This follows really on my points about managing three categories of threats and the elusive hunt for magic potions. Enterprises need to be thinking broadly, not narrowly. But when it comes to action, it’s a similar kind of comprehensiveness in the solution architecture that is one of the things that appealed to me about ALTR’s technology from the first day I saw it. It’s not just about fire alarms to alert you to the conflagration – though you need those too. It’s about the smoke alarms that alert you before the fire actually erupts in flames and before the damage can spread. As a former investigator, you can well imagine that ALTR’s quick sand as I call it, the picture of digital truth that immutability records virtually all behavior in the interaction of personnel with data, is a very powerful and valuable tool. It’s this immutability enabled by blockchain that I believe is really critical to secure the future of the data economy.
ALTR: When it comes to data security, what keeps you up at night?
BURTON: I worry a great deal about systemic threats, the risks to the ecosystem of distinct businesses. It relates to our discussion of the transformation in a very short time from a world of filing cabinets to a world of cloud-based information measured in terabytes of data. And if enterprises need to spot the smoke before the fire, then business ecosystems need to spot the brush fire before it engulfs the entire forest. It’s not enough, sadly, for any enterprise to have its own house in order. If data integration along the supply chain is not protected, if vendors are breached or sales partners are careless, the result can be domino effects. From banking to hospitals to power grids, the potential of the domino effect is real and growing. And the fastest growing dimension of the overall threat matrix is, of course, the Internet of Things, IoT, that will be woven into the fabric of every enterprise. This is just one element of this that really does keep me up at night. It’s not a figure of speech.
ALTR: What’s your advice to security leaders out there?
BURTON: Think holistically. That’s the key in my view. A holistic approach to security, of course, needs to include the old school elements: hiring practices, an eye on personnel issues that may lead to desperation and carefully written contracts and NDAs. But far beyond that, the technology we use to confront threats to data, particularly insider threats, needs to be comprehensive and holistic. We need technology that protects data from being breached. But just building bigger walls and moats around the castle, which is where a great deal of thinking is stuck today, is not enough. To carry the analogy, we also need to know what’s going on inside the castle. We need deft use of technology that allows real time monitoring of data access, use and consumption. This is critical not only to enforcing policy on data, but also to establish policy. And lastly, as I mentioned, we need tools that yield a mitigation roadmap, a picture of digital truth, if and when a breach is attempted. This is the cocktail approach we need to embrace. Without this new tool set and attitude, risk mitigation and management is akin to a surgeon practicing without the benefit of X-rays.
Sep 1
0
min
ALTR's First Six Months Providing Cloud-Native Data Governance and Security on Snowflake
ALTR Blog
It’s been a little more than six months since we announced our direct cloud integration with Snowflake, and during that time the cloud data platform environment has only continued to heat up. In June, Snowflake's third annual user conference brought a focus on Global Data Governance as one of the platform’s five key pillars and with that, new capabilities like anonymized views and PII classification. And the company’s just announced Q2 results reflect its continued importance in the market with 103% year-over-year growth.
In the six months since the release of our integration, ALTR has added new joint customers including HumanN, The Zebra and Welltok. And we’ve utilized Snowflake’s native features like masking policies and external functions to deliver unique solutions to our shared customers.
Tarik Dwiek, Head of Technology Alliances at Snowflake, said,
“ALTR is an innovator in using Snowflake’s extensibility features. By utilizing these features, they’re able to deliver powerful data protection and security natively integrated, allowing our customers to get more value from their Snowflake investment.”
We’ll continue to leverage new native capabilities to tackle crucial data governance and security challenges for our customers as they move to Snowflake.
The Snowflake Security Road So Far:
A Security-First Approach to Re-Platforming Data in the Cloud
Q2's Chief Availability Officer Lou Senko, Snowflake's Head of Cyber Security Strategy Omer Singer, and ALTR CTO James Beecham discuss how innovative organizations like Q2 are taking a security-first approach to migrating from on-premises databases to cloud data warehouses, mitigating risk while maximizing their data strategy.
Do You Know What Your Tableau Users Are Doing in Snowflake?
When companies use a shared service account for Tableau access to Snowflake, it becomes impossible to see and control sensitive data access by individual users. ALTR solves this with some sophisticated development in our platform that requires just a simple change in Tableau to activate. See how Snowflake DBAs can configure and manage one Tableau service account, yet get per user visibility and governance as if every end user had their own account.
Humann Utilizes Data Consumption Intelligence to Better Govern Customer Data
Customer-centric hyper growth company HumanN is focused on creating and delivering superior functional nutrition products for the health and fitness industry. Because customer outreach is a large part of its mission, the company holds a significant amount of customer personally identifiable information (PII) in Snowflake so protecting that data was essential to maintaining compliance and trust. See how ALTR helped with sensitive data discovery, consumption visibility, and purpose-based access control in Snowflake, all less than 40 days.
Plowing Through Data Governance Challenges and Security Risks on the Road to Snowflake
Our Director of Customer Success and Support, Jennifer Owens, works with companies to understand their challenges and help them build a plan to achieve their goals by utilizing the Snowflake + ALTR native solution. Here she shares use cases around securing consolidated enterprise data, enabling compliant PHI sharing, securing highly sensitive data and more.
Moving to the Cloud Doesn't Have to Be Daunting for Small and Mid-size Financial Institutions
Small- and mid-size financial institutions might think moving to the cloud is a huge lift or a big risk, but it doesn’t have to be. ALTR Account Director Paul Franz explains how you can move your enterprise data warehouse to the cloud, easily and safely with Snowflake + ALTR’s “secure cloud data warehouse-in-a-box”.
Snowflake Data Governance Buying Guide
Wherever you are in your Snowflake journey, it’s never too early or too late to think about how to handle sensitive data governance and security. But, it’s not always clear how the options stack up and what you really need. We put together this buying guide to help you understand the differences that really matter and what questions you should be asking as you evaluate your next move.
It’s been an amazing six months, but like a lot of you, we feel like we’re just getting started on our Snowflake journey. And we can’t wait for the next step!
See how ALTR can help ensure your sensitive data is governed and secured in Snowflake: get a demo!
Apr 30
0
min
ALTR Selected as a Finalist for Best of FinXTech Awards
ALTR Blog
We are proud to announce that ALTR has been selected as a finalist for Bank Director’s Best of FinXTech Awards, in the category “Best Solution for Protecting a Bank.” This selection recognizes the power of our data security as a service (DSaaS) platform to protect the sensitive data created, stored, and shared by financial software applications.
Our DSaaS approach to safeguard data embeds governance and at-rest protection natively into applications. That allows application teams to implement security during the development cycle and then hand off the management of governance and protection policies to security and compliance teams, rather than having security added as an afterthought by IT departments. This approach results in better protection from breaches and intrusion for application data.
The highest level of data protection for financial services software
ALTR DSaaS has been adopted by companies in diverse industries. The FinXTech selection particularly cited our work with Q2 eBanking, a multi-billion dollar digital banking solutions company that selected the ALTR platform to create Q2 TrustView. ALTR renders the data used by Q2 TrustView virtually inaccessible to bad actors, providing the highest level of protection for the account holders at the financial institutions that Q2 serves.
Through the Best of FinXTech Awards, Bank Director recognizes the efforts of emerging financial technology solutions that best help a financial institution grow revenues, create efficiencies, or reduce risk. Bank Director, a leading information resource for banking leaders, awards its Best of FinXTech to top-rated financial technology companies in seven different categories. Awards are based on Bank Director’s analysis of each solution’s capabilities, which includes phone interviews with each of the finalists and their banking clients, in-depth case studies on each solution, and the votes of a panel of industry experts.
Mika Moser, President of Bank Director and FinXTech, offered more perspective on ALTR’s selection: “As a trusted resource for U.S. Banks, Bank Director are excited to recognize technology companies, like ALTR, who are driving real growth for financial institutions through new products, increased security, and operational enhancements.”
By delivering DSaaS, ALTR allows developers to embed data monitoring, governance, and at-rest protection natively at the application layer. Supported by private blockchain technology, our platform provides an API and scalable smart database drivers that make it possible to virtually eliminate data access risks, making applications more portable and cost efficient to implement and maintain than traditional applianceware or outdated endpoint security systems.
We are pleased that Bank Director, which connects U.S. bank leaders with technology partners driving innovation, has recognized us with this selection.
Jun 9
0
min
Do You Know What Your Tableau Users Are Doing in Snowflake?
ALTR Blog
When Tableau was founded in 2003, business intelligence (BI) was still in its infancy. It was a critical but specialized skillset utilized by a handful of power users in a company who ran reports and pulled visualizations for the rest of the company. When the quantity of users was small it was doable to install the Tableau desktop client on that limited number of systems, and the relatively small number of users made tracking every user’s access to data feasible.
Since then, the amount of data business creates, stores and utilizes has exploded, along with the value extracted in analysis of that data. Whether it was the insights gained by using a BI tool or just the dazzle of gorgeous charts and dashboards, business professionals have clamored for access to Tableau, drastically increasing the number of users.
In order to scale with this growth, Tableau transitioned to a more modern architecture. Multiple instances of Tableau Desktop are no longer installed on individual desktops but instead one instance of Tableau Online lives on a server – either in the company’s datacenter or on the cloud – that users access via web browser. With no need to install or manage software on each desktop, many thousands of employees from a single company can be set up as users and easily access the tool.
However, just like with any move from a client/server application to a web-based application, there was a tradeoff. With the increase in scalability there came a loss in granularity over who is accessing the data. This leads to the critical question: how to govern individual user access to Snowflake data via Tableau?
The Tableau-Snowflake conundrum
Users still have individual username and password to access Tableau, but the data itself lives in a separate cloud-based database like Snowflake. Tableau admins have at least two options for configuring the tool’s access to Snowflake:
- Create individual Snowflake accounts for each Tableau user: This is the approach recommended by many experts in the data governance realm: Fred Bliss from Aptitive talked about why this is better on The Data Planet. Individual accounts enable visibility and control over specific user access and data usage, but also come with downsides. Set up requires a significant amount of work from DBAs: they have to create and administer two accounts for every user – a Tableau account and a Snowflake account. This becomes quickly unmanageable when you’re talking about 10,000 users. And, having thousands of access points into Snowflake creates an exponential data security risk; every additional account is another that could be compromised.
- Utilize a single Snowflake service account for Tableau: this is the approach many companies take to get started faster. In this scenario, when individuals log into Tableau and request data, there is a single Tableau service account that accesses Snowflake and withdraws the data. This provides simplicity of management, but completely removes the ability to place user-based governance or security on the data. If you can’t see which user is accessing which data, you can’t apply masking on specific columns. You can’t stop credentialed access threats because there’s no way to limit consumption for specific users. It’s just one huge firehose of 10,000 users all appearing to Snowflake as if they’re one person. All of the users share the same permissions which gives any user the power to download all of the data because there’s simply no way to differentiate. This means there’s no audit trail or record of individual data consumption which can lead to serious compliance issues. And, if there is a breach, access would need to be cut off completely. It’s binary – data is either flowing to everybody or data is flowing to nobody. All of this combines to create a huge hole around data security in Tableau.
Ideally, governance and security policies could be configured and managed on the user accounts in Tableau, but that feature isn’t available today. Tableau sees this as a database function. Which brings us full circle back to creating thousands of user accounts in Snowflake in order to govern individual access.
Tableau and Snowflake user-level data access visibility and control with ALTR
We’ve run into several companies facing this same issue and have developed a unique solution: ALTR can employ contextual info provided by Tableau to distinguish users and apply governance policies on the data in Snowflake. With a simple, one-time configuration of a SQL variable in Tableau server, the service account that Tableau uses to connect to Snowflake can send through information on which one of the thousands of Tableau users is making the request and share that information with ALTR. ALTR can then apply governance and security policy on that Tableau user as it would on any other individual Snowflake account.
And that’s it – there are no additional steps required in Tableau, Snowflake or ALTR. If you're an ALTR customer with Snowflake and you use Tableau server or Tableau online, you can get to this specific level of individual user visibility and governance in less than an hour just by making that one small change.
The best of both worlds for Tableau and Snowflake users
Without a way to ensure that sensitive and regulated PII data can be monitored and controlled when accessed by BI tools via bulk service accounts, many companies are forced to exclude that data from their analytics tools, leading to a less than 360 view of the business.
ALTR’s solution delivers the best of both worlds: Snowflake DBAs only have to configure and manage the one Tableau Snowflake service account, yet they get per user visibility and governance as if every end user had their own account. This means they can implement access controls, apply masking policies, and stop credentialed access threats on thousands of end users — allowing continued access to data without putting the data at risk. That means companies can include the sensitive data they need in order to get a full view of the business and extract the most value from their data and Snowflake.
And ALTR is the only data governance and security provider for Snowflake delivering this capability. It’s another example of our drive to build SaaS-based functionality that is quick and easy for our customers to deploy while delivering powerful data control and protection.
Get Tableau Snowflake service account user data governance in the ALTR Free plan: Start now!
Dec 2
0
min
DGIQ Live and In Person!
ALTR Blog
The Data Governance and Information Quality Conference is just around the corner, and we’re hyped for it! Data Governance has screamed to the top of many priority lists this year as companies adopt the controls they need to get value from data while keeping it safe. It makes sense, as multiple US states now have privacy regulation in place, with US federal privacy laws looming as well. We’re crossing a point where governance tools and processes need to be in place before you can appropriately use data, otherwise your company is at risk of not just data breaches, but the new and increasing regulatory fines that come with them. At DGIQ this year, we’re excited to learn more about the governance standards that are firming up, along with the trends we can expect going into 2022. Below are some of the presentations we’re particularly looking forward to.
Aligning Data Strategy with Data Governance
This session is all about how organizations can incorporate data governance into their overall data strategy. We look forward to Donna sharing her insights into how effective data governance can actually increase your organization’s ability to get value from data.
Description: In today’s data-driven enterprise, creating a data strategy can seem more complex than ever. Not only is innovation in technology occurring at a more rapid pace than ever before, but as more business stakeholders become involved with data-centric initiatives, “people-centric” initiatives such as data governance increase in importance as well. This workshop demystifies data governance and data strategy and provides practical steps in creating a robust data strategy that encompasses people, process, and technology to provide concrete and demonstrable business value.
Donna Burbank, Managing Director, Global Data Strategy, Ltd.
Using Data Governance to Help Cure Blood Cancer at Be the Match
Be the Match has a noble goal but has to deal with extremely sensitive information in order to achieve that goal. Any healthcare organization can gain some great insights from this session.
Description: Be the Match has an important job to do, we provide cures for blood cancer. Data is at the heart of our mission, but it’s not always easy to see the role that data governance plays in it. In this presentation, we will review how Be the Match is successfully approaching data governance in a way that keeps our life-saving mission at the forefront of our data governance initiatives, and vice versa.
Heidi Perry, Manager, Data Governance & Services, Be the Match
As a side note: joining the donor registry for Be the Match is simple and easy. We’d love it if you considered doing so.
Analytics-Focused Data Governance
This session discusses the importance of a Data Governance Center of Excellence (COE), and how it can help operationalize DG in your organization. We’re huge fans and look forward to seeing how West Monroe Partners helps their customers implement governance for the long term.
Description: Companies gather data at increasing volume and velocity. Many have realized the need to create a Data and Analytics Center of Excellence. While we recognize there are several key areas of development necessary to achieve this goal, we will focus on key elements to building a successful Data Governance (DG) CoE.
Like any enterprise asset, data needs to be curated with the ideal end state in mind. Standing up a DG CoE early will define organizational needs and reduce downstream challenges. The scope and structure will vary by organization, but the goal is the same: Optimize enterprise data management to maximize value for and empower end-users throughout the organization.
The DG COE should include:
- Organizational Structure and Engagement Model
- Data Governance Maturity Assessment
- Data Security, Privacy, and Compliance (e.g., GDPR, PHI, PII)
- Change Management
- Enterprise Data Management and Measurement
Alice S Huang, Senior Manager, West Monroe Partners
We look forward to seeing you at DGIQ! Be sure to stop by our booth (#18) while you’re there for some fun prizes and giveaways, along with a chance to see some incredible people in person for a change.
Dec 16
0
min
DGIQ 2021: Today’s Data Governance Conversation
ALTR Blog
We had a great time last week at DGIQ in San Diego! Thanks to everyone who stopped by the booth to chat – it was fantastic to see you all in person! We had some thought-provoking conversations, and we heard some similar themes across those discussions. Many people we spoke to were focused on the process and policy-writing part of data governance, others were just starting their governance journey with a data catalogue, and many more were feeling the pressure from the disruption Snowflake is creating as their companies rapidly move data to the cloud.
Although data governance has been around a while, the industry may be more confusing or bewildering or exciting than ever before. With that in mind, we’ve gathered a few resources to address some of the discussions we had:
What does “data governance” even mean today?
While the idea of data governance is not new, how it is defined seems to be shifting as data becomes critical to more companies across every industry. In the past, vendors may have just focused on helping you know about your data: data discovery, data classification and data cataloging. ALTR CEO Dave Sikora has written a couple of posts explaining why just knowing about and cataloguing your data is not enough in today’s regulatory environment. The true end goal has to be keeping sensitive data safe and secure.
- No Matter What You Call It, Data Governance Must Control and Protect Sensitive Data
- Thinking About Data Governance Without Data Security? Think Again!
Is there just one right way to implement data governance?
Many of the people we spoke to seemed to believe that a data governance journey has to be sequential: you start with data cataloguing, then you write policies that define who gets access to the data and how, then you hand that off to your security team to implement the control and enforcement. But the truth is you don’t necessarily have to go in order and maybe you shouldn’t. What if you could easily find and classify sensitive data, place policy-based controls on it AND start to see how it’s used all at the same time, in one tool? What if seeing how data is used gave you surprising insights that affected the policies you place around it? These blog posts from ALTR’s Pete Martin, Doug Wick, and Paul Franz explain why to consider a different approach and how ALTR can help.
- Introducing ALTR's Support for Sensitive Data Classification
- Why “Why?” is the Most Important Question in Governing Data Access
- The Hidden Power of Data Consumption Observability
When should you begin data governance and security?
The fast pace of data movement to the cloud has stirred up all kinds of issues, with data governance and security sometimes treated as an afterthought. Teams may think it’s too soon or they’re just getting started. ALTR CTO James Beecham explains why sooner is actually better to make sure you’re getting the most of your cloud data warehouse. And why it doesn’t have to be time-consuming, complicated, costly or slow down the project – embracing a data control and protection solution from the beginning can actually help teams keep up with the speed of their business.
If you didn’t get a chance to stop by the booth and want to hear more, contact us! We’d love to chat.
Feb 14
0
min
De-Mystifying Data Security
ALTR Blog
When many of us think about data security… Oh wait, many of us don’t think about it until there’s an incident or a breaking news story about a breach of our personal data. But if we do, it’s often a mysterious process, accessible only to large enterprises, hidden even from the rest of the company. The data security team is pictured secluded in a dark corner of the office, setting up and monitoring security controls like something out of the Matrix—with tools just as complicated and incomprehensible.
This might have been acceptable when data was only gathered by the largest companies and safely ensconced inside the perimeter of their gigantic data centers. Data security could be centralized and siloed because data was as well. But with the increase in remote work, digital transformation, and the drive to utilize data across businesses of all sizes, sensitive data is now everywhere. And data security must follow. It must come out of the shadows and become accessible to everyone.
Disempowered data users
While data is a key vulnerability for essentially every company, until recently most companies didn’t want to acknowledge the risk. But now, with a new data breach announcement like the recent Robinhood leak every few weeks, the problem is impossible to ignore. The combination of shadowy data security with the seemingly unending parade of breaches has led to a situation where everyone from users to companies to consumers might feel like it’s impossible to keep data safe.
At the same time, new regulations around data privacy protection keep rolling out. In order to comply with these regulations, companies often run a siloed process where the laws are first interpreted by in-house lawyers or governance teams, then policies are created and handed over to data and/or security teams to implement. End users who actually understand how data needs to be utilized are often left out – rules are imposed from the outside, and enforcement is inscrutable. This can make data users feel cut off from the process of protecting it.
Engaged consumers expect a more transparent process
This disjointed, top-down process is the complete opposite of today’s consumer buying experiences. When evaluating a new product or solution, they don’t want to be told – they want to be shown. They expect the opportunity to try things out for themselves and evaluate experiences through their own perspective.
It only makes sense that the same would hold true for business users looking to protect sensitive data. They should have the opportunity to see for themselves how data security solutions work, and even more than that, they should have input into the data governance and control process. Policies should not just be handed down from above and left to be implemented in a black box.
Unfortunately, the traditional buying process for enterprise software, let alone data security, has not been at all transparent. That was one of the big factors in our decision to release the ALTR free plan.
A collaborative approach to data control and protection
We basically took the traditional software sales model and flipped it on its head. Now, people across the company can try it for themselves: they can implement ALTR on Snowflake for free. They can start to understand how the solution works and also how data is used in their company – what data is accessed and who needs it. Policies can be created collaboratively and organically with input from actual users.
A free version also makes data security available to smaller businesses. Startups and mom and pops know they need business basics like credit card processing and a website, but data security may not be on the “essentials” list. However, even the smallest company now has a mailing list or a loyalty program containing customer PII that should be protected. In fact, it might be even more crucial as the reputational impact of a leak could be even more devastating. We believe data security should be a key component of business culture from the smallest to the largest organizations.
Data governance and security based on insight
Bringing more users into the process means it’s imperative we make the ALTR solution as easy and intuitive as possible. But it also means guiding users who may be new to data security by providing insights into how data is used and how it needs to be protected.
Some users may know exactly what they want to do, but others might be unsure. Either way you can start with just observing: see who is accessing what data, when and how much. You could think of this like an online banking account. Maybe you log in to pay specific bills, but you may also be interested in how you’re spending your money, looking at expenses grouped by category, and building a budget around that. You can find similar, helpful insights around data usage in ALTR.
In our own product, we see that users are most likely to visit our Analytics feature both before and after viewing their data access policies. In fact, since adding the Heatmap and Analytics to the platform we’ve seen many users dive deep into these features with an uptick in how long users spend on these pages. The close relationship between these pages in the user experience is encouraging us to develop ways to help our users adjust their policies based on what they see in Analytics.
Data security for all
We often hear companies say, “security is everyone’s responsibility.” But how could it be when most of us are left out of the process? Data security should be for all. We wouldn’t accept a world where only the largest homes behind security fences with guards at the gates were safe from break-ins. Today, consumers have access not only to effective window and door locks but also internet-connected cameras. They are now aware when a package is delivered or if there’s a porch pirate snooping around. Why wouldn’t we expect the same visibility and security for our private data?
With the right tools in place, everyone can feel in control and prepared to keep data safe.
Get started with ALTR Free right now.
Get the latest from ALTR
Subscribe below to stay up to date with our team, upcoming events, new feature releases, and more.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.