BLOG SPOTLIGHT
Navigating the chaos of data security in the age of GenAI—let’s break down what needs to happen next.
Read more
Popular
Sep 20
0
min
ALTR Welcomes Laura Malins as VP of Product
ALTR continues to strengthen its leadership team, and the latest addition brings a wealth of technical expertise and a fresh perspective to our growing company. We’re thrilled to welcome Laura Malins as the newest member of the ALTR family and VP of Product. With over a decade of experience in data, Laura’s extensive background across industries and technical roles makes her an invaluable asset as we continue to push the boundaries of data security and governance.
From Matillion to ALTR: A Proven Leader in Data Innovation
Laura joins us from Matillion, where she spent the past ten years shaping the future of data transformation. As VP of Product, she ran the Matillion ETL Product and spearheaded the launch of their revolutionary SaaS offering, Data Productivity Cloud. Her ability to understand deeply technical challenges and translate them into user-friendly solutions has earned her recognition as a product leader in the data space.
“I’ve worked with ALTR for a few years now and have always admired the company and the product. Data security platforms are becoming more pertinent than ever, and ALTR’s innovative product is well-positioned to support compliance and security requirements. I’m delighted to join such a strong and ambitious team, and I look forward to taking the product to the next level,” Laura shares.
Laura’s deep technical expertise and user-focused approach will be pivotal in pushing ALTR’s product suite to new heights. Her ability to bridge the gap between complex data challenges and practical, user-friendly solutions aligns seamlessly with our vision of delivering powerful, scalable data access control. With her proven leadership, we anticipate not just product evolution but transformation—bringing enhanced capabilities to our customers while staying ahead of the ever-evolving data security landscape. Laura’s leadership will help us continue empowering businesses to protect their most valuable assets while driving innovation forward.
Sep 19
0
min
Data Security for Generative AI: Where Do We Even Begin?
If you haven’t noticed the wave of Generative AI sweeping across the enterprise hardware and software world, it certainly would have hit you within 5 minutes of attending Big Data London, one of the UK’s leading data, analytics, and AI events. Having attended last year’s show, I can confidently say AI wasn’t nearly as dominant. But now? It’s everywhere, transforming not just this event but countless others. AI has officially taken over!
As a data security focused person, it is exciting and terrifying to see all the buzz. I’m excited because it feels like we’re on the verge of a seismic shift in technology—on par with the rise of the web or the cloud—driven by GenAI. And I get to witness it firsthand! But it is terrifying to see all the applications, solution consultants, database vendors and others selling happy GenAI stories to customers. I could scream into the loud buzz of the show floor, “We have seen this movie before! Don’t let the development of GenAI applications outpace the critical need for data security!” I’m thinking about the rush to web, the rush to mobile, the rush to cloud. All of these previous shifts suffer from the same thing: security is boring and we don’t want to do it. What definitely wasn’t boring was using a groundbreaking mobile app from 1800flowers.com to buy flowers—that was cool! Let’s have more of that! Who cares about security, right? That can wait…
Cyber security, and data security in particular, have had the task of keeping up with the excitement of new applications for decades. The ALTR engineering office is in beautiful Melbourne, FL just a few hours away from Disney. When I see a young mother or father with a concerned look racing after their young child who couldn’t care less that they are about to get run over by a popcorn stand, I think “Application users are the kids, security people are the parent, and GenAI is whichever Disney character the kid can’t wait to hug.” It’s cute, but dangerous. This is what is happening with GenAI and security.
As applications have evolved so has data security. Below is an example of these application evolutions and how security has adapted to cover the new weaknesses of each evolution.
What is Making Generative AI Hard to Secure?
The simple answer is: we don’t fully know. It’s not just that we’re still figuring out how to secure GenAI (spoiler: we haven’t cracked that yet); it’s that we don’t even fully understand how these Large Language Models (LLMs) and GenAI systems truly operate. Even the developers behind these models can’t entirely explain their inner workings. How do you secure something you can’t fully comprehend? The reality is—you can’t.
So, what do we know?
We know two things:
1. Each evolution of applications and data products has been secured by building upon the principles of the previous generation. What has been working well needs to be hardened and expanded.
2. LLMs present two new and very hard problems to solve: data ownership and data access.
Let’s dive into the second part first. To get access to the hardware currently required to train and run LLMs we must use cloud or shared resources. Things like ChatGPT or NVIDA’s DGX cloud. Until these models require less hardware or the hardware magically becomes more available, this truth will hold.
Similar to the early days of the internet, sensitive information was desired to be sent and received on shared internet lines. The internet was great for transmitting public or non-sensitive information, but how could banking and healthcare use public internet lines to send and receive sensitive information? Enter TLS. This is the same problem facing LLMs today.
How can a business (or even a person for that matter) use a public and shared LLM/GenAI system without fear of data exposure? Well, it’s a very challenging. And not a problem that a traditional data security provider can solve. Luckily there are really smart people working on this solution like the folks at Protopia.ai.
So, data ownership is being addressed much like how TLS solved the private-information-flowing-on-public-internet-lines. And that’s a huge step forward. What about data access?
This one is a bit tougher. There are some schools of thought about prompt control and data classification within AI responses. But this feels a lot like CASB all over again, which didn’t exactly hit the mark for SaaS security. In my opinion, until these models can pinpoint exactly where their responses are coming from—essentially, identify the data sets they’ve learned from —and also understand who is asking the questions, we’ll continue to face risks. Only then can we prevent situations where an intern asks questions and gets answers that should only be accessible to the CEO.
Going back to what we know, the first item, we will need to build upon the solid data security foundations that got us to this point in the first place. It has become clear to me that for the next few years, Retrieval-Augmented Generation (RAG) will be how enterprises globally interact with LLMs and GenAI. While this is not a silver bullet, it’s the best shot busineses have to leverage the power of public models while keeping private information safe.
With the adoption of RAG techniques, the core data security pillars that have been bearing the load of a data lake or warehouse to date will need to be braced for extra load.
Data classification and discovery needs to be cheap, fast, and accurate. Businesses must continuously ensure that any information unsuitable for RAG workloads hasn’t slipped into the database from which retrieval occurs. This constant vigilance is crucial to maintaining secure and compliant operations. This is the first step.
The next step is to layer access control and data access monitoring such that the business can easily set the rules for which types of data are allowed to be used by the different models and use cases. Just as service accounts for BI tools need access control, so to do service accounts for the purposes of RAG. On top of these access controls, near-real-time data access logging must be present. As the RAG workloads access the data, these logs are used to inform the business if any access has changed and allows the business to easily comply with internal and external audits proving they are only using approved data sets with public LLMs and GenAI models.
Last step, keep the data secure at rest. The use of LLMs and GenAI will only accelerate the migration of sensitive data into the cloud. These data elements that were once protected on-prem will have to be protected in the cloud as well. But there is a catch. The scale requirements of this data protection will be a new challenge for businesses. You will not be able to point your existing on-prem-based encryption or tokenization solution to a cloud database like Snowflake and expect to get the full value of Snowflake.
When prospects or customers ask me, “What is ALTR’s solution for securing LLMs and GenAI” I used to joke with them and say, “Nothing!” But now I’ve learned the right response, “The same thing we’ve always done to secure your data—just with even more precision and focus for today’s challenges.” The use of LLMs and GenAI is exciting and scary at the same time. One way to reduce the anxiety is to start with a solid foundation of understanding what data you have, how that data is allowed to be used, and whether you prove that the data is safe at rest and in motion.
This does not mean you cannot use ChatGPT. It just means you must realize that you were once that careless child running with arms wide open to Mickey, but now you are the concerned parent. Your teams and company will be eager to dive headfirst into GenAI, but it’s crucial that you can articulate why this journey is complex and how you plan to guide them there safely. It begins with mastering the fundamentals and gradually tackling the tough new challenges that come with this powerful technology.
Sep 9
0
min
ALTR Expands GTM Team with Powerhouse Hires to Lead the Charge in Data Security
ALTR isn’t just keeping pace with the evolving data security landscape—we’re setting the speed limit. As businesses scramble to safeguard their data, ALTR is not just another player in the game; we’re the go-to solution for bulletproof data access control and security. And today, we’re doubling down on that promise with three strategic hires to turbocharge our Go-To-Market (GTM) strategy.
Meet the Heavy Hitters
Christy Baldassarre
Christy Baldassarre joins us as our new Director of Marketing, bringing a formidable blend of strategic vision and execution prowess. With a track record of driving brand growth and market penetration, Christy excels at crafting compelling narratives that resonate with target audiences. She’s a master at turning complex concepts into clear, impactful messaging and knows how to leverage the latest digital marketing tactics to amplify ALTR’s voice.
"I am excited to be on such a great team and to be a part of taking ALTR to the next level. I chose ALTR because of its excellence in Cloud Security and Data Protection. This is a great opportunity to collaborate with such a visionary team and contribute to groundbreaking solutions that not only push boundaries but set new standards of how to keep everyone’s data safe." - Christy
Rick McBride
Rick McBride, our new Demand Gen Manager, brings a deep expertise in go-to-market strategy. With a strong foundation in business development, Rick has honed his skills in identifying opportunities and driving pipeline growth from the ground up. He’s not just about crafting campaigns; Rick knows how to connect with decision-makers and convert interest into action.
“A successful go-to-market strategy thrives on seamless collaboration across various teams, and our GTM group is poised to be the driving force behind it. We're set to champion the Snowflake ecosystem—engaging with customers, Snowflake’s Field Sales team, and partners alike—to fuel strategic growth. By leveraging Snowflake's powerful native capabilities in Security and Governance, we aim to deliver at the speed and scale that Snowflake users expect. We're thrilled to extend this value to every organization that prioritizes and trusts Snowflake for their data management needs!” - Rick
George Policastro
Next, we've got George Policastro as our newest Account Executive. George is a seasoned sales professional with a proven track record of closing complex deals and delivering results. His strengths lie in his ability to deeply understand client needs, build lasting relationships, and strategically navigate the sales process to drive success.
"I’m thrilled to join ALTR and tackle one of the biggest challenges organizations face today: securing their sensitive data while unlocking its full potential to drive business growth." - George
ALTR: Defining the Future of Data Access Control and Security
The world of data security and governance has evolved dramatically from the days of simple perimeter defenses. Now, we’re dealing with sophisticated, multi-layered security strategies that need to keep up with cybercriminals who are more aggressive and resourceful than ever. The core principles—knowing where your data is, who can access it, and ensuring its protection—haven’t changed. However, as data moves to the cloud, the challenge is achieving these goals at an unprecedented scale and speed.
That’s where ALTR excels. We’re not just providing solutions; we’re reimagining what data access control and security can be in a cloud-first world. By cutting through the complexities and inefficiencies of traditional methods, we deliver a streamlined, scalable approach that makes data security both simple and powerful. Our intuitive automated access controls, policy automation, and real-time data observability empower organizations to protect sensitive data at rest, in transit, and in use—effortlessly and at lightning speed. With ALTR, securing your data isn’t just more accessible; it’s smarter, faster, and designed for today’s dynamic cloud environments.
With our latest GTM team expansion, we’re fortifying our foundation to evolve into a cloud data security market leader who’s not just part of the conversation but is driving it.
Sep 3
0
min
Unleashing the Power of FPE: ALTR Key Sharing Meets Snowflake Data Sharing
In a world where data breaches and privacy threats are the norm, safeguarding sensitive information is no longer optional—it's critical. As regulations tighten and privacy concerns soar, our customers are demanding cutting-edge solutions that don't just secure their data but do so with finesse. Enter Format Preserving Encryption (FPE). When paired with ALTR's capability to seamlessly share encryption keys with trusted third parties via platforms like Snowflake's data sharing, FPE becomes a game-changer.
Understanding Format Preserving Encryption (FPE)
Format Preserving Encryption (FPE) is a type of encryption that ensures the encrypted data retains the same format as the original plaintext. For example, if a credit card number is encrypted using FPE, the resulting ciphertext will still appear as a string of digits of the same length. This characteristic makes FPE particularly useful in scenarios where maintaining data format is crucial, such as legacy systems, databases, or applications requiring data in a specific format.
Key Benefits of FPE
Seamless Integration
FPE maintains the data format, allowing easy integration into existing data pipelines without requiring significant changes. This minimizes the impact on business operations and reduces the costs associated with implementing encryption.
Compliance with Regulations
Many regulatory frameworks, such as the GDPR, PCI-DSS, and HIPAA, mandate the protection of sensitive data. FPE helps organizations comply with these regulations by ensuring that data is encrypted to preserve its usability and format, which can sometimes be a requirement in these standards.
Enhanced Data Utility
Unlike traditional encryption methods, FPE allows encrypted data to be used in its existing form for specific operations, such as searches, sorting, and indexing. This ensures organizations can continue to derive value from their data without compromising security.
The Role of Snowflake in Data Sharing
Snowflake is a cloud-based data warehousing platform that allows organizations to store, process, and analyze large volumes of data. One of its differentiating features is data sharing, which enables companies to share live, governed data with other Snowflake accounts in a secure and controlled manner while also shifting the cost of the computing operations of the data over to the share's consumer.
Key Features of Snowflake Data Sharing
Real-Time Data Access
Snowflake's data sharing allows recipients to access shared data in real-time, ensuring they always have the most up-to-date information. This is particularly valuable in scenarios where timely access to data is critical, such as in financial services or healthcare.
Secure Data Exchange
Snowflake's platform is designed with security at its core. Data sharing is governed by robust access controls, ensuring only authorized parties can view or interact with the shared data. This is crucial for maintaining the confidentiality and integrity of sensitive information.
Scalability and Flexibility
Snowflake's architecture allows for easy scalability, enabling organizations to share large volumes of data with multiple parties without compromising performance. Additionally, the platform supports a wide range of data formats and types, making it suitable for diverse use cases.
The Power of Combining FPE with Snowflake’s Key Sharing
When FPE is combined with the ability to share encryption keys via Snowflake's data sharing, it unlocks a new level of security and flexibility for organizations. This combination addresses several critical challenges in data protection and sharing:
Controlled Access to Encrypted Data
By leveraging FPE, organizations can encrypt sensitive data while preserving its format. However, there are scenarios where this encrypted data needs to be shared with trusted third parties, such as partners, auditors, or service providers. Through Snowflake's data sharing and ALTR's FPE Key Sharing, companies can securely share encrypted data along with the corresponding encryption keys. This allows the third party to decrypt the data within the policies that they have defined and use it as needed.
Data Security Across Multiple Environments
In a multi-cloud or hybrid environment, data often needs to be moved between different systems or shared with external entities. Traditional encryption methods can be cumbersome in such scenarios, as they require extensive reconfiguration or critical management efforts. However, with FPE and Snowflake's key sharing, organizations can seamlessly share encrypted data across different environments without compromising security. The encryption keys can be securely shared via Snowflake, ensuring only authorized parties can decrypt and access the data.
Regulatory Compliance and Auditing
Many regulations require organizations to demonstrate that they have implemented appropriate security measures to protect sensitive data. By using FPE, companies can encrypt data that complies with these regulations. At the same time, the ability to share encryption keys through Snowflake ensures that data can be securely shared with auditors or regulators. Additionally, Snowflake's robust logging and auditing capabilities provide a detailed record of who accessed the data and when which is essential for compliance reporting.
Enhanced Collaboration with Partners
In finance, healthcare, and retail industries, collaboration with external partners is often essential. However, sharing sensitive data with these partners presents significant security risks. By combining FPE with ALTR's key sharing, organizations can securely share encrypted data with partners, ensuring that sensitive information is transmitted throughout the data's lifecycle, including across shares. This enables more effective collaboration without compromising data security.
Efficient and Secure Data Processing
Specific data processing tasks, such as data analytics or AI model training, require access to large volumes of data. In scenarios where this data is sensitive, encryption is necessary. However, traditional encryption methods can hinder the efficiency of these tasks due to the need for decryption before processing. With FPE, the data can remain encrypted during processing, while ALTR's key sharing allows the consumer to decrypt data only when absolutely necessary. This ensures that data processing is both secure and efficient.
Use Cases of FPE with ALTR Key Sharing
To better understand the value of combining FPE with ALTR's key sharing, let's explore a few use cases:
Financial Services
In the financial sector, organizations handle a vast amount of sensitive data, including customer information, transaction details, and credit card numbers. FPE can encrypt this data while preserving its format, ensuring it can still be used in legacy systems and applications. Through Snowflake's data sharing, financial institutions can securely share encrypted transaction data with external auditors, partners, or regulators, along with the necessary encryption keys. This ensures compliance with regulations while maintaining the security of sensitive information.
Healthcare
Healthcare organizations often need to share patient data with external entities, such as insurance companies or research institutions. FPE can encrypt patient records, ensuring they remain secure while preserving the format required for healthcare applications. Snowflake's data sharing allows healthcare providers to securely share this encrypted data with third parties. At the same time, ALTR enables the sharing of the corresponding encryption keys, enabling them to access and use the data while ensuring compliance with HIPAA and other regulations.
Retail
Retailers often need to share customer data with marketing partners, payment processors, or logistics providers. FPE can be used to encrypt customer information, such as names, addresses, and payment details while maintaining the format required for retail systems. Snowflake's data sharing enables retailers to securely share this encrypted data with their partners; with ALTR, the encryption keys are also shared, ensuring that customer information is always protected.
The Broader Implications for Businesses
The combination of Format Preserving Encryption and ALTR's key-sharing capabilities represents a significant advancement in the field of data security. This approach addresses several critical challenges in data protection and sharing by enabling organizations to securely share encrypted data with trusted third parties.
Strengthening Trust and Collaboration
In an increasingly interconnected world, businesses must collaborate with external partners and share data to remain competitive. However, this collaboration often comes with significant security risks. By leveraging FPE and ALTR's key sharing, organizations can strengthen trust with their partners by ensuring that sensitive data is always protected, even when shared. This leads to more effective and secure collaboration, ultimately driving business success.
Reducing the Risk of Data Breaches
Data breaches, including financial losses, reputational damage, and regulatory penalties, can devastate businesses. Organizations can significantly reduce the risk of data breaches by encrypting sensitive data with FPE and securely sharing it via Snowflake. Even if the data is intercepted, it remains protected, as only authorized parties with the corresponding encryption keys can decrypt it.
Enabling Innovation While Ensuring Security
As organizations continue to innovate and leverage new technologies, such as artificial intelligence and machine learning, the need for secure data sharing will only grow. The combination of FPE and ALTR's key sharing enables businesses to securely share and process data innovatively without compromising security. This ensures that organizations can continue to innovate while protecting their most valuable asset – their data.
Wrapping Up
Integrating Format Preserving Encryption with ALTR's key sharing capabilities offers a powerful solution for organizations seeking to protect sensitive data while enabling secure collaboration and innovation. By preserving the format of encrypted data and allowing for secure key sharing, this approach addresses critical challenges in data protection, regulatory compliance, and data sharing across multiple environments. As businesses navigate the complexities of the digital age, the value of this combined solution will only become more apparent, making it a vital component of any robust data security strategy.
ALTR's Format-preserving Encryption is now available on Snowflake Marketplace.
Browse All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Dec 7
0
min
Data Security Needs to Be as Easy as Putting on a Seatbelt
ALTR Blog
One of the first steps organizations take when preparing to deliver a data governance program is to determine where data governance should be placed in the organization. Or in other words, who should own data governance? Kathy Rondon, Chief Business Strategist, R2C, makes a compelling case around who’s responsible for data governance: everyone.
She explained that data will go through stages throughout its lifecycle, starting with Planning, Acquisition/Creation through to Share/Use, and Archive/Dispose. Various roles will touch, modify, and utilize data at each point. The Chief Data Officer (CDO) might be responsible for the overall data lifecycle. At the same time, the Data Owner is responsible for the data produced in their business unit. At the same time, Data Stewards and Data Users might get the most benefit from the information to make their jobs more effective and efficient.
Caring for Data Like Your Child
Kathy explained that you can think of this as caring for your child. At various points in a child’s life, there are different caretakers: parents, babysitters, schools, and friends. And each environment might require different protection: a babysitter may need to make sure the child is buckled in for a car ride, and friends may need to watch out for cars when playing outside. Most children don’t have a security guard following them around 24 hours a day, ensuring they’re always safe.
Data governance is the same: it’s not one person’s job; it’s everyone’s. But unfortunately, that can sometimes mean it’s no one’s. Because it doesn’t live with one specific role, data governance can end up as an “orphan,” like a child whose babysitter thinks the parent is picking them up from school that day and parents who feel the babysitter is handling it.
Secure Your Slice of the Data Lifecycle
This is similar to something we’ve talked about for a while: Whose Job Is Data Security, Anyway? Like Doug said in his blog, “When responsibility is distributed across various functions, you can end up with an ambiguous, inefficient mess — and serious security gaps.”
To ensure a child is safe, safety needs to be accessible and achievable for everyone responsible: a seatbelt needs to be easily buckled, and all the kids need to look out for cars when playing in the street. Each role must be able to deal with the risks that crop up in their stage.
When it comes to using data security to enforce data governance policies, we need easy tools for everyone to use, buy, spin up, or manage. That’s the point of ALTR’s platform: we simplify data security for everyone in the data lifecycle.
With a SaaS-based, no-code, automated solution, whether you’re a CDO or a Data User, you can purchase and use data security for the section of the data you’re responsible for. You can get what you need to fit your role’s security needs and the outcomes required by your function: Data Owners might care about the analytics and the reporting, while the Data Stewards may need to ensure that the actual policies and locks are correct.
Data Security for Everyone
When it’s nobody’s job, securing your slice of the data must be easy. It can’t be cumbersome, it can’t be expensive, and it can’t be slow. Data security has to be as easy as putting on a seat belt.
May 7
0
min
Why DSaaS and Cloud Data Warehouses Go Hand in Hand
ALTR Blog
Companies have embraced the power and scale of enterprise data warehouses (EDWs) for decades, and rightly so. EDWs centralize a wealth of data so that various corporate functions can access it, track business results, and analyze trends to support better decision making.
Unfortunately, traditional on-premises EDWs come with significant overhead in terms of time, money, and effort. You have to set them up, which is complicated enough, and then you have to dedicate IT staff to keep them running. That team will spend all of its time adding servers and storage, configuring software and hardware, tweaking data and queries to play nicely with each other, and so on.
Benefits of Cloud Data Warehouses
No wonder, then, that organizations are increasingly turning to cloud data warehouses (CDWs). Providers such as Amazon, Google, and Snowflake now make it simple to:
- Store vast quantities of data cheaply, with minimal configuration effort and zero new hardware;
- Migrate and manage data easily, without needing to interact with servers; and
- Scale up or down at will
That last point is the real kicker. With EDWs, any change in scale implies serious effort as new equipment is brought online. By contrast, CDWs handle scaling natively, to the point that users almost never need to think about scaling at all.
Other old headaches from EDWs fall by the wayside, too. For example, by decoupling data management from the process of running queries, CDWs allow users to introduce new data without affecting data-crunching jobs that are already in progress. That opens up a whole new world of convenience and efficiency for both administrators and end users.
The Need for Better Data Governance in Cloud Data Warehouses
Yet even the best CDWs can be made stronger when it comes to managing data access. Companies like Snowflake do offer safeguards when it comes to user permissions and protection for at-rest data so that you can rightly feel comfortable about shipping your data to them.
Ultimately, though, the great value delivered by Snowflake, Amazon Redshift, and other CDWs is high performance at a very attractive price. They’re not in the business of supplying locks on the consumption of data, and because their whole infrastructure is virtualized, it’s not workable to implement traditional measures such as data loss prevention (DLP) or endpoint protection around the data stack.
Regulating initial access to a CDW is easy enough thanks to single sign-on (SSO) providers like Okta. Using one of these tools makes it easy for the organization to authenticate remote users before letting them inside the front gate of the CDW.
After that, however, things get slippery from the standpoint of data governance. Who is accessing which data? How much data at a time? When? From where? These are the open questions that every company using CDWs must address.
How DSaaS Fills the Gaps for Data Governance
In a pinch, you might try to fill these gaps by falling back on older technology. For example, you could technically manage access to your CDW by using a proxy. But that would hamper performance, and you might still be vulnerable to certain types of attacks.
The far better approach is to pair the benefits of your CDW with a query-level solution for data security and governance that works in parallel — one that’s abstracted, elastic, and has no infrastructure. That’s where data security as a service (DSaaS) comes in.
By using a last-mile, client-side approach, DSaaS provides data governance without any appreciable impact on performance. Security is usually the #1 offender when it comes to slowing down applications, including any kind of database. But by distributing security across all of the code, DSaaS gives you the most control, the most visibility, and the most context while also allowing you to harness the full flexibility, speed, and scalability of your CDW.
By putting security and governance within the application itself, DSaaS keeps you from getting siloed into an old security paradigm. Whether you want to move to a new data center, or just grant permissions to an old user who has a new laptop, it’s easy to enforce your pre-existing security and governance policies within the CDW. By using DSaaS, you’re able to:
- Govern each user so that they access only the types of data they should
- Track and log what each user does, for both security and compliance purposes
- Implement rules to govern the flow of data, by type of data and by role
- Isolate and block bad traffic, including excessive data volumes, down to the level of an individual user
You’ve already given yourself the ultimate flexibility in terms of growth, storage, and computing power by using a CDW. Don’t limit that flexibility and freedom by how you secure access to it, and don’t risk going without data governance in this era of strict data regulations. Take advantage of DSaaS instead. To learn more about DSaaS, check out our latest white paper, Introduction to Data Security as a Service.
Jun 18
0
min
Checks and Balances in your Cloud Data Warehouse Security
ALTR Blog
As companies aggregate more and more data from multiple data sources into cloud data warehouses in order to remove silos and find insights across disparate data, there can be one big stumbling point: data warehouse security.
This is a problem if the data is so sensitive only a few people in the company should have access to it. This is especially a problem if the data is also so important the company can’t utilize the cloud data platform to its full potential to understand the business without it. That means the data has to be in your cloud data platform—but what if your cloud data warehouse admin isn’t one of the few people in the company who should have access to the data? Then you'll have to ensure that your cloud data warehouse security is up to the task.
The risk of admin power in a cloud data warehouse
Cloud data warehouse admins have virtually unlimited control over a company’s instance. They set up security protocols, they set up users and access, they manage the data flows in and out. You might trust your admin, but can you trust that their credentials will never be stolen or misused?
There are a couple of ways that someone with admin credentials could get access to sensitive data without non-admins being aware:
Scenario 1:
Assume the role of a person who should have access to the data such as a CFO. Because they have the power in the platform to set up and modify user accounts, they could impersonate someone with permission to access the data.
Scenario 2:
Disable platform governance and security controls – views, masking policies and user-defined functions - and access the data directly.
Cloud data warehouse security, visibility and control outside the platform
SaaS-based ALTR acts like a neutral third party, providing consumption visibility and data protection that’s natively integrated into to the cloud data platform yet outside the control of the platform admin. This separation of duties is what makes ALTR’'s platform so powerful when it comes to improving data warehouse security of sensitive data in platforms like Snowflake.
While there’s no foolproof way to stop the admin or someone with their credentials from attempting to access the data, ALTR’s unique combination of data rate limiting and data access visibility can reduce the impact and risk of the two scenarios.
ALTR makes it impossible to access the data without key people being notified and can limit the amount of data revealed, even to admins:
- Real time alerts: With ALTR, data can be tokenized outside of Snowflake. When the admin (or any user for that matter), tries to access the data, the platform will have to contact ALTR in order to get the de-tokenized data. When this occurs, it can trigger an alert notifying relevant execs or stakeholders at the company. If none of the allowed users accessed the data, they’ll know unauthorized access has occurred within seconds. Examples of alerts can include text message, Slack or Teams notifications, emails, phone calls, SIEM integrations, etc.
- Data consumption limits: ALTR can limit the amount of de-tokenized data delivered to any user, including the admins. While a user might request 10 million records, they may only get back 10,000 or 10 per hour. This can also trigger an alert to relevant stakeholders.
See a walk through of this use case:
Effective data warehouse security: separating duties
Effective data warehouse security requires a combination of features unique to ALTR: Delivering real time alerting and limiting risk to data requires both a SaaS-based tool for tokenization that sits outside the cloud data platform PLUS the ability to implement consumption limits on data requests. A data governance tool alone wouldn't solve the problem. It needs a combined data governance and data security solution unique to ALTR.
ALTR's solution for a separation of duty between operation of data and security of data provides a check on the power of platform admins (and their credentials). The most self-aware cloud data platform admins actually want this kind of outside oversight to ensure the data in their charge is kept secure.
See how ALTR can help you improve your cloud data warehouse security. Request a demo!
Mar 8
0
min
In the Era of Data, Data is the New Endpoint
ALTR Blog
Data-driven is the norm
Just like every company became a technology company in the early 2000s, every company is now becoming a data company. For effective marketing and sales, for operational efficiency, for financial management - companies that win and companies that leverage data to learn are now one and the same.
Data used to be hidden from view, wrapped inside of applications wrapped inside of bespoke IT infrastructure. Now it's in the Cloud, inside of platforms like Snowflake or Amazon Redshift that put it right at the fingertips of anyone in your company. Massively scalable, cost effective, supported by thousands of ecosystem technologies - the opportunity here is incredible.
Also incredible are the new risks to data. When it's right at the fingertips of everyone in your company, it's more easy for it to be improperly shared or stolen than ever.
How do you get control over your data?
Do you focus on the infrastructure? Well, it's not yours anymore so while you can and should configure security over your cloud infrastructure correctly, you will never truly control it.
Do you focus on the people? Identity or attributes of identity work well in small numbers but get incredibly complex at any level of scale, and identities get compromised all of the time.
The answer
Don't treat the firewall or the login screen as the endpoint; treat the data as the endpoint.
This approach starts with partners like OneTrust, BigID, and others that help you understand your data and get a handle on how it should be made private and secure in order to comply with an ever-more-complex regulatory environment. You need a big brain to look at all of your data across your whole company and document the needed controls to keep your data-driven enterprise safe.
But you also need to be able to act. Your data risk management brain needs muscle to be able to control every place where sensitive data exists in real-time. This isn't just managing simple access to well-defined datasets but also watching consumption levels, with enough sensitivity to detect activity against data that is unusual and indicative of stolen credentials. This is what we are building at ALTR, and the concept of a unified data control plane across your entire organization that treats data as the endpoint is what animates our product strategy.
Right now it's all about the data - the opportunity and the risks. With the right data-first defensive strategy in place to mitigate those risks, the world of opportunity opens up to you.
To learn more, watch our webinar "The Hidden ROI: Taking a Security-First Approach to Modern Data Architectures".
Jun 22
0
min
Data is Vital to the Healthcare Industry and Protecting it is Critical
ALTR Blog
As a parent, I’m always watching out to keep my kids safe – whether it’s keeping an eye on traffic or watching what they eat. Having been in the cybersecurity industry for some time now, it has led me to be even more concerned about how their personal data is used by those who have access to it. As an example, there was one case where my daughter's pediatrician sent me her test results via his personal Gmail account rather than a corporate one or by a more secure method.
Situations like this are less rare than you might think. The healthcare industry is dealing with inside and outside threats to protected health information (PHI) while trying to utilize data to innovate and improve patient care. In 2020 the industry faced the highest average total cost per breach, increasing 10% from the previous year. The industry desperately needs a better solution to protecting its data.
Increased threats to PHI
Ransomware attacks on the healthcare industry increased 60% to 123% in 2020 (depending on the report) with bad actors taking advantage of the disruptions created by the pandemic. These attacks are also increasing in pressure with bad actors not just encrypting data but stealing it as well. This puts increased stress on organizations to pay in order to avoid regulatory consequences for leaked data. Nearly 60% of ransomware attacks that the IBM X-Force responded to in 2020 used what they’re calling a “double extortion strategy” where attackers encrypted, stole and then threatened to expose data if the ransom wasn't paid. Ireland’s nation health service is dealing with this exact issue after hackers broke into the Health Service Executive’s (HSE) IT system in May. The attack not only led to a disruption in services, but personal records of individuals being released online. The same group has targeted at least 16 U.S. health and emergency networks this year.
Data is driving the future of the healthcare and life sciences industry
The increase in threats hasn’t slowed the healthcare industry’s expansion of data sharing and utilization. Data is driving innovation in original medical research, new drug development, improved clinical care, and innovative medical devices. A recent Economist Intelligence Unit survey showed that the healthcare and life sciences industry was most likely to cite data and analytics as a critical factor for success over the next three years. The respondents’ top three priorities were developing new products or services, increasing client satisfaction and experience, and revenue and profit growth. They were also more likely than others to purchase or accept data from both government and non-government agencies. However, the risk of sharing data externally is a top concern with the healthcare industry listing “risk of a leak of confidential information” as number one with 54% of respondents.
A better outcome for PHI data governance and security
This all makes protecting sensitive data more critical than ever. In the past, healthcare organizations may have thought that a full-fledged, time- and resource-intensive Data Loss Prevention (DLP) solution was the only option to truly protect sensitive data. The fact is legacy enterprise DLPs are costly, usually require a long on-premises installation and complex policy rollout, and don’t extend well into the cloud. They tend to put blocks in place that make it more challenging to get important data into the necessary hands. This is less than ideal for an industry that needs to share data to provide the best care and innovate quickly.
Modern cloud-based, no-code solutions like ALTR provide a better alternative by making it easy to automate data access controls, protect data at rest, and respond to threats in real-time. Unlike traditional solutions, ALTR requires no infrastructure to install, maintain or scale, and nothing needs to be placed on the endpoint. And unlike other solutions, ALTR delivers both data governance and data security. Organizations can add data sources, create policy, and respond to potential threats without writing a single line of code. Sensitive data is classified wherever it is, policy enforcement is automated, consumption is visible and controlled, and sensitive data is tokenized to mitigate the risk of exfiltration, while potential threats are handled as they happen. Protection is focused on the data, where it should be.
ALTR customer TULIP is a great example of this use case. The company provides an online platform that allows fertility patients from all over the world to search a proprietary database of nearly 20,000 egg donors to find their perfect match. TULIP turned to ALTR for a data protection service that keeps customer PHI safe and provides a secure audit trail of every request for data.
With a modern data governance and security solution, the healthcare industry can better protect its sensitive information while fully utilizing that data to improve patient outcomes, create better clinical processes, and produce innovative medical treatments and devices that can benefit us all.
See how easy it is to get ALTR up and protecting your data by requesting a demo here.
Aug 11
0
min
Data is the Fuel Powering the 4th Industrial Revolution
ALTR Blog
Whenever there’s a significant change in technology, quality of life improves dramatically. We’ve experienced these changes three times recently with the industrial (1760), technological (1870), and digital (1950) revolutions. These eras drive rapid new innovations and technologies that improve communication and healthcare, reduce poverty levels and the cost of goods, and ultimately make life better for us all. In just the last 150 years, we’ve seen huge improvements in life expectancy (from an average lifespan of 35 years to 80 years), child mortality (from 43% to 4.5%), and global poverty (From 80% to less than 10%).
We’re now in the middle of a fourth industrial revolution: the data revolution. This new age promises to further improve the way we communicate, how we provide healthcare and education, how we take care of the less fortunate, and how businesses build products. Everyone stands to benefit from the use of data for the greater good. We just have some hurdles to get through first.
As the fuel of the 4th industrial revolution, data is valuable, but also risky
We’ve all heard the phrase “data is the new oil”. It signifies that data is being used as fuel to power the economy similar to how oil played such an important role over the last 150 years. Those that don’t use data to its fullest risk being left behind in this new “data age”, and we’ve seen early adopters crop up and dominate with their early use of data at scale - think Facebook and Uber with how effectively they use algorithms in their business models. Unfortunately, there’s a dark side to data as well.
Data, like oil, is valuable but also risky. Just like oil provides fuel to power vehicles, heat buildings, and provide electricity, it also poses significant environmental and business risks when wells and tankers leak into their surroundings. We all recall the events of the Deepwater Horizon oil well and its aftermath, resulting in BP paying over $60 Billion in criminal and civil penalties. BP’s fines set a benchmark that influenced the size of future penalties, with companies like Volkswagen paying $30 Billion for cheating on diesel emission standards.
Data’s value comes in its ability to speed up time to insights so we can make better decisions, faster. It can also enable projects that benefit the public good around the world. However, if done without proper safeguards, we risk reducing the value by leaking private and sensitive information and suffering costly and damaging data breaches. As companies rush to get value from data, we’re seeing a rise in data breaches, associated fines and regulatory penalties. Equifax alone paid more than $550 Million for its 2017 data breach affecting 150 million people, and Amazon is facing the largest ever fine assessed by the EU for a GDPR infraction at $880 million
Industry 4.0 is in the middle of Ratchet, Hatchet, Pivot
According to professor and author Ruth DeFries, technological innovation follows a cyclical pattern dubbed Ratchet, Hatchet, Pivot. When a new technology comes out (Ratchet), society takes advantage of it to rapidly move forward, but not without consequences. Then, the hatchet drops as change is demanded to fix the damage caused by these new problems. Finally, a pivot occurs leading to new innovations and a new period of ratcheting up.
Oil has followed this ratchet, hatchet, pivot model. It led to great advancements, but not without serious environmental problems. The hatchet fell as society demanded companies take responsibility for their actions. Environmental regulations and fines were introduced, leading to safer oil production and investments in alternative sources of power. Now, the pivot is here as mainstream companies and investors move toward environmentally friendly power sources like wind and solar (see Mercedes Benz' recent $45 Billion plan to become an all-electric vehicle provider).
In the fourth industrial revolution, data, too, seems to be following this trend. At first, data gave early adopters an advantage in building their businesses, but not without serious consequences to individual privacy. The hatchet has come down here as well, with new privacy regulations in the EU (GDPR), California (CCPA), and recently Virginia and Colorado. In a recent report on GDPR, regulatory fines had risen 40% year over year to $191.5 Million. These fines will increase until society pivots to implementing controls around data to ensure its privacy and security. Once this pivot is made, society will ratchet up once more as we confidently yet safely get value from data.
Using data to drive the 4th industrial revolution
Data, like oil before it, truly is the fuel driving this next technological revolution. Forward-thinking organizations are using data to make better decisions, faster than ever. However, society is demanding that organizations take steps to safeguard private information. Utilizing data in this new age requires doing so safely, keeping sensitive information protected from privacy and security risks. The alternative is to lock data down completely, limiting its value and positioning your organization on the sidelines as the world moves forward. By implementing proper governance and controls, you can unlock the maximum value from your data while minimizing the risks of regulatory fines and data breaches, allowing your organization to thrive in this new era.
See how you can easily and quickly protect your data to get the most value from it. Get a demo!
Aug 27
0
min
Why Is Data So Hard to Protect?
ALTR Blog
ALTR recently hosted a roundtable with CISOs and IT decision makers to discuss the question “why is data so hard to protect?” This diverse group of participants shared their personal experiences and challenges around keeping data safe with the new struggles remote work brings to the table.
Despite dramatic differences in the attendees’ experience and industry, several common themes emerged around why data is hard to protect:
- It’s difficult to know where all your sensitive data is stored. This is a problem we encounter with nearly all our customers, and because data gets frequently moved around for business reasons, it’s very hard for those who are accountable for its security and privacy to track it.
- The current environment has dramatically increased remote access to data. One attendee managed all of IT for a large public-school system where the security strategy was heavily reliant on locking down data access to the local on-premise network for different schools. Overnight that strategy had to transition to a completely remote access scenario.
- New, innovative (SaaS) software forcing data protection to transition from direct accountability to vendor oversight. Most of our attendees are finding that in order to continue to innovate with technology, they are forced to incorporate cloud services or software that are delivered as a service. As such, they become responsible for how their vendors are handling data and must develop processes and technology to oversee how their data is being protected by others.
So, how do you keep data both safe and accessible to those who need it to do their jobs? And how do organizations address these challenges?
To start, it’s difficult to know where all your sensitive data is stored. A recent Information Age study showed that 82% of companies admit to not knowing where their data is located – even sensitive data like personal addresses and banking details. If an organization doesn’t know where the data is stored, then how can they expect to protect it? The ability to observe your data is an absolute must, not only to protect it but to gain insight around how it’s being consumed in order to create policy and to actually utilize its value to become a more data-driven enterprise.
More recently, companies have had no choice but to move toward a remote work model -- that means the traditional strategy of locking down data access on-premise is no longer an option. More remote access means the risk of credentialed access compromises has increased. Now having observability into who is consuming what data, and real-time control over that consumption, becomes ever more critical.
Do you relate to the same concerns that the participants in our roundtable listed? Are you one of the 70% of organizations that are struggling to adapt to this “new normal” in data security (TechRepublic)? Maybe it’s time to chat.
See how easy it is to get ALTR to protect your data - get a demo!
Sep 8
0
min
No Matter What You Call It, Data Governance Must Control and Protect Sensitive Data
ALTR Blog
In my last blog post I discussed the increase in market attention around the category of “Data Governance”. It was fascinating to see the “Forrester Wave™: Data Governance Solutions, Q3 2021” report come out just a few weeks after that. It’s another proof point that the market segment is attracting more attention than ever before, and we’re thrilled to see ALTR partners Collibra and OneTrust get recognized for their outstanding leadership in the space.
But the report is also evidence that we may not all be talking about the same thing when we say, “Data Governance.” Based on the companies included, the report could have easily been called “Data Intelligence Solutions” instead. All of the companies named in the Forrester Wave really focus on knowing about your data: data discovery, data classification and data cataloging, and many actually refer to themselves as “data intelligence” companies. Data intelligence is a critical first step to using data as well as the first step to data governance. It could even be considered the first generation of data governance technology. But think about the word “govern” – it means rule, control, regulate. It’s about taking action. So, just knowing about the data is simply not enough.
The report points this out when it talks about how companies are maturing their privacy, security, and compliance features in response to growing regulations. Companies in the report are taking different approaches to addressing the need for increased security features. One of the ways they’re tackling this is by partnering with companies, like ALTR, who can help them take the next strides into controlling and protecting data.
Next Generation Data Governance
We could look at this evolution as the next generation of data governance technology or Data Governance Gen 2. This means moving beyond just knowing about the data into controlling and protecting it. It includes functions like data masking, data consumption controls and data tokenization. Data masking blocks out key information in sensitive data to ensure that only the people who need to see data can and only when they should. Data consumption controls limit the amount of data any individual user can access, at a specific time, based on location to only the amount needed to do their role or a specific task. This ensures that a bad actor with seemingly authorized access can’t bleed you dry of data. And tokenization replaces sensitive data completely with non-valuable placeholder tokens.
All of these policy-based data controls are based on the work done in the data intelligence step – data can’t be governed and protected effectively until you know what data you have and where.
Closing the Gap Between Data Intelligence and Protection
There’s actually a big gap between knowing about your data and taking action to ensure it’s secure. In the past, data might have been de facto protected by safeguards placed on the perimeter by security teams. But since data has moved to the cloud, security teams no longer own or manage the infrastructure where the data resides. Cloud data platforms do. Those platforms employ enterprise class security features and firewalls that protect against traditional attacks, but they can’t know who should have access to what data. Companies are still responsible for managing user access and controlling and protecting their data.
With the data governance and security teams potentially coming at the issue with different architectural approaches and different end goals in mind, this can leave a gap that no one is minding. That makes having a combined data control and protection solution essential.
Don’t Lose Sight of the Goal: Keeping Sensitive Data Safe
Despite the varying definitions and ideas around what data governance is or should be, let’s not lose sight of the goal: keeping sensitive data safe and usable. That’s why global data privacy regulations have been passed. It’s why data governance teams and functions have been created to comply with those regulations. It’s why we created ALTR to help companies combine their data governance and security into one platform that makes it easy to ensure sensitive data is both controlled and protected. In the end, it’s all about safeguarding the data.
See how ALTR can help you safeguard your sensitive data with our combined data governance and security platform. Get a demo today!
Feb 2
0
min
The Data Governance Flywheel
ALTR Blog
Data is one of your company’s most valuable intellectual property assets. Your most sensitive data drives your ability to innovate and create contextually relevant interactions and engagements with your customers, partners, and suppliers. The more you know about them, the more effectively you can serve them and meet their needs. And doing that leads to unprecedented business success.
But we don't believe utilizing this data should force you to live with increased risk. You should be able to allow the appropriate people to have access to relevant data when they need it, without fear of negative repercussions. With ALTR’s industry leading approach to knowing, controlling and protecting your data you can have both: you can leverage data to its full value while reducing risk to near zero.
Truly know your data
Many data governance solutions focus just on creating intelligence around data itself by discovering, classifying, and cataloging sensitive data. This provides a necessary foundation but leaves a significant gap in “knowing your data.” How can you really know your data if you don’t know what your data is doing?
ALTR’s unique data consumption intelligence technology delivers rich reporting on data usage that allows you to observe and understand how data is consumed throughout the normal course of business – who’s accessing data, when and how much. You can see how different roles and different users touch different types of data over weeks and months via ALTR’s exclusive heatmap for data consumption intelligence. You can comprehend which individuals need access daily versus monthly. You can also see how automated services such as marketing programs or analytics platforms need specific data at specific times.
This holistic yet detailed visibility enables a comprehensive understanding of how data flows through the enterprise, so you can map out what represents normal. Without this knowledge, how will you know if a request for a large amount of data at an off hour is a threat or just a standard business process? In the absence of knowing normal, everything looks abnormal. We can help you arrive at that understanding of normal quickly, and from this powerful vantage point, you’ll have the capacity to detect and respond to abnormal requests for data in real-time before they can even execute. Having this baseline understanding positions you to start building refined data access controls.
Custom-fit control of your data
The goal of data access controls should be to limit access to data to only legitimate uses, to prevent misuse or misappropriation, without adding unnecessary friction to business processes. The body of knowledge you gather from seeing how data is used normally allows you to create policies that are not arbitrary, but instead custom fit to how your business actually works. When you know what valid usage looks like, you can put consumption policies in place to control data efficiently without constricting the business.
With ALTR’s platform, you can easily, with no-code required, create granular policies that automatically block access to sensitive data completely, dynamically mask data, or set consumption thresholds based on risk. Our active controls can not only limit access of data to specific users, but also allow preset actions predicated on those controls such as logging the request, sending an alert, or stopping access entirely.
Then these actions themselves become signals that increase your knowledge of data usage. You can see how often a threshold was exceeded, and you can then adjust and tweak your policies based on what you learn. If, for example, you thought a certain role only needed 10,000 rows once a week, but every 4 weeks, they actually need 50,000 for month-end reporting, you can modify your policy to allow that expected activity. You will no longer have to address an anomaly that really isn’t while also removing an impediment to the user. You can also set rate alerts at significant milestones such as 100, 1000, 10,000 and 100,000 records which then allow you to build a distribution curve of the most common access requests to least so you can easily home in on requests that are out of normal.
Over time, these controls also provide a body of knowledge that continues to grow every time an alert is triggered. The insights you gather put you in a better position to protect your data.
More effectively protect your data
At each stage of this system, your understanding of legitimate data usage gets more precise and your controls around data access become more granular. This helps the abnormal requests stand out, shining a light on activities that might indicate a real threat. With ALTR, you can detect and respond to those anomalies in real time, alert your security team to potential threats through your enterprise security SIEM or SOAR, and completely, immediately stop data from being viewed or accessed. And for the most sensitive data, you can preemptively tokenize it to ensure that it’s secure at rest, in use, and in transit.
And again, the signals and alerts you receive when threats arise in this stage help you better understand where dangers exist and optimize your policies around those. This allows you to enable greater freedom of data use where needed but also tighten your data protections where necessary to reduce risk.
A continually optimized data governance and security flywheel
By utilizing ALTR’s unified solution for knowing, controlling, and protecting your data wherever it lives, you can build a self-perpetuating system or flywheel that creates a feedback loop, relaying relevant insights so you can continually refine policies and optimize efficacy at each stage. The more you know about how data is being used, the better you can control it. And the better you control data, the better you can protect it across the enterprise.
With ALTR, you can maximize the full value of your data while continually minimizing the risk.
Jul 22
0
min
Overcoming Data Governance Challenges and Security Risks on the Road to Snowflake
ALTR Blog
Since ALTR announced the general availability of our direct cloud integration with Snowflake in February 2021, we’ve seen growing momentum from Snowflake customers who want deep insight into data consumption with automated data access controls and patented security solutions that protect against even the most privileged security threats.
We've worked with companies to understand their challenges and help them build a plan to achieve their goals by utilizing the Snowflake + ALTR native solution. Here are a few examples of the data governance challenges our customers have faced - hopefully you may see a way to overcoming your own similar obstacles.
Challenge 1: Stop Threats to Consolidated Enterprise Data in Snowflake
We are working with a large financial enterprise consolidating data from multiple on-prem and cloud-based software systems (Workday, Salesforce, internal data warehouses) into Snowflake’s Data Cloud. The company felt their data was safer when spread across different systems which required access to multiple accounts to compromise. Now that they were consolidating data in Snowflake, the risk to data was elevated with a single compromised credential having the potential to open the door to all their data.
ALTR Solution: In order to maintain their security in the cloud, the company combined ALTR with Snowflake from day one. ALTR provided discovery and classification of sensitive data during merging, delivered access logs to the company’s SIEM for consumption analysis, and implemented governance policy to limit which roles can see data.
Outcomes: With ALTR governance and security included from the outset, the company can be sure that its consolidated data is as protected in the cloud as it was on-prem and that protection can scale with the company’s use of Snowflake to new users and use cases.
Challenge 2: Enable Compliant PHI Data Sharing Quickly and Easily in Snowflake
This healthcare data aggregator, analyzer and retailer with sensitive PHI on most Americans wanted to transition data to Snowflake to make sharing and distribution easier. But before doing that it needed to translate its high-end on-prem security posture to the cloud to comply with regulatory requirements. This included finding, classifying and controlling all the company’s sensitive data prior to migration. With a busy DBA team at the company, there was just no bandwidth to take that on.
ALTR Solution: ALTR showed the company how quick and easy it can be to understand where the data is and put policy on it, without code. In fact, it could be done in just a couple of half-hour sessions and the solution could be up and running within a week—providing real-time alerts and consolidated access logs to Splunk for analysis.
Outcomes: Discovery and classification reports will support audit and compliance requirements as data moves into Snowflake. The security team can effectively understand consumption of data and place policy over access including masking. Because of the low effort required by the DBA team and the fast implementation, the company gets a rapid time to value.
Challenge 3: Protect Highly Sensitive Financial Data from Privileged Access in Snowflake
A $200M+ logistics company worked with ALTR’s partner Aptitive to move data to and process it in Snowflake. However, their highly sensitive financial data required extra security and attention. It had to be added to Snowflake in order to provide a full picture to the business, but the company’s Snowflake DBA wanted to assure company leadership the data would be safe from credentialed access threats, including himself!
ALTR Solution: ALTR provides a solution that creates visibility around data access via tokenization combined with access reporting, real time messaging alerts, column governance, and thresholds for an air-tight way to store and use sensitive data in Snowflake.
Outcomes: With the ALTR solution, if sensitive data is accessed by someone outside of authorized users, the company leadership is notified and can take actions against any insider or credentialed access threats. This opens the door for more sensitive data into Snowflake, allowing the company to extract insights and value from all its data.
Challenge 4: Govern Tableau User Access and Security in Snowflake
A large data service powered by a Snowflake database required many layers of security including an in-house encryption engine. However, tens of thousands of end users sharing a single Tableau connection prevented any governance or security on individual user access.
ALTR Solution: Integrate ALTR’s data consumption governance with the company’s encryption to control which users can decrypt data. Provide per user visibility and governance through the shared Tableau connection. Integrate access logs into Splunk to provide security teams real-time visibility into access. Implement data consumption thresholds to prevent credential access threats.
Outcomes: The company can safely provide access to data through Tableau without fear of credential access threats. Continue to close security gaps by rolling out at-rest-protection to ensure data does not get exposed.
Overcoming your Snowflake data governance and security challenges
Do any of these situations or roadblocks sound familiar to you? Is your company running into any governance or security challenges like these? We’d love to discuss how ALTR can help you overcome them and continue your journey to data insight on Snowflake.
May 27
0
min
The Shifting Lines Between Data Governance and Data Security
ALTR Blog
One of the greatest things about working in product marketing is the ability to study the market you live in and the industry around it, and identify not just the trends affecting us today, but where things are heading.
In ALTR’s case, we straddle the environment between data governance and data security, an area that until recently has had some pretty distinct lines. Over the past year, we’ve seen a shifting of these lines that is giving us some important data about the way organizations are evolving their data management practices, especially around data governance and data security.
Historically, data governance has been mainly about policy: defining what data an organization needs to protect, how it should do it, who should have access to it, and more. Data security on the other hand has been about enforcement: controlling access to data; detecting, responding to and investigating potential threats; and preventing data breaches. The line here is pretty clear, but it gets a bit less clear when you dive into how you go from creating policy to actually enforcing that policy.
To go from policy creation to implementation (and then enforcement), governance, compliance, and even security teams have needed to pass the baton to other departments, oftentimes to data engineers as they are closest to the data and can implement controls. These teams then had to translate policy, apply it, maintain it, prove their controls were working on a regular basis, and revisit this whole process when new data sources were added into the mix.
The ugly gaps
When you step back to look at it, this process has a lot of gaps. To start off, no one person or team can do the job. Instead, it requires communication around what needs to be done (a problem that could use its own article), handoffs between departments, follow ups to ensure tasks have been completed, and audits after the fact to address the ever-present risks of human error. In larger organizations, you can imagine the sheer amount of time this absorbs.
To top this all off, there’s still the problem of threat detection and prevention. Organizations are trying to solve a seemingly simple problem today: controlling access to sensitive data at scale. However, the risks of granting unimpeded access to data are larger than ever. With new and changing privacy regulations like CCPA, you can now be fined thousands of dollars per record in the event of a data breach. In an organization with hundreds of millions of records or more, that number gets career-ending pretty quickly. Going forward, you need to control not just who can access what data. You also need to take context into account for each request, asking questions like “Why do you need it?”, “How much do you need?”, and the operational question of “How can I make this easy?”
A logical path toward simplifying data governance
The rise of governance platforms like OneTrust, Collibra, BigID, and Alation has made it easier to understand data and create governance policy. Unfortunately, a gap still exists in translating that policy into action.
In our conversations, we see forward-thinking organizations walking the logical path toward simplifying their data governance program by automating away the steps between policy creation and implementation. This would not only make managing their governance program easier, it would save time, money, and effort by removing manual steps and the reliance on multiple departments to implement and maintain policy. Bonus points if you can unify governance and security in a single platform by being able to detect and respond to threats as well.
The good news is that ALTR has built that single platform. ALTR’s tool automatically implements and enforces policy to control access to sensitive data while detecting and responding to potential threats. By integrating ALTR with your organization’s existing governance and security tools, you can automate away the creation/implementation gap.
I think you see where this is going, but how does it impact the relationship between data governance and data security? Well, if governance policies can be automatically applied, including who should have access to data, who owns access control?
Automated policy enforcement means everyone wins
Data governance and data security are tightly intertwined. One creates policy, the other enforces that policy, and there’s a gray implementation area in the middle where things have traditionally been blurry—where multiple departments had to work together in a painful, manual process. With automation, we see data governance taking ownership of the implementation role, subsequently moving access control into the governance realm, and helping clear up this complicated process. With this change, the focus of data security can move to actively monitoring for and responding to threats.
With this small shift, a huge opportunity opens up. By automating away the implementation process, everyone wins: data engineers save time, data access becomes simplified, multiple tasks prone to human error are eliminated, audits are easier to perform, and you can just plain move faster.
Automated governance policy. Unified governance and security. Open access policies so data consumers have access to the data they need while you stay confident in its privacy, security, and risk. This is exactly what needs to happen for companies to succeed in the years to come. It’s also exactly what we’re here for.
Interested in how ALTR can help simplify your data governance program through automation? Request a demo here.
Jan 25
0
min
Celebrating our Data Heroes: Data Wizards, Data Watchers and Data Warriors
ALTR Blog
Everyone who manages data today is a hero to their organization. They’re on the leading edge of the company: pulling the data streams together, ensuring the quality is high, and enabling the rest of the business to utilize data for insights and value. When we talk about “data-driven” companies, data scientists, database administrators, data analysts, governance, compliance, and security team are the drivers.
Because of this, they’re also on the leading edge of ensuring that sensitive and private data is safe and secure from prying eyes, wherever it is.
So, in honor of Data Privacy Week and international Data Privacy Day on Friday January 28, 2022, we wanted to celebrate what they do. See how they save the day, every day…
Data Wizards
Data scientists, data analysts, database administrators – these are your Data Wizards. What they do with data can look like magic to the untrained eye. But even magic isn’t always safe, especially when it comes to moving sensitive data to the cloud. See the trouble they face and how they lift the spell in… “The Data Wizard and the Curse of the Sensitive Data.”
Data Watchers
Someone has to make sure the organization is complying with data privacy regulations and only the necessary folks have access to sensitive data. Those doing the work of data governance and compliance are your Data Watchers. As more and more people throughout the company understand the value data can deliver, it gets harder and harder to guard the gate. See how they overcome this challenge in… “The Data Watcher and the Invasion of the Data Snatchers.”
Data Warriors
As data makes its way throughout the organization and the IT ecosystem – both in company-owned datacenters and in the public cloud – sensitive data is a rich target for thieves, hackers, and bad actors. Your Data Warriors keep the bandits at bay. And if someone sneaks through, they can rely on ALTR to help. See how they secure sensitive data, no matter where it is, in… “The Data Warrior and the Battle of the Data Road.”
Get the latest from ALTR
Subscribe below to stay up to date with our team, upcoming events, new feature releases, and more.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.