ALTR Blog

The latest trends and best practices related to data governance, protection, and privacy.
BLOG SPOTLIGHT

Format-Preserving Encryption: A Deep Dive into FF3-1 Encryption Algorithm

ALTR’s Format-Preserving Encryption, powered by FF3-1 algorithm and ALTR’s trusted policies, offers a comprehensive solution for securing sensitive data.
Format-Preserving Encryption: A Deep Dive into FF3-1 Encryption Algorithm

Browse All

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

We are proud to announce that ALTR has been selected as a finalist for Bank Director’s Best of FinXTech Awards, in the category “Best Solution for Protecting a Bank.” This selection recognizes the power of our data security as a service (DSaaS) platform to protect the sensitive data created, stored, and shared by financial software applications.

Our DSaaS approach to safeguard data embeds governance and at-rest protection natively into applications. That allows application teams to implement security during the development cycle and then hand off the management of governance and protection policies to security and compliance teams, rather than having security added as an afterthought by IT departments. This approach results in better protection from breaches and intrusion for application data.

The highest level of data protection for financial services software

ALTR DSaaS has been adopted by companies in diverse industries. The FinXTech selection particularly cited our work with Q2 eBanking, a multi-billion dollar digital banking solutions company that selected the ALTR platform to create Q2 TrustView. ALTR renders the data used by Q2 TrustView virtually inaccessible to bad actors, providing the highest level of protection for the account holders at the financial institutions that Q2 serves.

Through the Best of FinXTech Awards, Bank Director recognizes the efforts of emerging financial technology solutions that best help a financial institution grow revenues, create efficiencies, or reduce risk. Bank Director, a leading information resource for banking leaders, awards its Best of FinXTech to top-rated financial technology companies in seven different categories. Awards are based on Bank Director’s analysis of each solution’s capabilities, which includes phone interviews with each of the finalists and their banking clients, in-depth case studies on each solution, and the votes of a panel of industry experts.

Mika Moser, President of Bank Director and FinXTech, offered more perspective on ALTR’s selection: “As a trusted resource for U.S. Banks, Bank Director are excited to recognize technology companies, like ALTR, who are driving real growth for financial institutions through new products, increased security, and operational enhancements.”

By delivering DSaaS, ALTR allows developers to embed data monitoring, governance, and at-rest protection natively at the application layer. Supported by private blockchain technology, our platform provides an API and scalable smart database drivers that make it possible to virtually eliminate data access risks, making applications more portable and cost efficient to implement and maintain than traditional applianceware or outdated endpoint security systems.

We are pleased that Bank Director, which connects U.S. bank leaders with technology partners driving innovation, has recognized us with this selection.


When Tableau was founded in 2003, business intelligence (BI) was still in its infancy. It was a critical but specialized skillset utilized by a handful of power users in a company who ran reports and pulled visualizations for the rest of the company. When the quantity of users was small it was doable to install the Tableau desktop client on that limited number of systems, and the relatively small number of users made tracking every user’s access to data feasible.  

Since then, the amount of data business creates, stores and utilizes has exploded, along with the value extracted in analysis of that data. Whether it was the insights gained by using a BI tool or just the dazzle of gorgeous charts and dashboards, business professionals have clamored for access to Tableau, drastically increasing the number of users.

In order to scale with this growth, Tableau transitioned to a more modern architecture. Multiple instances of Tableau Desktop are no longer installed on individual desktops but instead one instance of Tableau Online lives on a server – either in the company’s datacenter or on the cloud – that users access via web browser. With no need to install or manage software on each desktop, many thousands of employees from a single company can be set up as users and easily access the tool.  

However, just like with any move from a client/server application to a web-based application, there was a tradeoff. With the increase in scalability there came a loss in granularity over who is accessing the data. This leads to the critical question: how to govern individual user access to Snowflake data via Tableau?  

The Tableau-Snowflake conundrum

Users still have individual username and password to access Tableau, but the data itself lives in a separate cloud-based database like Snowflake. Tableau admins have at least two options for configuring the tool’s access to Snowflake:

  1. Create individual Snowflake accounts for each Tableau user: This is the approach recommended by many experts in the data governance realm: Fred Bliss from Aptitive talked about why this is better on The Data Planet. Individual accounts enable visibility and control over specific user access and data usage, but also come with downsides. Set up requires a significant amount of work from DBAs: they have to create and administer two accounts for every user – a Tableau account and a Snowflake account. This becomes quickly unmanageable when you’re talking about 10,000 users. And, having thousands of access points into Snowflake creates an exponential data security risk; every additional account is another that could be compromised.
  1. Utilize a single Snowflake service account for Tableau: this is the approach many companies take to get started faster. In this scenario, when individuals log into Tableau and request data, there is a single Tableau service account that accesses Snowflake and withdraws the data. This provides simplicity of management, but completely removes the ability to place user-based governance or security on the data. If you can’t see which user is accessing which data, you can’t apply masking on specific columns. You can’t stop credentialed access threats because there’s no way to limit consumption for specific users. It’s just one huge firehose of 10,000 users all appearing to Snowflake as if they’re one person. All of the users share the same permissions which gives any user the power to download all of the data because there’s simply no way to differentiate. This means there’s no audit trail or record of individual data consumption which can lead to serious compliance issues. And, if there is a breach, access would need to be cut off completely. It’s binary – data is either flowing to everybody or data is flowing to nobody. All of this combines to create a huge hole around data security in Tableau.
Tableau Snowflake

Ideally, governance and security policies could be configured and managed on the user accounts in Tableau, but that feature isn’t available today. Tableau sees this as a database function. Which brings us full circle back to creating thousands of user accounts in Snowflake in order to govern individual access.  

Tableau and Snowflake user-level data access visibility and control with ALTR

We’ve run into several companies facing this same issue and have developed a unique solution: ALTR can employ contextual info provided by Tableau to distinguish users and apply governance policies on the data in Snowflake. With a simple, one-time configuration of a SQL variable in Tableau server, the service account that Tableau uses to connect to Snowflake can send through information on which one of the thousands of Tableau users is making the request and share that information with ALTR. ALTR can then apply governance and security policy on that Tableau user as it would on any other individual Snowflake account.

Tableau Snowflake

And that’s it – there are no additional steps required in Tableau, Snowflake or ALTR. If you're an ALTR customer with Snowflake and you use Tableau server or Tableau online, you can get to this specific level of individual user visibility and governance in less than an hour just by making that one small change.  

The best of both worlds for Tableau and Snowflake users

Without a way to ensure that sensitive and regulated PII data can be monitored and controlled when accessed by BI tools via bulk service accounts, many companies are forced to exclude that data from their analytics tools, leading to a less than 360 view of the business.

ALTR’s solution delivers the best of both worlds: Snowflake DBAs only have to configure and manage the one Tableau Snowflake service account, yet they get per user visibility and governance as if every end user had their own account. This means they can implement access controls, apply masking policies, and stop credentialed access threats on thousands of end users — allowing continued access to data without putting the data at risk. That means companies can include the sensitive data they need in order to get a full view of the business and extract the most value from their data and Snowflake.

And ALTR is the only data governance and security provider for Snowflake delivering this capability. It’s another example of our drive to build SaaS-based functionality that is quick and easy for our customers to deploy while delivering powerful data control and protection.  

Get Tableau Snowflake service account user data governance in the ALTR Free plan: Start now!

The Data Governance and Information Quality Conference is just around the corner, and we’re hyped for it! Data Governance has screamed to the top of many priority lists this year as companies adopt the controls they need to get value from data while keeping it safe. It makes sense, as multiple US states now have privacy regulation in place, with US federal privacy laws looming as well. We’re crossing a point where governance tools and processes need to be in place before you can appropriately use data, otherwise your company is at risk of not just data breaches, but the new and increasing regulatory fines that come with them. At DGIQ this year, we’re excited to learn more about the governance standards that are firming up, along with the trends we can expect going into 2022. Below are some of the presentations we’re particularly looking forward to.  

Aligning Data Strategy with Data Governance

This session is all about how organizations can incorporate data governance into their overall data strategy. We look forward to Donna sharing her insights into how effective data governance can actually increase your organization’s ability to get value from data.

Description: In today’s data-driven enterprise, creating a data strategy can seem more complex than ever. Not only is innovation in technology occurring at a more rapid pace than ever before, but as more business stakeholders become involved with data-centric initiatives, “people-centric” initiatives such as data governance increase in importance as well. This workshop demystifies data governance and data strategy and provides practical steps in creating a robust data strategy that encompasses people, process, and technology to provide concrete and demonstrable business value.

Donna Burbank, Managing Director, Global Data Strategy, Ltd.

Using Data Governance to Help Cure Blood Cancer at Be the Match

Be the Match has a noble goal but has to deal with extremely sensitive information in order to achieve that goal. Any healthcare organization can gain some great insights from this session.

Description: Be the Match has an important job to do, we provide cures for blood cancer. Data is at the heart of our mission, but it’s not always easy to see the role that data governance plays in it. In this presentation, we will review how Be the Match is successfully approaching data governance in a way that keeps our life-saving mission at the forefront of our data governance initiatives, and vice versa.

Heidi Perry, Manager, Data Governance & Services, Be the Match

As a side note: joining the donor registry for Be the Match is simple and easy. We’d love it if you considered doing so.

Analytics-Focused Data Governance

This session discusses the importance of a Data Governance Center of Excellence (COE), and how it can help operationalize DG in your organization. We’re huge fans and look forward to seeing how West Monroe Partners helps their customers implement governance for the long term.

Description: Companies gather data at increasing volume and velocity. Many have realized the need to create a Data and Analytics Center of Excellence. While we recognize there are several key areas of development necessary to achieve this goal, we will focus on key elements to building a successful Data Governance (DG) CoE.

Like any enterprise asset, data needs to be curated with the ideal end state in mind. Standing up a DG CoE early will define organizational needs and reduce downstream challenges. The scope and structure will vary by organization, but the goal is the same: Optimize enterprise data management to maximize value for and empower end-users throughout the organization.

The DG COE should include:

  • Organizational Structure and Engagement Model
  • Data Governance Maturity Assessment
  • Data Security, Privacy, and Compliance (e.g., GDPR, PHI, PII)
  • Change Management
  • Enterprise Data Management and Measurement

Alice S Huang, Senior Manager, West Monroe Partners

We look forward to seeing you at DGIQ! Be sure to stop by our booth (#18) while you’re there for some fun prizes and giveaways, along with a chance to see some incredible people in person for a change.

We had a great time last week at DGIQ in San Diego! Thanks to everyone who stopped by the booth to chat – it was fantastic to see you all in person! We had some thought-provoking conversations, and we heard some similar themes across those discussions. Many people we spoke to were focused on the process and policy-writing part of data governance, others were just starting their governance journey with a data catalogue, and many more were feeling the pressure from the disruption Snowflake is creating as their companies rapidly move data to the cloud.  

Although data governance has been around a while, the industry may be more confusing or bewildering or exciting than ever before. With that in mind, we’ve gathered a few resources to address some of the discussions we had:  

What does “data governance” even mean today?

While the idea of data governance is not new, how it is defined seems to be shifting as data becomes critical to more companies across every industry. In the past, vendors may have just focused on helping you know about your data: data discovery, data classification and data cataloging. ALTR CEO Dave Sikora has written a couple of posts explaining why just knowing about and cataloguing your data is not enough in today’s regulatory environment. The true end goal has to be keeping sensitive data safe and secure.  

Is there just one right way to implement data governance?

Many of the people we spoke to seemed to believe that a data governance journey has to be sequential: you start with data cataloguing, then you write policies that define who gets access to the data and how, then you hand that off to your security team to implement the control and enforcement. But the truth is you don’t necessarily have to go in order and maybe you shouldn’t. What if you could easily find and classify sensitive data, place policy-based controls on it AND start to see how it’s used all at the same time, in one tool? What if seeing how data is used gave you surprising insights that affected the policies you place around it? These blog posts from ALTR’s Pete Martin, Doug Wick, and Paul Franz explain why to consider a different approach and how ALTR can help.  

When should you begin data governance and security?

The fast pace of data movement to the cloud has stirred up all kinds of issues, with data governance and security sometimes treated as an afterthought. Teams may think it’s too soon or they’re just getting started. ALTR CTO James Beecham explains why sooner is actually better to make sure you’re getting the most of your cloud data warehouse. And why it doesn’t have to be time-consuming, complicated, costly or slow down the project – embracing a data control and protection solution from the beginning can actually help teams keep up with the speed of their business.  

If you didn’t get a chance to stop by the booth and want to hear more, contact us! We’d love to chat.

When many of us think about data security… Oh wait, many of us don’t think about it until there’s an incident or a breaking news story about a breach of our personal data. But if we do, it’s often a mysterious process, accessible only to large enterprises, hidden even from the rest of the company. The data security team is pictured secluded in a dark corner of the office, setting up and monitoring security controls like something out of the Matrix—with tools just as complicated and incomprehensible.  

This might have been acceptable when data was only gathered by the largest companies and safely ensconced inside the perimeter of their gigantic data centers. Data security could be centralized and siloed because data was as well. But with the increase in remote work, digital transformation, and the drive to utilize data across businesses of all sizes, sensitive data is now everywhere. And data security must follow. It must come out of the shadows and become accessible to everyone.  

Disempowered data users

While data is a key vulnerability for essentially every company, until recently most companies didn’t want to acknowledge the risk. But now, with a new data breach announcement like the recent Robinhood leak every few weeks, the problem is impossible to ignore. The combination of shadowy data security with the seemingly unending parade of breaches has led to a situation where everyone from users to companies to consumers might feel like it’s impossible to keep data safe.  

At the same time, new regulations around data privacy protection keep rolling out. In order to comply with these regulations, companies often run a siloed process where the laws are first interpreted by in-house lawyers or governance teams, then policies are created and handed over to data and/or security teams to implement. End users who actually understand how data needs to be utilized are often left out – rules are imposed from the outside, and enforcement is inscrutable. This can make data users feel cut off from the process of protecting it.  

Engaged consumers expect a more transparent process

This disjointed, top-down process is the complete opposite of today’s consumer buying experiences. When evaluating a new product or solution, they don’t want to be told – they want to be shown. They expect the opportunity to try things out for themselves and evaluate experiences through their own perspective.  

It only makes sense that the same would hold true for business users looking to protect sensitive data. They should have the opportunity to see for themselves how data security solutions work, and even more than that, they should have input into the data governance and control process. Policies should not just be handed down from above and left to be implemented in a black box.  

Unfortunately, the traditional buying process for enterprise software, let alone data security, has not been at all transparent. That was one of the big factors in our decision to release the ALTR free plan.  

A collaborative approach to data control and protection

We basically took the traditional software sales model and flipped it on its head. Now, people across the company can try it for themselves: they can implement ALTR on Snowflake for free. They can start to understand how the solution works and also how data is used in their company – what data is accessed and who needs it. Policies can be created collaboratively and organically with input from actual users.  

A free version also makes data security available to smaller businesses. Startups and mom and pops know they need business basics like credit card processing and a website, but data security may not be on the “essentials” list. However, even the smallest company now has a mailing list or a loyalty program containing customer PII that should be protected. In fact, it might be even more crucial as the reputational impact of a leak could be even more devastating. We believe data security should be a key component of business culture from the smallest to the largest organizations.  

Data governance and security based on insight

Bringing more users into the process means it’s imperative we make the ALTR solution as easy and intuitive as possible. But it also means guiding users who may be new to data security by providing insights into how data is used and how it needs to be protected.  

Some users may know exactly what they want to do, but others might be unsure. Either way you can start with just observing: see who is accessing what data, when and how much. You could think of this like an online banking account. Maybe you log in to pay specific bills, but you may also be interested in how you’re spending your money, looking at expenses grouped by category, and building a budget around that. You can find similar, helpful insights around data usage in ALTR.  

In our own product, we see that users are most likely to visit our Analytics feature both before and after viewing their data access policies. In fact, since adding the Heatmap and Analytics to the platform we’ve seen many users dive deep into these features with an uptick in how long users spend on these pages. The close relationship between these pages in the user experience is encouraging us to develop ways to help our users adjust their policies based on what they see in Analytics.  

Data security for all

We often hear companies say, “security is everyone’s responsibility.” But how could it be when most of us are left out of the process? Data security should be for all. We wouldn’t accept a world where only the largest homes behind security fences with guards at the gates were safe from break-ins. Today, consumers have access not only to effective window and door locks but also internet-connected cameras. They are now aware when a package is delivered or if there’s a porch pirate snooping around. Why wouldn’t we expect the same visibility and security for our private data?

With the right tools in place, everyone can feel in control and prepared to keep data safe.

Get started with ALTR Free right now.

One of the first steps organizations take when preparing to deliver a data governance program is to determine where data governance should be placed in the organization. Or in other words, who should own data governance? Kathy Rondon, Chief Business Strategist, R2C, makes a compelling case around who’s responsible for data governance: everyone.  

She explained that data will go through stages throughout its lifecycle, starting with Planning, Acquisition/Creation through to Share/Use, and Archive/Dispose. Various roles will touch, modify, and utilize data at each point. The Chief Data Officer (CDO) might be responsible for the overall data lifecycle. At the same time, the Data Owner is responsible for the data produced in their business unit. At the same time, Data Stewards and Data Users might get the most benefit from the information to make their jobs more effective and efficient.  

Caring for Data Like Your Child

Kathy explained that you can think of this as caring for your child. At various points in a child’s life, there are different caretakers: parents, babysitters, schools, and friends. And each environment might require different protection: a babysitter may need to make sure the child is buckled in for a car ride, and friends may need to watch out for cars when playing outside. Most children don’t have a security guard following them around 24 hours a day, ensuring they’re always safe. 

Data governance is the same: it’s not one person’s job; it’s everyone’s. But unfortunately, that can sometimes mean it’s no one’s. Because it doesn’t live with one specific role, data governance can end up as an “orphan,” like a child whose babysitter thinks the parent is picking them up from school that day and parents who feel the babysitter is handling it.  

Secure Your Slice of the Data Lifecycle

This is similar to something we’ve talked about for a while: Whose Job Is Data Security, Anyway? Like Doug said in his blog, “When responsibility is distributed across various functions, you can end up with an ambiguous, inefficient mess — and serious security gaps.”

To ensure a child is safe, safety needs to be accessible and achievable for everyone responsible: a seatbelt needs to be easily buckled, and all the kids need to look out for cars when playing in the street. Each role must be able to deal with the risks that crop up in their stage.  

When it comes to using data security to enforce data governance policies, we need easy tools for everyone to use, buy, spin up, or manage. That’s the point of ALTR’s platform: we simplify data security for everyone in the data lifecycle.

With a SaaS-based, no-code, automated solution, whether you’re a CDO or a Data User, you can purchase and use data security for the section of the data you’re responsible for. You can get what you need to fit your role’s security needs and the outcomes required by your function: Data Owners might care about the analytics and the reporting, while the Data Stewards may need to ensure that the actual policies and locks are correct.  

Data Security for Everyone

When it’s nobody’s job, securing your slice of the data must be easy. It can’t be cumbersome, it can’t be expensive, and it can’t be slow. Data security has to be as easy as putting on a seat belt.  

Companies have embraced the power and scale of enterprise data warehouses (EDWs) for decades, and rightly so. EDWs centralize a wealth of data so that various corporate functions can access it, track business results, and analyze trends to support better decision making.

Unfortunately, traditional on-premises EDWs come with significant overhead in terms of time, money, and effort. You have to set them up, which is complicated enough, and then you have to dedicate IT staff to keep them running. That team will spend all of its time adding servers and storage, configuring software and hardware, tweaking data and queries to play nicely with each other, and so on.

Benefits of Cloud Data Warehouses

No wonder, then, that organizations are increasingly turning to cloud data warehouses (CDWs). Providers such as Amazon, Google, and Snowflake now make it simple to:

  • Store vast quantities of data cheaply, with minimal configuration effort and zero new hardware;
  • Migrate and manage data easily, without needing to interact with servers; and
  • Scale up or down at will

That last point is the real kicker. With EDWs, any change in scale implies serious effort as new equipment is brought online. By contrast, CDWs handle scaling natively, to the point that users almost never need to think about scaling at all.

Other old headaches from EDWs fall by the wayside, too. For example, by decoupling data management from the process of running queries, CDWs allow users to introduce new data without affecting data-crunching jobs that are already in progress. That opens up a whole new world of convenience and efficiency for both administrators and end users.

The Need for Better Data Governance in Cloud Data Warehouses

Yet even the best CDWs can be made stronger when it comes to managing data access. Companies like Snowflake do offer safeguards when it comes to user permissions and protection for at-rest data so that you can rightly feel comfortable about shipping your data to them.

Ultimately, though, the great value delivered by Snowflake, Amazon Redshift, and other CDWs is high performance at a very attractive price. They’re not in the business of supplying locks on the consumption of data, and because their whole infrastructure is virtualized, it’s not workable to implement traditional measures such as data loss prevention (DLP) or endpoint protection around the data stack.

Regulating initial access to a CDW is easy enough thanks to single sign-on (SSO) providers like Okta. Using one of these tools makes it easy for the organization to authenticate remote users before letting them inside the front gate of the CDW.

After that, however, things get slippery from the standpoint of data governance. Who is accessing which data? How much data at a time? When? From where? These are the open questions that every company using CDWs must address.

How DSaaS Fills the Gaps for Data Governance

In a pinch, you might try to fill these gaps by falling back on older technology. For example, you could technically manage access to your CDW by using a proxy. But that would hamper performance, and you might still be vulnerable to certain types of attacks.

The far better approach is to pair the benefits of your CDW with a query-level solution for data security and governance that works in parallel — one that’s abstracted, elastic, and has no infrastructure. That’s where data security as a service (DSaaS) comes in.

By using a last-mile, client-side approach, DSaaS provides data governance without any appreciable impact on performance. Security is usually the #1 offender when it comes to slowing down applications, including any kind of database. But by distributing security across all of the code, DSaaS gives you the most control, the most visibility, and the most context while also allowing you to harness the full flexibility, speed, and scalability of your CDW.

By putting security and governance within the application itself, DSaaS keeps you from getting siloed into an old security paradigm. Whether you want to move to a new data center, or just grant permissions to an old user who has a new laptop, it’s easy to enforce your pre-existing security and governance policies within the CDW. By using DSaaS, you’re able to:

  • Govern each user so that they access only the types of data they should
  • Track and log what each user does, for both security and compliance purposes
  • Implement rules to govern the flow of data, by type of data and by role
  • Isolate and block bad traffic, including excessive data volumes, down to the level of an individual user

You’ve already given yourself the ultimate flexibility in terms of growth, storage, and computing power by using a CDW. Don’t limit that flexibility and freedom by how you secure access to it, and don’t risk going without data governance in this era of strict data regulations. Take advantage of DSaaS instead. To learn more about DSaaS, check out our latest white paper, Introduction to Data Security as a Service.

As companies aggregate more and more data from multiple data sources into cloud data warehouses in order to remove silos and find insights across disparate data, there can be one big stumbling point: data warehouse security.  

This is a problem if the data is so sensitive only a few people in the company should have access to it. This is especially a problem if the data is also so important the company can’t utilize the cloud data platform to its full potential to understand the business without it. That means the data has to be in your cloud data platform—but what if your cloud data warehouse admin isn’t one of the few people in the company who should have access to the data? Then you'll have to ensure that your cloud data warehouse security is up to the task.

The risk of admin power in a cloud data warehouse

Cloud data warehouse admins have virtually unlimited control over a company’s instance. They set up security protocols, they set up users and access, they manage the data flows in and out. You might trust your admin, but can you trust that their credentials will never be stolen or misused?  

There are a couple of ways that someone with admin credentials could get access to sensitive data without non-admins being aware:  

Scenario 1:

Assume the role of a person who should have access to the data such as a CFO. Because they have the power in the platform to set up and modify user accounts, they could impersonate someone with permission to access the data.  

Scenario 2:  

Disable platform governance and security controls – views, masking policies and user-defined functions - and access the data directly.  

Cloud data warehouse security, visibility and control outside the platform

SaaS-based ALTR acts like a neutral third party, providing consumption visibility and data protection that’s natively integrated into to the cloud data platform yet outside the control of the platform admin. This separation of duties is what makes ALTR’'s platform so powerful when it comes to improving data warehouse security of sensitive data in platforms like Snowflake.

While there’s no foolproof way to stop the admin or someone with their credentials from attempting to access the data, ALTR’s unique combination of data rate limiting and data access visibility can reduce the impact and risk of the two scenarios.

ALTR makes it impossible to access the data without key people being notified and can limit the amount of data revealed, even to admins:  

  1. Real time alerts: With ALTR, data can be tokenized outside of Snowflake. When the admin (or any user for that matter), tries to access the data, the platform will have to contact ALTR in order to get the de-tokenized data. When this occurs, it can trigger an alert notifying relevant execs or stakeholders at the company. If none of the allowed users accessed the data, they’ll know unauthorized access has occurred within seconds. Examples of alerts can include text message, Slack or Teams notifications, emails, phone calls, SIEM integrations, etc.
  1. Data consumption limits: ALTR can limit the amount of de-tokenized data delivered to any user, including the admins. While a user might request 10 million records, they may only get back 10,000 or 10 per hour. This can also trigger an alert to relevant stakeholders.  

See a walk through of this use case: 

Effective data warehouse security: separating duties

Effective data warehouse security requires a combination of features unique to ALTR: Delivering real time alerting and limiting risk to data requires both a SaaS-based tool for tokenization that sits outside the cloud data platform PLUS the ability to implement consumption limits on data requests. A data governance tool alone wouldn't solve the problem. It needs a combined data governance and data security solution unique to ALTR.

ALTR's solution for a separation of duty between operation of data and security of data provides a check on the power of platform admins (and their credentials). The most self-aware cloud data platform admins actually want this kind of outside oversight to ensure the data in their charge is kept secure.

See how ALTR can help you improve your cloud data warehouse security. Request a demo!

Data-driven is the norm

Just like every company became a technology company in the early 2000s, every company is now becoming a data company. For effective marketing and sales, for operational efficiency, for financial management - companies that win and companies that leverage data to learn are now one and the same.

Data used to be hidden from view, wrapped inside of applications wrapped inside of bespoke IT infrastructure. Now it's in the Cloud, inside of platforms like Snowflake or Amazon Redshift that put it right at the fingertips of anyone in your company. Massively scalable, cost effective, supported by thousands of ecosystem technologies - the opportunity here is incredible.

Also incredible are the new risks to data. When it's right at the fingertips of everyone in your company, it's more easy for it to be improperly shared or stolen than ever.

How do you get control over your data?

Do you focus on the infrastructure? Well, it's not yours anymore so while you can and should configure security over your cloud infrastructure correctly, you will never truly control it.

Do you focus on the people? Identity or attributes of identity work well in small numbers but get incredibly complex at any level of scale, and identities get compromised all of the time.

The answer

Don't treat the firewall or the login screen as the endpoint; treat the data as the endpoint.

This approach starts with partners like OneTrust, BigID, and others that help you understand your data and get a handle on how it should be made private and secure in order to comply with an ever-more-complex regulatory environment. You need a big brain to look at all of your data across your whole company and document the needed controls to keep your data-driven enterprise safe.

But you also need to be able to act. Your data risk management brain needs muscle to be able to control every place where sensitive data exists in real-time. This isn't just managing simple access to well-defined datasets but also watching consumption levels, with enough sensitivity to detect activity against data that is unusual and indicative of stolen credentials. This is what we are building at ALTR, and the concept of a unified data control plane across your entire organization that treats data as the endpoint is what animates our product strategy.

Right now it's all about the data - the opportunity and the risks. With the right data-first defensive strategy in place to mitigate those risks, the world of opportunity opens up to you.

To learn more, watch our webinar "The Hidden ROI: Taking a Security-First Approach to Modern Data Architectures".

As a parent, I’m always watching out to keep my kids safe – whether it’s keeping an eye on traffic or watching what they eat. Having been in the cybersecurity industry for some time now, it has led me to be even more concerned about how their personal data is used by those who have access to it. As an example, there was one case where my daughter's pediatrician sent me her test results via his personal Gmail account rather than a corporate one or by a more secure method.

Situations like this are less rare than you might think. The healthcare industry is dealing with inside and outside threats to protected health information (PHI) while trying to utilize data to innovate and improve patient care. In 2020 the industry faced the highest average total cost per breach, increasing 10% from the previous year. The industry desperately needs a better solution to protecting its data.  

Increased threats to PHI

Ransomware attacks on the healthcare industry increased 60% to 123% in 2020 (depending on the report) with bad actors taking advantage of the disruptions created by the pandemic. These attacks are also increasing in pressure with bad actors not just encrypting data but stealing it as well. This puts increased stress on organizations to pay in order to avoid regulatory consequences for leaked data. Nearly 60% of ransomware attacks that the IBM X-Force responded to in 2020 used what they’re calling a “double extortion strategy” where attackers encrypted, stole and then threatened to expose data if the ransom wasn't paid. Ireland’s nation health service is dealing with this exact issue after hackers broke into the Health Service Executive’s (HSE) IT system in May. The attack not only led to a disruption in services, but personal records of individuals being released online. The same group has targeted at least 16 U.S. health and emergency networks this year.  

Encrypt PHI data - steal data - leak data

Data is driving the future of the healthcare and life sciences industry

The increase in threats hasn’t slowed the healthcare industry’s expansion of data sharing and utilization. Data is driving innovation in original medical research, new drug development, improved clinical care, and innovative medical devices. A recent Economist Intelligence Unit survey showed that the healthcare and life sciences industry was most likely to cite data and analytics as a critical factor for success over the next three years. The respondents’ top three priorities were developing new products or services, increasing client satisfaction and experience, and revenue and profit growth. They were also more likely than others to purchase or accept data from both government and non-government agencies. However, the risk of sharing data externally is a top concern with the healthcare industry listing “risk of a leak of confidential information” as number one with 54% of respondents.  

Healthcare sees data and analytics as critical

A better outcome for PHI data governance and security

This all makes protecting sensitive data more critical than ever. In the past, healthcare organizations may have thought that a full-fledged, time- and resource-intensive Data Loss Prevention (DLP) solution was the only option to truly protect sensitive data. The fact is legacy enterprise DLPs are costly, usually require a long on-premises installation and complex policy rollout, and don’t extend well into the cloud. They tend to put blocks in place that make it more challenging to get important data into the necessary hands. This is less than ideal for an industry that needs to share data to provide the best care and innovate quickly.  

Modern cloud-based, no-code solutions like ALTR provide a better alternative by making it easy to automate data access controls, protect data at rest, and respond to threats in real-time. Unlike traditional solutions, ALTR requires no infrastructure to install, maintain or scale, and nothing needs to be placed on the endpoint. And unlike other solutions, ALTR delivers both data governance and data security. Organizations can add data sources, create policy, and respond to potential threats without writing a single line of code. Sensitive data is classified wherever it is, policy enforcement is automated, consumption is visible and controlled, and sensitive data is tokenized to mitigate the risk of exfiltration, while potential threats are handled as they happen. Protection is focused on the data, where it should be.  

ALTR customer TULIP is a great example of this use case. The company provides an online platform that allows fertility patients from all over the world to search a proprietary database of nearly 20,000 egg donors to find their perfect match. TULIP turned to ALTR for a data protection service that keeps customer PHI safe and provides a secure audit trail of every request for data.

With a modern data governance and security solution, the healthcare industry can better protect its sensitive information while fully utilizing that data to improve patient outcomes, create better clinical processes, and produce innovative medical treatments and devices that can benefit us all.  

See how easy it is to get ALTR up and protecting your data by requesting a demo here.

Whenever there’s a significant change in technology, quality of life improves dramatically. We’ve experienced these changes three times recently with the industrial (1760), technological (1870), and digital (1950) revolutions. These eras drive rapid new innovations and technologies that improve communication and healthcare, reduce poverty levels and the cost of goods, and ultimately make life better for us all. In just the last 150 years, we’ve seen huge improvements in life expectancy (from an average lifespan of 35 years to 80 years), child mortality (from 43% to 4.5%), and global poverty (From 80% to less than 10%).  

We’re now in the middle of a fourth industrial revolution: the data revolution. This new age promises to further improve the way we communicate, how we provide healthcare and education, how we take care of the less fortunate, and how businesses build products. Everyone stands to benefit from the use of data for the greater good. We just have some hurdles to get through first.

Data is fueling 4th industrial revolution

As the fuel of the 4th industrial revolution, data is valuable, but also risky

We’ve all heard the phrase “data is the new oil”. It signifies that data is being used as fuel to power the economy similar to how oil played such an important role over the last 150 years. Those that don’t use data to its fullest risk being left behind in this new “data age”, and we’ve seen early adopters crop up and dominate with their early use of data at scale - think Facebook and Uber with how effectively they use algorithms in their business models. Unfortunately, there’s a dark side to data as well.

Data, like oil, is valuable but also risky. Just like oil provides fuel to power vehicles, heat buildings, and provide electricity, it also poses significant environmental and business risks when wells and tankers leak into their surroundings. We all recall the events of the Deepwater Horizon oil well and its aftermath, resulting in BP paying over $60 Billion in criminal and civil penalties. BP’s fines set a benchmark that influenced the size of future penalties, with companies like Volkswagen paying $30 Billion for cheating on diesel emission standards.

Data’s value comes in its ability to speed up time to insights so we can make better decisions, faster. It can also enable projects that benefit the public good around the world. However, if done without proper safeguards, we risk reducing the value by leaking private and sensitive information and suffering costly and damaging data breaches. As companies rush to get value from data, we’re seeing a rise in data breaches, associated fines and regulatory penalties. Equifax alone paid more than $550 Million for its 2017 data breach affecting 150 million people, and Amazon is facing the largest ever fine assessed by the EU for a GDPR infraction at $880 million

Industry 4.0 is in the middle of Ratchet, Hatchet, Pivot

According to professor and author Ruth DeFries, technological innovation follows a cyclical pattern dubbed Ratchet, Hatchet, Pivot. When a new technology comes out (Ratchet), society takes advantage of it to rapidly move forward, but not without consequences. Then, the hatchet drops as change is demanded to fix the damage caused by these new problems. Finally, a pivot occurs leading to new innovations and a new period of ratcheting up.  

Oil has followed this ratchet, hatchet, pivot model. It led to great advancements, but not without serious environmental problems. The hatchet fell as society demanded companies take responsibility for their actions. Environmental regulations and fines were introduced, leading to safer oil production and investments in alternative sources of power. Now, the pivot is here as mainstream companies and investors move toward environmentally friendly power sources like wind and solar (see Mercedes Benz' recent $45 Billion plan to become an all-electric vehicle provider).

In the fourth industrial revolution, data, too, seems to be following this trend. At first, data gave early adopters an advantage in building their businesses, but not without serious consequences to individual privacy. The hatchet has come down here as well, with new privacy regulations in the EU (GDPR), California (CCPA), and recently Virginia and Colorado. In a recent report on GDPR, regulatory fines had risen 40% year over year to $191.5 Million. These fines will increase until society pivots to implementing controls around data to ensure its privacy and security. Once this pivot is made, society will ratchet up once more as we confidently yet safely get value from data.

Using data to drive the 4th industrial revolution

Data, like oil before it, truly is the fuel driving this next technological revolution. Forward-thinking organizations are using data to make better decisions, faster than ever. However, society is demanding that organizations take steps to safeguard private information. Utilizing data in this new age requires doing so safely, keeping sensitive information protected from privacy and security risks. The alternative is to lock data down completely, limiting its value and positioning your organization on the sidelines as the world moves forward. By implementing proper governance and controls, you can unlock the maximum value from your data while minimizing the risks of regulatory fines and data breaches, allowing your organization to thrive in this new era.

See how you can easily and quickly protect your data to get the most value from it. Get a demo!

ALTR recently hosted a roundtable with CISOs and IT decision makers to discuss the question “why is data so hard to protect?” This diverse group of participants shared their personal experiences and challenges around keeping data safe with the new struggles remote work brings to the table.  

Despite dramatic differences in the attendees’ experience and industry, several common themes emerged around why data is hard to protect:

  • It’s difficult to know where all your sensitive data is stored. This is a problem we encounter with nearly all our customers, and because data gets frequently moved around for business reasons, it’s very hard for those who are accountable for its security and privacy to track it.  
  • The current environment has dramatically increased remote access to data. One attendee managed all of IT for a large public-school system where the security strategy was heavily reliant on locking down data access to the local on-premise network for different schools. Overnight that strategy had to transition to a completely remote access scenario.  
  • New, innovative (SaaS) software forcing data protection to transition from direct accountability to vendor oversight.  Most of our attendees are finding that in order to continue to innovate with technology, they are forced to incorporate cloud services or software that are delivered as a service. As such, they become responsible for how their vendors are handling data and must develop processes and technology to oversee how their data is being protected by others.  

So, how do you keep data both safe and accessible to those who need it to do their jobs? And how do organizations address these challenges?

To start, it’s difficult to know where all your sensitive data is stored. A recent Information Age study showed that 82% of companies admit to not knowing where their data is located – even sensitive data like personal addresses and banking details. If an organization doesn’t know where the data is stored, then how can they expect to protect it? The ability to observe your data is an absolute must, not only to protect it but to gain insight around how it’s being consumed in order to create policy and to actually utilize its value to become a more data-driven enterprise.  

More recently, companies have had no choice but to move toward a remote work model -- that means the traditional strategy of locking down data access on-premise is no longer an option. More remote access means the risk of credentialed access compromises has increased. Now having observability into who is consuming what data, and real-time control over that consumption, becomes ever more critical.

Do you relate to the same concerns that the participants in our roundtable listed? Are you one of the 70% of organizations that are struggling to adapt to this “new normal” in data security (TechRepublic)? Maybe it’s time to chat.  

See how easy it is to get ALTR to protect your data - get a demo!

Get the latest from ALTR
Subscribe below to stay up to date with our team, upcoming events, new feature releases, and more.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.