BLOG SPOTLIGHT
Navigating the chaos of data security in the age of GenAI—let’s break down what needs to happen next.
Read more
Popular
Sep 20
0
min
ALTR Welcomes Laura Malins as VP of Product
ALTR continues to strengthen its leadership team, and the latest addition brings a wealth of technical expertise and a fresh perspective to our growing company. We’re thrilled to welcome Laura Malins as the newest member of the ALTR family and VP of Product. With over a decade of experience in data, Laura’s extensive background across industries and technical roles makes her an invaluable asset as we continue to push the boundaries of data security and governance.
From Matillion to ALTR: A Proven Leader in Data Innovation
Laura joins us from Matillion, where she spent the past ten years shaping the future of data transformation. As VP of Product, she ran the Matillion ETL Product and spearheaded the launch of their revolutionary SaaS offering, Data Productivity Cloud. Her ability to understand deeply technical challenges and translate them into user-friendly solutions has earned her recognition as a product leader in the data space.
“I’ve worked with ALTR for a few years now and have always admired the company and the product. Data security platforms are becoming more pertinent than ever, and ALTR’s innovative product is well-positioned to support compliance and security requirements. I’m delighted to join such a strong and ambitious team, and I look forward to taking the product to the next level,” Laura shares.
Laura’s deep technical expertise and user-focused approach will be pivotal in pushing ALTR’s product suite to new heights. Her ability to bridge the gap between complex data challenges and practical, user-friendly solutions aligns seamlessly with our vision of delivering powerful, scalable data access control. With her proven leadership, we anticipate not just product evolution but transformation—bringing enhanced capabilities to our customers while staying ahead of the ever-evolving data security landscape. Laura’s leadership will help us continue empowering businesses to protect their most valuable assets while driving innovation forward.
Sep 19
0
min
Data Security for Generative AI: Where Do We Even Begin?
If you haven’t noticed the wave of Generative AI sweeping across the enterprise hardware and software world, it certainly would have hit you within 5 minutes of attending Big Data London, one of the UK’s leading data, analytics, and AI events. Having attended last year’s show, I can confidently say AI wasn’t nearly as dominant. But now? It’s everywhere, transforming not just this event but countless others. AI has officially taken over!
As a data security focused person, it is exciting and terrifying to see all the buzz. I’m excited because it feels like we’re on the verge of a seismic shift in technology—on par with the rise of the web or the cloud—driven by GenAI. And I get to witness it firsthand! But it is terrifying to see all the applications, solution consultants, database vendors and others selling happy GenAI stories to customers. I could scream into the loud buzz of the show floor, “We have seen this movie before! Don’t let the development of GenAI applications outpace the critical need for data security!” I’m thinking about the rush to web, the rush to mobile, the rush to cloud. All of these previous shifts suffer from the same thing: security is boring and we don’t want to do it. What definitely wasn’t boring was using a groundbreaking mobile app from 1800flowers.com to buy flowers—that was cool! Let’s have more of that! Who cares about security, right? That can wait…
Cyber security, and data security in particular, have had the task of keeping up with the excitement of new applications for decades. The ALTR engineering office is in beautiful Melbourne, FL just a few hours away from Disney. When I see a young mother or father with a concerned look racing after their young child who couldn’t care less that they are about to get run over by a popcorn stand, I think “Application users are the kids, security people are the parent, and GenAI is whichever Disney character the kid can’t wait to hug.” It’s cute, but dangerous. This is what is happening with GenAI and security.
As applications have evolved so has data security. Below is an example of these application evolutions and how security has adapted to cover the new weaknesses of each evolution.
What is Making Generative AI Hard to Secure?
The simple answer is: we don’t fully know. It’s not just that we’re still figuring out how to secure GenAI (spoiler: we haven’t cracked that yet); it’s that we don’t even fully understand how these Large Language Models (LLMs) and GenAI systems truly operate. Even the developers behind these models can’t entirely explain their inner workings. How do you secure something you can’t fully comprehend? The reality is—you can’t.
So, what do we know?
We know two things:
1. Each evolution of applications and data products has been secured by building upon the principles of the previous generation. What has been working well needs to be hardened and expanded.
2. LLMs present two new and very hard problems to solve: data ownership and data access.
Let’s dive into the second part first. To get access to the hardware currently required to train and run LLMs we must use cloud or shared resources. Things like ChatGPT or NVIDA’s DGX cloud. Until these models require less hardware or the hardware magically becomes more available, this truth will hold.
Similar to the early days of the internet, sensitive information was desired to be sent and received on shared internet lines. The internet was great for transmitting public or non-sensitive information, but how could banking and healthcare use public internet lines to send and receive sensitive information? Enter TLS. This is the same problem facing LLMs today.
How can a business (or even a person for that matter) use a public and shared LLM/GenAI system without fear of data exposure? Well, it’s a very challenging. And not a problem that a traditional data security provider can solve. Luckily there are really smart people working on this solution like the folks at Protopia.ai.
So, data ownership is being addressed much like how TLS solved the private-information-flowing-on-public-internet-lines. And that’s a huge step forward. What about data access?
This one is a bit tougher. There are some schools of thought about prompt control and data classification within AI responses. But this feels a lot like CASB all over again, which didn’t exactly hit the mark for SaaS security. In my opinion, until these models can pinpoint exactly where their responses are coming from—essentially, identify the data sets they’ve learned from —and also understand who is asking the questions, we’ll continue to face risks. Only then can we prevent situations where an intern asks questions and gets answers that should only be accessible to the CEO.
Going back to what we know, the first item, we will need to build upon the solid data security foundations that got us to this point in the first place. It has become clear to me that for the next few years, Retrieval-Augmented Generation (RAG) will be how enterprises globally interact with LLMs and GenAI. While this is not a silver bullet, it’s the best shot busineses have to leverage the power of public models while keeping private information safe.
With the adoption of RAG techniques, the core data security pillars that have been bearing the load of a data lake or warehouse to date will need to be braced for extra load.
Data classification and discovery needs to be cheap, fast, and accurate. Businesses must continuously ensure that any information unsuitable for RAG workloads hasn’t slipped into the database from which retrieval occurs. This constant vigilance is crucial to maintaining secure and compliant operations. This is the first step.
The next step is to layer access control and data access monitoring such that the business can easily set the rules for which types of data are allowed to be used by the different models and use cases. Just as service accounts for BI tools need access control, so to do service accounts for the purposes of RAG. On top of these access controls, near-real-time data access logging must be present. As the RAG workloads access the data, these logs are used to inform the business if any access has changed and allows the business to easily comply with internal and external audits proving they are only using approved data sets with public LLMs and GenAI models.
Last step, keep the data secure at rest. The use of LLMs and GenAI will only accelerate the migration of sensitive data into the cloud. These data elements that were once protected on-prem will have to be protected in the cloud as well. But there is a catch. The scale requirements of this data protection will be a new challenge for businesses. You will not be able to point your existing on-prem-based encryption or tokenization solution to a cloud database like Snowflake and expect to get the full value of Snowflake.
When prospects or customers ask me, “What is ALTR’s solution for securing LLMs and GenAI” I used to joke with them and say, “Nothing!” But now I’ve learned the right response, “The same thing we’ve always done to secure your data—just with even more precision and focus for today’s challenges.” The use of LLMs and GenAI is exciting and scary at the same time. One way to reduce the anxiety is to start with a solid foundation of understanding what data you have, how that data is allowed to be used, and whether you prove that the data is safe at rest and in motion.
This does not mean you cannot use ChatGPT. It just means you must realize that you were once that careless child running with arms wide open to Mickey, but now you are the concerned parent. Your teams and company will be eager to dive headfirst into GenAI, but it’s crucial that you can articulate why this journey is complex and how you plan to guide them there safely. It begins with mastering the fundamentals and gradually tackling the tough new challenges that come with this powerful technology.
Sep 9
0
min
ALTR Expands GTM Team with Powerhouse Hires to Lead the Charge in Data Security
ALTR isn’t just keeping pace with the evolving data security landscape—we’re setting the speed limit. As businesses scramble to safeguard their data, ALTR is not just another player in the game; we’re the go-to solution for bulletproof data access control and security. And today, we’re doubling down on that promise with three strategic hires to turbocharge our Go-To-Market (GTM) strategy.
Meet the Heavy Hitters
Christy Baldassarre
Christy Baldassarre joins us as our new Director of Marketing, bringing a formidable blend of strategic vision and execution prowess. With a track record of driving brand growth and market penetration, Christy excels at crafting compelling narratives that resonate with target audiences. She’s a master at turning complex concepts into clear, impactful messaging and knows how to leverage the latest digital marketing tactics to amplify ALTR’s voice.
"I am excited to be on such a great team and to be a part of taking ALTR to the next level. I chose ALTR because of its excellence in Cloud Security and Data Protection. This is a great opportunity to collaborate with such a visionary team and contribute to groundbreaking solutions that not only push boundaries but set new standards of how to keep everyone’s data safe." - Christy
Rick McBride
Rick McBride, our new Demand Gen Manager, brings a deep expertise in go-to-market strategy. With a strong foundation in business development, Rick has honed his skills in identifying opportunities and driving pipeline growth from the ground up. He’s not just about crafting campaigns; Rick knows how to connect with decision-makers and convert interest into action.
“A successful go-to-market strategy thrives on seamless collaboration across various teams, and our GTM group is poised to be the driving force behind it. We're set to champion the Snowflake ecosystem—engaging with customers, Snowflake’s Field Sales team, and partners alike—to fuel strategic growth. By leveraging Snowflake's powerful native capabilities in Security and Governance, we aim to deliver at the speed and scale that Snowflake users expect. We're thrilled to extend this value to every organization that prioritizes and trusts Snowflake for their data management needs!” - Rick
George Policastro
Next, we've got George Policastro as our newest Account Executive. George is a seasoned sales professional with a proven track record of closing complex deals and delivering results. His strengths lie in his ability to deeply understand client needs, build lasting relationships, and strategically navigate the sales process to drive success.
"I’m thrilled to join ALTR and tackle one of the biggest challenges organizations face today: securing their sensitive data while unlocking its full potential to drive business growth." - George
ALTR: Defining the Future of Data Access Control and Security
The world of data security and governance has evolved dramatically from the days of simple perimeter defenses. Now, we’re dealing with sophisticated, multi-layered security strategies that need to keep up with cybercriminals who are more aggressive and resourceful than ever. The core principles—knowing where your data is, who can access it, and ensuring its protection—haven’t changed. However, as data moves to the cloud, the challenge is achieving these goals at an unprecedented scale and speed.
That’s where ALTR excels. We’re not just providing solutions; we’re reimagining what data access control and security can be in a cloud-first world. By cutting through the complexities and inefficiencies of traditional methods, we deliver a streamlined, scalable approach that makes data security both simple and powerful. Our intuitive automated access controls, policy automation, and real-time data observability empower organizations to protect sensitive data at rest, in transit, and in use—effortlessly and at lightning speed. With ALTR, securing your data isn’t just more accessible; it’s smarter, faster, and designed for today’s dynamic cloud environments.
With our latest GTM team expansion, we’re fortifying our foundation to evolve into a cloud data security market leader who’s not just part of the conversation but is driving it.
Sep 3
0
min
Unleashing the Power of FPE: ALTR Key Sharing Meets Snowflake Data Sharing
In a world where data breaches and privacy threats are the norm, safeguarding sensitive information is no longer optional—it's critical. As regulations tighten and privacy concerns soar, our customers are demanding cutting-edge solutions that don't just secure their data but do so with finesse. Enter Format Preserving Encryption (FPE). When paired with ALTR's capability to seamlessly share encryption keys with trusted third parties via platforms like Snowflake's data sharing, FPE becomes a game-changer.
Understanding Format Preserving Encryption (FPE)
Format Preserving Encryption (FPE) is a type of encryption that ensures the encrypted data retains the same format as the original plaintext. For example, if a credit card number is encrypted using FPE, the resulting ciphertext will still appear as a string of digits of the same length. This characteristic makes FPE particularly useful in scenarios where maintaining data format is crucial, such as legacy systems, databases, or applications requiring data in a specific format.
Key Benefits of FPE
Seamless Integration
FPE maintains the data format, allowing easy integration into existing data pipelines without requiring significant changes. This minimizes the impact on business operations and reduces the costs associated with implementing encryption.
Compliance with Regulations
Many regulatory frameworks, such as the GDPR, PCI-DSS, and HIPAA, mandate the protection of sensitive data. FPE helps organizations comply with these regulations by ensuring that data is encrypted to preserve its usability and format, which can sometimes be a requirement in these standards.
Enhanced Data Utility
Unlike traditional encryption methods, FPE allows encrypted data to be used in its existing form for specific operations, such as searches, sorting, and indexing. This ensures organizations can continue to derive value from their data without compromising security.
The Role of Snowflake in Data Sharing
Snowflake is a cloud-based data warehousing platform that allows organizations to store, process, and analyze large volumes of data. One of its differentiating features is data sharing, which enables companies to share live, governed data with other Snowflake accounts in a secure and controlled manner while also shifting the cost of the computing operations of the data over to the share's consumer.
Key Features of Snowflake Data Sharing
Real-Time Data Access
Snowflake's data sharing allows recipients to access shared data in real-time, ensuring they always have the most up-to-date information. This is particularly valuable in scenarios where timely access to data is critical, such as in financial services or healthcare.
Secure Data Exchange
Snowflake's platform is designed with security at its core. Data sharing is governed by robust access controls, ensuring only authorized parties can view or interact with the shared data. This is crucial for maintaining the confidentiality and integrity of sensitive information.
Scalability and Flexibility
Snowflake's architecture allows for easy scalability, enabling organizations to share large volumes of data with multiple parties without compromising performance. Additionally, the platform supports a wide range of data formats and types, making it suitable for diverse use cases.
The Power of Combining FPE with Snowflake’s Key Sharing
When FPE is combined with the ability to share encryption keys via Snowflake's data sharing, it unlocks a new level of security and flexibility for organizations. This combination addresses several critical challenges in data protection and sharing:
Controlled Access to Encrypted Data
By leveraging FPE, organizations can encrypt sensitive data while preserving its format. However, there are scenarios where this encrypted data needs to be shared with trusted third parties, such as partners, auditors, or service providers. Through Snowflake's data sharing and ALTR's FPE Key Sharing, companies can securely share encrypted data along with the corresponding encryption keys. This allows the third party to decrypt the data within the policies that they have defined and use it as needed.
Data Security Across Multiple Environments
In a multi-cloud or hybrid environment, data often needs to be moved between different systems or shared with external entities. Traditional encryption methods can be cumbersome in such scenarios, as they require extensive reconfiguration or critical management efforts. However, with FPE and Snowflake's key sharing, organizations can seamlessly share encrypted data across different environments without compromising security. The encryption keys can be securely shared via Snowflake, ensuring only authorized parties can decrypt and access the data.
Regulatory Compliance and Auditing
Many regulations require organizations to demonstrate that they have implemented appropriate security measures to protect sensitive data. By using FPE, companies can encrypt data that complies with these regulations. At the same time, the ability to share encryption keys through Snowflake ensures that data can be securely shared with auditors or regulators. Additionally, Snowflake's robust logging and auditing capabilities provide a detailed record of who accessed the data and when which is essential for compliance reporting.
Enhanced Collaboration with Partners
In finance, healthcare, and retail industries, collaboration with external partners is often essential. However, sharing sensitive data with these partners presents significant security risks. By combining FPE with ALTR's key sharing, organizations can securely share encrypted data with partners, ensuring that sensitive information is transmitted throughout the data's lifecycle, including across shares. This enables more effective collaboration without compromising data security.
Efficient and Secure Data Processing
Specific data processing tasks, such as data analytics or AI model training, require access to large volumes of data. In scenarios where this data is sensitive, encryption is necessary. However, traditional encryption methods can hinder the efficiency of these tasks due to the need for decryption before processing. With FPE, the data can remain encrypted during processing, while ALTR's key sharing allows the consumer to decrypt data only when absolutely necessary. This ensures that data processing is both secure and efficient.
Use Cases of FPE with ALTR Key Sharing
To better understand the value of combining FPE with ALTR's key sharing, let's explore a few use cases:
Financial Services
In the financial sector, organizations handle a vast amount of sensitive data, including customer information, transaction details, and credit card numbers. FPE can encrypt this data while preserving its format, ensuring it can still be used in legacy systems and applications. Through Snowflake's data sharing, financial institutions can securely share encrypted transaction data with external auditors, partners, or regulators, along with the necessary encryption keys. This ensures compliance with regulations while maintaining the security of sensitive information.
Healthcare
Healthcare organizations often need to share patient data with external entities, such as insurance companies or research institutions. FPE can encrypt patient records, ensuring they remain secure while preserving the format required for healthcare applications. Snowflake's data sharing allows healthcare providers to securely share this encrypted data with third parties. At the same time, ALTR enables the sharing of the corresponding encryption keys, enabling them to access and use the data while ensuring compliance with HIPAA and other regulations.
Retail
Retailers often need to share customer data with marketing partners, payment processors, or logistics providers. FPE can be used to encrypt customer information, such as names, addresses, and payment details while maintaining the format required for retail systems. Snowflake's data sharing enables retailers to securely share this encrypted data with their partners; with ALTR, the encryption keys are also shared, ensuring that customer information is always protected.
The Broader Implications for Businesses
The combination of Format Preserving Encryption and ALTR's key-sharing capabilities represents a significant advancement in the field of data security. This approach addresses several critical challenges in data protection and sharing by enabling organizations to securely share encrypted data with trusted third parties.
Strengthening Trust and Collaboration
In an increasingly interconnected world, businesses must collaborate with external partners and share data to remain competitive. However, this collaboration often comes with significant security risks. By leveraging FPE and ALTR's key sharing, organizations can strengthen trust with their partners by ensuring that sensitive data is always protected, even when shared. This leads to more effective and secure collaboration, ultimately driving business success.
Reducing the Risk of Data Breaches
Data breaches, including financial losses, reputational damage, and regulatory penalties, can devastate businesses. Organizations can significantly reduce the risk of data breaches by encrypting sensitive data with FPE and securely sharing it via Snowflake. Even if the data is intercepted, it remains protected, as only authorized parties with the corresponding encryption keys can decrypt it.
Enabling Innovation While Ensuring Security
As organizations continue to innovate and leverage new technologies, such as artificial intelligence and machine learning, the need for secure data sharing will only grow. The combination of FPE and ALTR's key sharing enables businesses to securely share and process data innovatively without compromising security. This ensures that organizations can continue to innovate while protecting their most valuable asset – their data.
Wrapping Up
Integrating Format Preserving Encryption with ALTR's key sharing capabilities offers a powerful solution for organizations seeking to protect sensitive data while enabling secure collaboration and innovation. By preserving the format of encrypted data and allowing for secure key sharing, this approach addresses critical challenges in data protection, regulatory compliance, and data sharing across multiple environments. As businesses navigate the complexities of the digital age, the value of this combined solution will only become more apparent, making it a vital component of any robust data security strategy.
ALTR's Format-preserving Encryption is now available on Snowflake Marketplace.
Browse All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Jan 12
0
min
3 Ways ALTR is Better Than the Gym
ALTR Blog
It’s January - the time of year when we kick off our New Year’s resolutions. One of the most common is “getting in shape”, and that often means signing up for a gym membership. In fact, about 12% of all gym memberships happen in January, according to the IHRSA. However, 50% of those new members quit within 6 months!
This year, why not consider beefing up your data governance and security program with ALTR instead?
3 ways the ALTR Free plan is better than a gym membership:
1) It’s free, for real
Obviously. But it’s free with no strings attached. Unlike some gym memberships, there’s no bait and switch. There’s no credit card required, there’s no limited time offer, there’s no 6-month trial rate – ALTR Free is free for life. You can use it as long as you want, upgrade if or when you’re ready, or stay on the free plan forever.
In fact, with ALTR there’s no contract at all. We’ve worked hard to make sure that our free version provides a complete data control and protection on its own. If you don’t find it’s providing the functionality you need, we hope you’ll let us know so we can improve. But if it’s just not doing it for you, you can quit at any time. Unlike the gym, you won’t have to send a notarized letter, certified mail to the company’s headquarters and then watch and wait to see if this is the month they stop debiting your account!
2) It’s not intimidating to get started
Depending on the shape you’re in, beginning a workout program can be intimidating. Maybe you’re not sure where to start, you don’t know how to use the machines, you’re worried you’ll be judged, or don’t want to deal with Instagram influencers recording their workouts while you’re just trying to burn off holiday calories! It can be the same with a data governance program. The idea may be so overwhelming you think you need 6 months to even figure out what data you should protect and where it is, before you can even think about launching your program.
With ALTR, it’s simple to get started. There’s no big set up, no long implementation project, no coding knowledge necessary. There’s no hardware to purchase and no consultants needed.
You can sign up directly through Snowflake Partner Connect or here on our site, connect your databases, discover and classify data instantly, choose the columns of sensitive data you want to protect – in just a few minutes! No matter what stage of data governance you are, ALTR gives you the space and tools to grow at your own pace.
3) It’s easy to maintain
Going to the gym can be tough to keep up. At the end of a long day or before you even get going, you have to find the motivation to put your gear on, drive to the gym no matter the weather or the traffic, then you have to actually do the work! And you have to do it 3 to 5 times a week to make an impact.
With ALTR, once you set it up, you can just sit back and let it do the work for you. ALTR automates access to data, limits data consumption based on the rules you set, and blocks unauthorized access automatically. Our data usage heatmaps show your top users, what data they accessed, when and how much. It’s like a Fitbit for your data consumption. The difference is you don’t have to do a thing to see the numbers go up. ALTR helps you build up your core data governance, control, protect muscles so you can focus on the heavy lifting of moving sensitive data to the cloud.
Stay on the couch and get fit with ALTR
We built the ALTR Free plan to give everyone access to effective data control and protection – we’ve done away with long implementations, high costs, complicated contracts, time-consuming maintenance. We’ve eliminated all the roadblocks, and there are no more excuses.
The ALTR Free plan can help you kick start your data control and protection fitness in 2022. And it’s safer than a Peloton.
Jun 3
0
min
3 Keys to Faster and Safer Data Delivery
ALTR Blog
Today’s data-driven enterprises know that making data available across the company can lead to improved results—from higher sales to better customer satisfaction to improved market share. But the business-level need to make data available has been in conflict with the business-level requirement that data be shared securely. These competing business drivers have led to an odd mismatch between what companies would like to do with data and what they have actually been able to achieve. In order to provide data both swiftly and securely to users, companies should focus on these 3 keys to faster and safer data delivery.
Know and show your data
Before you can provide data to users, you must document what data you have. This means discovering data across databases and software, in cloud SaaS platforms and on-premises in legacy databases. The data must be typed: are they names, social security numbers or email addresses? Then it should be tagged by business context: is the email address from Salesforce or HR? Is it a prospect or employee?
Once the data has been discovered, analyzed and classified, the available data types and tags can be displayed to users via a data catalog—just like any e-commerce platform. Users should be able to search for data to enable a specific use case, such as sharing custom coupons near specific locations. They can select email addresses, GPS data, available inventory and any other information needed to achieve the goal and add those to their “data shopping cart”, regardless of where the data is from or located. The backend structure is completely seamless to users. The goal is to make it as easy as ordering from Amazon.
Control and govern your data
Unfortunately, here’s where the e-commerce metaphor falls apart. While the e-commerce process is mostly automated all the way through, security-focused “default to no” and Zero Trust policies have forced companies to evaluate requests individually and manually as they come in. This leads to labor-intensive data control and release processes on the back end. Once a user “places an order” for data, that sets off a workflow that primarily consists of email notifications to one or more data stewards. What should be a 5-minute fulfillment task can actually take 3-4 days. Data stewards must check the policies to confirm whether the user is authorized to have access to the data. The requester may have asked for data from multiple locations with various owners – Snowflake data may be owned by analytics and Oracle on-prem data by IT or operations. There can often be different data stewards for different data sets, and review/approval tasks often fall on data teams who have other full-time responsibilities on top of their data steward duties.
Such a manual process is rife with human error. Data stewards could accidentally provide access that is too broad or for too long or just to the wrong data. Because human error can lead to data breaches, manual processes increase the risk of that. Still, this process was almost manageable when the requests were 1 or 2 per week. But customers are telling us that they’re seeing 1 or 2 per hour now. It’s simply not sustainable.
Unify and automate your process
Unifying and automating the entire process solves this issue and upgrades the complete data delivery experience. It makes the whole mechanism faster and more secure than the sum of its parts. The data governance tool acts as the brain, knowing who should have access to which data. Automated data discovery, analysis and cataloging with SaaS-based tools like OneTrust and Collibra allow companies to find data across the entire ecosystem, document data lineage, and type and tag it. Once that data has been identified, policy and permissions can be applied.
Then the access control tool like ALTR acts as the muscle, regulating access based on commands it receives from the brain, bypassing the time-consuming and error-prone manual authorization workflow. ALTR’s SaaS-based solution also spans across multiple database types – both on prem and in the cloud – to update access permissions in real time. This provides one central command and control center across the data ecosystem, unlike proxy-based solutions that must be implemented and managed separately for each database. And ALTR also helps define and control what “access” means – is it root level access or a reader account? Is the data masked or limited by amount? For example, HIPAA regulations require that only the minimum necessary standard of data is available to the user to achieve their task.
Finally, the constant consumption feedback ALTR provides acts as the senses, letting the brain know what data is actually being consumed, by whom. This allows teams to double check usage against existing policies and correct any misalignments. If we go back to the Amazon example, this would be as if someone bought too many masks to resell during a pandemic, and Amazon stopped the purchase as against its policies.
The promise of data delivered
When users have access to the data they need in minutes instead of days, the whole company can perform better. When unification and automation not only deliver that speed, but also reduce the risk of human error leading to a breach, the company’s entire data set is safer even as its being shared. Now the promise of data usage across the company can be delivered.
Download our White Paper to learn how the best data strategy is enabled by a strong data defense.
Dec 7
0
min
2022 Prediction #4: Regulations Get Stickier and Data Literacy Becomes a Board-Level Necessity
ALTR Blog
We’re continuing our series of predictions for the 2022 data governance landscape from ALTR leaders Dave Sikora, James Beecham, Doug Wick, and Pete Martin.
All the activity around data, especially sensitive data, we discussed in our previous predictions (1, 2 and 3) will continue to draw attention from regulators. We have already seen several state-level laws including CCPA and CPRA in 2020 in California, Virginia and Colorado passed this year, and active bills in at least 6 other states. Every time a new state law is passed it increases the complexity of data access controls for governance and security teams.
And this will make data literacy just as necessary as financial literacy for executives, including board members. They’ll need to have a crisp understanding of how data works in the business, where it comes from, who it goes to, what data is meaningful and what can be ignored. Leaders will need to understand what’s required by regulations and how the way company is using data creates regulatory risk. We expect that soon company executives will be looking at “data flow” statements alongside cash flow statements each quarter.
Companies that have this competency baked into their business will be in a better position to weather the next big regulatory storm: a U.S. federal data privacy law on the level of the Sarbanes-Oxley Act of 2002. “SOX”, passed in reaction to several financial scandals including Enron, Tyco and WorldCom, requires corporate officers of publicly traded companies to personally certify that the company's financial statements are accurate. Officers who sign statements they know are inaccurate can face criminal charges and penalties including prison. We certainly hope that we don’t see scandals as shocking as those of the early 2000s, but if data breaches continue to worsen, we can expect legislation that requires publicly traded companies to have board-level data audit committees documenting how the company is protecting sensitive data, with CEOs and CDOs required to sign accountability statements.
To see all our predictions for 2022, download our white paper here.
Dec 2
0
min
2022 Prediction #3: Massive Value is Unlocked and the Chief Data Officer Gets an Upgrade
ALTR Blog
We’re continuing our series of predictions for the 2022 data governance landscape from ALTR leaders Dave Sikora, James Beecham, Doug Wick, and Pete Martin.
In our last post, we talked about how the democratization of data access will lead to an order of magnitude increase in the credentialed access threat. But a positive effect of the growing democratization of data is the opportunity for companies to truly become “data-driven,” unlocking enormous economic value over the next five to 10 years. Currently, companies don’t really have a good handle of what’s truly going on inside their business – broadly across the various functions or in detail down to the transaction level. They don’t have the visibility or measurement around operations or their customers. But by making the data available to everybody, companies will get more operationally efficient across the board: marketing will get more effective at reaching potential customers, logistics will get more proficient at moving supplies and products through the business, and so on.
At the same time data is spreading across the business, its importance is pushing the prominence of data up the executive ladder. This will lead to the elevation of the Chief Data Officer. Their responsibility will be to use all this data to make sense of the business – to correlate data points and create a high-level understanding of how the company is operating from a data flow perspective. We’re already seeing this happening to a certain extent with the percentage of organizations reporting the appointment of a CDO increasing from 12% in 2012 to 65% in 2021. This will have the side effect of pushing the CIO and the Information Technology teams lower in ranking, potentially reporting to the CDO, simply focused on putting the technology structure in place to enable a data-driven strategy.
Venture Beat calls the combination of data and AI embedded within companies for analytical and operational purposes “the beginning of the era of the intelligent, automated enterprise.”
Obviously, we’re just at the very early stages of this massive upheaval, but even what we’ve seen so far will help support what Gartner notes are CEO priorities for 2022: growth, digitalization and efficiency. These are all enabled if you can make better sense of your data. With disparate applications and disparate data points, the only way to take the business to the next level is to connect all those dots to create a holistic picture and uncover real insight.
Watch our blog for more predictions to come around new risks to data, the crucial role of data in the business, and the regulatory environment ahead…
Nov 18
0
min
2022 Prediction #1: Companies Will Dare to Data Share, Safely
ALTR Blog
Heading into the holidays, we can’t help but look back at the whirlwind last two years. The COVID-19 pandemic caused a disruption unlike any we’ve seen in the last few decades. Employees across the world began working remotely like never before. Because data has become such a critical part of this work, it needed to follow the employees, quickly escalating digital transformation and the move of data to the Cloud. Snowflake’s record setting IPO in September 2020 demonstrates the value of this opportunity. But the shift also put an abrupt burden on IT teams to protect that remote work and the data required from new threats and escalating old ones. Data thieves and hackers took advantage of the disruption to step up attacks, like the recent Robinhood leak that exposed data of 7 million customers. As data exfiltration and PII leaks continued, regulatory attention around protecting personal information in the US increased.
All in all, it’s a challenging yet thrilling time to be part of the data ecosystem. And data governance and security are more critical than ever.
As we look toward 2022, it’s a given that data will continue moving to and consolidating in the Cloud. But this will lead to other shifts in the data governance landscape, uncovering surprising new possibilities and challenges for companies who want to stay ahead of the competition by making the most of their data. Over the next few weeks, we’ll share some predictions from ALTR leaders Dave Sikora, James Beecham, Doug Wick, and Pete Martin to help companies know what they might expect in 2022.
Prediction #1: Companies Will Dare to Data Share, Safely
Centralizing data in the cloud enables increased flexibility, availability and sharing of data – within the enterprise and without. In the past, if you wanted to share data that lived in an on-prem datacenter with another group or with an external partner, you would have to extract and then email or FTP the file – a cumbersome, manual process. Increasingly, companies will take steps to make data more easily available via the cloud – to connect applications, to monetize it or even utilize it to create a more effective AI.
For example, earlier this year, NBC Universal announced a new solution to monetize the audience data it gathers by making it available to partners, on a cross-cloud data clean room environment powered by Snowflake. Advertisers will be able to safely and securely join their own data, without exposing any viewer personally identifiable information (PII). The Snowflake platform lets NBC Universal govern what data is housed in the clean room, how data can be joined, what types of analyses can be performed on the data, and what data can leave. Disney is doing something similar by making Snowflake its single source of data to share securely with its internal teams and partners. Snowflake is enabling the monetization of sharing further with their Data Marketplace which allows companies to offer up unique, proprietary data to Snowflake customers to utilize along with their own data.
Secure cloud-based sharing will also help overcome one of the main ML/AI roadblocks: training data. 91.9% of firms report that the pace of investment in Big Data and AI projects is accelerating, but AIs don’t come fully formed out the box – they require massive amounts of data to learn on to be effective. Companies may contract with an ML or AI provider, but the model needs to be trained on relevant data for that specific company’s use case before deployment. Data privacy concerns have limited the ability to provide real data to AI vendors, with companies in some cases relying on synthetic data, but implementing secure data sharing allows for use of real data instead.
Essentially, the ability to securely share sensitive data easily from the cloud will enable increased data sharing and increased insights.
Watch our blog for more predictions to come around new risks to data, the crucial role of data in the business, and the regulatory environment ahead…
Nov 30
0
min
2022 Prediction #2: Cloud Data Becomes a Bigger Target and More Access Increases the Threat
ALTR Blog
We’re continuing our series of predictions for the 2022 data governance landscape from ALTR leaders Dave Sikora, James Beecham, Doug Wick, and Pete Martin.
In our first post, we talked about how companies will utilize secure data sharing to get more value out of data. Next year, we’re all confident that data will become even more critical to business and will continue consolidating in the Cloud. But this consolidated data pool will have the unfortunate side effect of drawing criminal attention. Data that used to exist in specific, disparate software or databases such as Workday, Salesforce or SAP is being uploaded into a consolidated cloud database, accessible from all over the world, with a single username and log in supplying entry. As this trend continues, these cloud data platforms will become an even more attractive target for “hackers.”
But can it even be called “hacking” when companies leave the door open? Many of the most well-known data breaches of the last few years were the result of misconfigured cloud database or application security. A June 2021 IDC survey of CISOs and security decision makers showed that almost 100% of companies had experienced a cloud data breach in the past 18 months.
While data warehousing has been growing for the last ten to twenty years, at the beginning, only a small group of individuals had access to the data. As the realization of the possibilities this information provides has spread across the business, there has been an increased push to democratize access. Companies have started handing out access to data like Oprah handed out car keys – “You get credentials, and you get credentials, and you get credentials!” This, along with the growth in data sharing, increases the credentialed access threat potentially by an order of magnitude. And that unfortunately means, for the sixth year in a row, we will likely see “credentialed access” as one of the top drivers for data breaches in the 2022 Verizon Data Breach Investigation Report and the IBM Cost of a Data Breach Report.
Watch our blog for more predictions to come around new risks to data, the crucial role of data in the business, and the regulatory environment ahead…
Jan 18
0
min
The State of Data in 2021: Crossing the Sensitive Data Chasm
ALTR Blog
In 2020, you moved your simple and easy workloads into a Cloud Data Platform like Snowflake but got stuck moving more sensitive data workloads for security, privacy, or compliance reasons. In this post, you’ll learn how easy it has become to pair your Cloud Data Platform with a fully SaaS delivered and credentialed security provider to overcome the challenges of using sensitive data in the cloud. Whether you're the data engineer, the data architect tasked to use the data, or the security engineer tasked with securing the data, pairing ALTR with Snowflake will help quickly turn a data workload ‘no’ into a workload ‘yes’!
The Beginning: Data is Awesome
We all remember our first time logging into that beautiful blue Snowflake web UI, running our first sample query on the sample data set, and how cool it felt. But we quickly got our snow boots under us and wanted to start using real data. At first, migration was easy. Let's pretend you're on the marketing analytics team and wanted to cross-reference your marketing spend in AdWords with this month's orders broken down by zip code — with a few clicks, you have easily added AdWords data into Snowflake as well as data from your eCommerce SaaS provider. You can now easily run reports either from the last 30 days or the last three years, and you didn't have to call IT. The rush of being in control of your marketing analytics destiny is pretty neat, so you begin to add other sources into Snowflake, removing data silos, and making your job easier and faster. This goes on for a few months, and everything is dandy.
The Middle: Data is Scary
Then you get the great idea of importing your customers' information from Salesforce Marketing Cloud emails and campaigns. You want this data to cross-reference web cookies or email responses to coupons you've been using. You'd also love to get some of the more sensitive data that still lives on-prem in a legacy operational database. Only this time when you go to quickly import this data, you are blocked first by the firewall — you don't have a username/password and you realize the security teams can see you trying to access that information, then you get a call from your local neighborhood DBA and security engineer. You explain what you were trying to do and show them all the cool stuff you've been doing with Snowflake and how much better the company will for the work. But they point out that you cannot just simply move this customer data as you did with the other data. It's at this moment that you realize you're standing on the edge of a cliff. This cliff looks dangerous and leads to a canyon that is vast and full of wild GDPR and CCPA animals as well as the worn-out brands that have had massive data breaches. The canyon is real and it causes everyone on that call, DBA, security, and you to stop in your tracks.
But on the other side of the canyon, you see increased revenues, reduced marketing waste, and more efficient campaigns. All things the business would love to have and use. So you begin to brainstorm with the security and DBA teams. “What if we just did this...?”, or “How about we try to port legacy security system X to Snowflake?” “Won't work,” says the DBA and security teams – running VPN connections between on-prem and Snowflake isn't possible; or the latency impact it will have makes using Snowflake not possible; or the privileged access management tool (PAM) you have doesn't support Snowflake and will never support Snowflake.
Everyone is on the same page trying to get across that canyon together but it seems hard to navigate the dangers of the canyon. You need a bridge. Something stable and safe you can walk on to cross the canyon and bring that customer data with you. It needs to be flexible enough to handle different types of data because if you can get the customer data you want across the canyon, then others will surely try to bring more sensitive data with them behind you. It needs to be strong enough to stand up to the dangers of the wild compliance and regulations animals below it all howling for your hard-earned revenue if you screw up. It almost feels like you can't make it across.
The End: Data is Safe
One day you wake up and see a post on LinkedIn from some guy who is a 2nd connection to the person you shared a cube with as an intern 6 years ago. He's talking about data security being delivered as SaaS, or DSaaS (Data Security as a Service), and how it has a native integration with Snowflake to help observe data access and detect and respond to improper access — they even offer tokenization of data at rest. All of this can be enabled quickly with Snowflake? They have attestations and certifications to store and control access to PCI, PII, and HIPAA data types. You reconvene the DBA and security engineering team, standing on the edge of the canyon once more, you spec out what could be a pretty nice bridge to get you across. This bridge is ALTR DSaaS. Everyone agrees after researching the product and trialing the software that this could be the answer.
From the trial, everyone learned that they could:
- Ensure each access to sensitive data is logged for as long as the business requires
- Integrate these logs into their central logging server or SIEM
- Ensure that only authorized users can view the sensitive data
- Quickly and easily set a policy that watches data access and prevents breaches by only allowing the right amount of it out to each user
- Utilize tokenziation as a service to make even their most sensitive data safe for use in the cloud
Low and behold, everyone’s boss signs off on the usage since ALTR DSaaS has the features and scalability needed to cross the canyon safely. You can now begin to move sensitive workloads without fear that someone will be able to steal credentials and take data. You know after running the trial that SQL injection attacks won't work with ALTR in place. You can provide all needed parties with Observability reports that policy is in place and is being enforced. ALTR DSaaS has satisfied even the most stringent of requirements because it extends beyond RBAC controls and places policy on data, ensuring that only authorized users access data, and only as much data as is allowed. Information at rest can be protected without the overhead of encryption keys, and the SaaS deployment matches Snowflake scale so the data is actually usable even with the highest levels of security.
Canyon crossed, goals achieved, next workload please.
To learn more about how ALTR can protect your sensitive data in the cloud, check out this white paper.
Get the latest from ALTR
Subscribe below to stay up to date with our team, upcoming events, new feature releases, and more.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.