ALTR Brief: Snowflake Cybersecurity Investigation

ALTR Helps Fortune 10 Corporation Meet Stringent Compliance Requirements in Just Weeks

ALTR’s customer, a Fortune 10 multinational energy corporation, has a diversified portfolio in the oil and gas sector, including exploration, production, refining, and distribution. Known for its extensive global presence, this corporation plays a significant role in the energy industry’s upstream (extraction and production) and downstream (refining, distribution, and marketing) aspects.

As a multinational company, it is required to follow stringent GDPR’s Binding Corporate Rules (BCR) that govern the transfer of personal data between different entities within the corporate group. This requires this company to implement robust data protection measures for all customer Personally Identifiable Information (PII) as early as possible in the data lifecycle, ensuring compliance across their international operations.

Recognizing the magnitude of its data governance requirements and the short timeframe they were up against, this company turned to ALTR for its scalable and automated data governance solution.   

The Challenge

  • Complex GDPR Compliance Regulations
  • Tight Compliance Deadlines
  • Competing Solution Failure

Complex GDPR Compliance

As a multinational corporation, this organization had a mandatory obligation to conform to the rigorous GDPR requirements, notably BCR. These rules demanded the implementation of robust and stringent data protection measures, focusing on safeguarding customer PII data within Snowflake and upstream in its data pipelines. Compliance with GDPR BCR was crucial to ensure data privacy and security for this company’s global operations, reflecting its commitment to responsible data management across its multinational operations.

Tight Compliance Deadline

The company found itself under immense pressure due to an impending compliance deadline. With just six weeks at their disposal, the organization urgently needed to identify and deploy a solution to safeguard sensitive data while aligning with these compliance requirements. The situation’s urgency underscored the critical need for a swift and effective data governance solution, of which only ALTR could provide.

Competing Solution Failure

In the organization’s quest for GDPR compliance, they initially turned to a competing solution, which ultimately proved ineffective. The competitor’s solution faced significant challenges, including its lack of cloud-native design, which made it incompatible with the company’s cloud-focused data infrastructure. This organizations scale considerations required a SaaS based solution to mitigate risk over sensitive data. Additionally, it struggled to handle the demanding workloads required by the company, leading to performance limitations and operational bottlenecks. Furthermore, the competitor’s solution could not meet the tight compliance deadline, casting doubt on the organization’s ability to promptly satisfy regulatory requirements.

The Solution

  • Format Preserving Encryption: Better security and faster results
  • Shift Left Data Governance: Data security from source to cloud

Format-Preserving Encryption

Leveraging ALTR’s format-preserving encryption (FPE), this company can seamlessly encrypt and decrypt sensitive data natively in Snowflake, eliminating the need for expensive on-premises appliances. This cost-effective shift saves millions in licensing fees and tens to hundreds of thousands in monthly expenses associated with calls between Snowflake and on-premises systems, typically introducing significant query delays. With ALTR, queries circumvent these calls, resulting in faster response times and enhanced data security. Similarly, ALTR’s Format Preserving Encryption allows Data and InfoSec teams the freedom to shift their focus elsewhere, trusting ALTR’s rigorous security measures.  

ALTR’s architectural advantages allow us the unique ability to Shift Left® and call Snowflake’s FF31 Format Preserving Encryption API within the ETL pipeline, protecting the data before it lands in Snowflake. This customer leverages ALTR’s policy automation engine so that any non-technical user can operate ALTR’s point-and-click user interface to create policy that determines what Snowflake roles and users will receive encrypted values vs. what roles and users will receive decrypted, plain-text data. ALTR maintains a near real-time audit log every time this sensitive data is accessed for compliance purposes, and custom alerts and signals can be enabled to understand how your data is being accessed and by whom in real time. ALTR helped this customer manage and rotate their keys using envelop encryption – wrapping Format Preserving Encryption in our key management system to allow for automatic decryption via ALTR policy.

Shift Left Data Governance

With ALTR’s Shift Left data governance® capabilities, the organization can use native SNOW APIs to invoke ALTR’s FPE capabilities upstream in its data pipeline. By doing so, the organization proactively secures PII before entering its Snowflake environment meaning the data is secure in motion and at rest. This approach to data protection ensures that sensitive information is safeguarded from the outset, aligning perfectly with GDPR compliance requirements and bolstering data security efforts. ALTR’s SaaS based, scalable platform is the only data governance and data security solution that could check this box for this customer due to the ability to implement data governance “to the left” of the cloud data warehouse, earlier in the data lifecycle.  

The Results

  • Accelerated POC: Two hours across two days
  • Rapid time-to-value: From months to weeks
  • Extended compliance with superior performance
  • Future-proof data governance

Accelerated POC 

ALTR’s Format Preserving Encryption (FPE) solution, being a pure Software-as-a-Service (SaaS) offering, provided architectural advantages that greatly expedited the Proof of Concept (POC) phase, with the entire phase accomplished in just two one-hour sessions. Rapid enablement of ALTR’s  solution in the customer’s sandbox environment highlighted the efficacy of SaaS  in addressing complex data protection needs, eliminated uncertainty and minimized risks associated with its deployment.

Rapid Time to Value

In addition to the rapid POC, ALTR significantly accelerated the deployment timeline. What would have traditionally taken several months to deploy was reduced to a matter of weeks. This rapid deployment proved instrumental in helping the company move swiftly toward its compliance deadline. 

Extended Data Protection with Superior Performance

With ALTR’s Shift Left® approach to data governance, the company could meet GDPR requirements within Snowflake and effortlessly extend (Shift Left®) that data protection into the data pipeline without compromising business agility or productivity. 

Future-proof Data Governance

Driven by its SaaS architecture, ALTR can  scale alongside the organization’s dynamic growth, aligning seamlessly with its expanding global operations while consistently meeting its evolving data protection demands.