Q2 is a leading digital banking provider powering online, mobile, and core banking solutions for over 1,400 financial institutions. Today, 1 in 10 U.S. banking customers interacts with Q2’s technology—whether through online banking, mobile apps, or digital loan origination systems. 

The Challenge: More Growth, More Data, More Risk 

As Q2’s customer base and product offerings expanded, so did its data volume—and with it, its attack surface. Each new product line introduced sensitive PII, PCI data, and behavioral signals that had to be securely managed across cloud, hybrid, and on-prem environments. 

Moving to the cloud only raised the stakes. Q2’s legacy systems—built over two decades and optimized for on-prem SQL—were becoming a bottleneck in the face of modern demands. As the company replaced aging infrastructure with cloud-native platforms like Snowflake, it recognized that perimeter security alone wasn’t enough. The shift presented a rare opportunity: to re-architect for performance, scale, and agility—without a disruptive overhaul. Q2 adopted a best-partner strategy, avoiding the complexity of stitching together multiple tools or overhauling database stacks. But with more data moving faster across more layers, the need for a data-centric security strategy became clear—one that protected information at the source, enforced governance at scale, and supported a layered defense model built for the cloud era. 

Q2 turned to ALTR to be that layer. 

The Solution: ALTR’s Unified Data Security Platform 

To help Q2 secure sensitive customer and financial data across its expanding product suite and internal systems, ALTR delivers a unified, scalable data security and access control solution. Integrated across both on-prem and cloud environments—including critical platforms like Snowflake—ALTR equips Q2 with layered protection that aligns with their zero-trust, “defense in depth” strategy. 

At the heart of this architecture is Q2’s TrustView—a policy enforcement layer that governs how sensitive data is secured, accessed, and shared across systems. ALTR powers the core security functions within TrustView, including tokenization, format-preserving encryption, masking, and real-time activity monitoring. This allows Q2 to confidently apply consistent data protection policies across all environments, reduce operational complexity, and maintain compliance at scale. 

Tokenization of Sensitive Data in Transit 

For Q2’s flagship online and mobile banking platform—ALTR delivers tokenization to protect personally identifiable information (PII) as it moves between systems. Sensitive data is tokenized before it enters Q2’s infrastructure, minimizing exposure and aligning with Q2’s zero-trust, defense-in-depth security model. 

ALTR enables high-performance tokenization across Q2’s transactional systems, helping secure data in motion without disrupting performance or operational workflows. When original values are needed, they can be securely retrieved—without compromising speed or architecture. 

Format-Preserving Encryption (FPE) in Snowflake 

As part of its cloud migration, Q2 adopted Snowflake to manage high-volume event logs tied to platform activity, transactions, and customer behavior. These logs often contain regulated data—names, account numbers, SSNs, and more—across hundreds of financial institutions. 

ALTR’s format-preserving encryption (FPE) secures that data in Snowflake, preserving structure for analytics, debugging, auditing, and customer-facing insights—all while maintaining compliance. 

By enabling a secure multi-tenant architecture in a single Snowflake instance, ALTR gives each of Q2’s 400+ client institutions isolated, encrypted access to their data—without the complexity of managing separate environments. This also powers secure data sharing workflows, helping Q2 deliver masked or encrypted insights back to clients with full control and auditability. 

Together, ALTR and Snowflake have transformed Q2’s logging infrastructure into a scalable, compliant, and high-performing platform 

Real-Time Activity Monitoring 

Q2 uses ALTR’s real-time database activity monitoring to understand how sensitive data flows across its systems—both internally and within its customer-facing products. ALTR captures and reports on: 

• How often certain sensitive data elements are accessed or tokenized 

• Who is accessing them and from where 

• Deviations from normal data usage patterns 

These insights are surfaced directly to Q2’s security operations team, helping them understand valid and invalid data access patterns, detect anomalies, enforce least privilege, and meet audit requirements. 

 

“It’s clear to me that ALTR punches way above their weight and that’s why I am 100% confident placing ALTR between my critical data transactions for over 1400 financial institutions”

-Lou Senko, Chief Availability Officer, Q2

 

Role-Based Access Control and Masking 

To protect sensitive data within analytics workflows and shared environments, Q2 uses ALTR’s policy-driven access controls and dynamic data masking features. These controls ensure that: 

• Users only see what they’re authorized to see, based on their role and purpose; mapping data access back to business requirements. 

• PII can be masked or hidden entirely depending on the access context, meeting compliance requirements. 

• Data remains secure even when accessed across shared cloud environments, reducing risk for the organization 

This approach supports Q2’s internal governance and helps its teams operate securely without slowing down innovation. 

Advanced Key Management and Encryption Auditing 

Unlike native encryption tools that offer basic encrypt-decrypt functionality, ALTR delivers enterprise-grade key management that includes: 

• Key generation and wrapping 

• Off-platform storage and isolation of key material 

• Automated key rotation 

• Keys are available where needed, governed by role-based access controls. 

• Full auditability and reporting 

• The ability to provide customer-specific encryption keys when required 

This architecture helps Q2 meet rigorous PCI-DSS standards across products where payment-card  data must be securely stored and managed. It also gives Q2 the confidence and flexibility to extend encryption into new products and cloud services as they grow. 

 

The Results: Scalable Security That Powers Growth 

As Q2 continues to expand its footprint in digital banking, ALTR has become a foundational partner—enabling the company to scale securely, meet regulatory demands, and accelerate innovation without compromising control. 

PCI Compliance at Scale 

With ALTR, Q2 maintains Level 1 PCI DSS compliance across core products. ALTR ensures cardholder data is encrypted, auditable, and never exposed in plain text—simplifying audits and reducing compliance overhead. 

Securing 1,400+ Financial Institutions 

Q2’s TrustView platform—backed by ALTR—now protects sensitive data for more than 1,400 financial institutions, enforcing consistent access policies and securing critical information across banking products and environments. 

Cloud Migration Without Compromise 

As Q2 moved to Snowflake, ALTR’s format-preserving encryption (FPE) enabled a smooth and secure migration of their high-volume data infrastructure. By protecting PII while maintaining format and structure, Q2 ensured data remained usable for debugging, analytics, and compliance workflows—without sacrificing performance or scalability. 

Secure Data Sharing  

Q2 enables over 460 financial institutions to securely access their own regulated data—improving transparency, meeting compliance requirements, and strengthening client trust without increasing operational overhead. 

Faster, Safer Access to Insight 

With sensitive data encrypted and tokenized, Q2 teams can perform debugging, analytics, and customer intelligence work without ever compromising privacy or exposing raw data. 

Consistent Protection Across Every Environment 

Whether embedded in products or supporting internal operations, ALTR delivers a single platform for tokenization, encryption, data masking, activity monitoring, and role-based access control—adaptable to both legacy systems and next-gen cloud environments. 

 

“ALTR gives us more than encryption— it’s a centralized, verifiable solution for key management, access control, and secure sharing across all teams and environments, far beyond what Snowflake alone can offer.”

-Rae Green, Sr. Data Architect, Q2