ALTR Brief: Snowflake Cybersecurity Investigation

Health and Well-Being Technology Redefines Data Governance at Scale with ALTR

One of ALTR’s customers, a health, well-being, and navigation company, operates in over 190 countries worldwide, offering employee well-being and engagement solutions to organizations and their employees across the globe. Their mission is to transform workplace culture, promoting physical, mental, and emotional well-being to foster healthier and more productive work environments. 

In their quest to maintain the highest data governance and security standards, this organization embarked on a mission to securely store Personal Health Information (PHI) and Personally Identifiable Information (PII) data within Snowflake. This endeavor aimed to empower internal users with insightful access to data while simultaneously ensuring the establishment of a robust, closed-loop audit trail to meet stringent compliance requirements.

The Challenge

  • Ensuring Data Security and Privacy
  • Establishing Scalable Data Governance
  • Implementing a Compliance-Centric Audit Trail

Data Security and Privacy Assurance

The InfoSec Team at this company grappled with the critical necessity of securely and confidentially housing their sensitive PHI and PII data. This imperative arose from their unwavering commitment to conforming to stringent regulatory frameworks and compliance mandates that govern handling such sensitive information within the health and wellness industry. The integrity and confidentiality of this data were paramount.

Scalable Data Governance

With an expansive and intricate data landscape sprawling across multiple Snowflake databases, they faced the formidable challenge of implementing and enforcing data governance policies at scale. The sheer volume of tagged columns, numbering in the thousands, necessitated an innovative approach to ensure the consistent and efficient application of governance protocols.

Compliance-Centric Audit Trail

To align comprehensively with evolving data privacy regulations, this organization recognized the need to establish a meticulous and all-encompassing audit trail. This trail would serve as an indisputable record of every instance of access to sensitive data. Achieving full compliance required not just meeting the letter of the law but also demonstrating dedication to transparency and accountability in the data handling practices.

The Solution

  • Cloud-Native Integration with Snowflake
  • Efficient Automated Column Controls
  • Query-level Governance

Cloud-Native Integration with Snowflake

Implemented as a cloud-native solution and utilizing Snowflake’s native governance and security features, ALTR offered the highest level of data protection—all with no code required to implement, maintain, or manage. Removing the roadblocks to protecting sensitive data ensures this organization’s data team can extract the most value from their data and maximize their investment in the platform.

Automated and Scalable Tag-Based Masking

ALTR introduced automated tag-based column control to govern PII and PHI data security at scale. With ALTR’s user-friendly point-and-click interface and management API, this organization was able to harness the power of Snowflake object tagging and enable the automatic application of data masking to thousands of tagged columns spanning multiple Snowflake databases. As a result, they were able to apply policies uniformly to corresponding tagged columns quickly and easily and instantly enforce policies as soon as sensitive data is tagged.

Query-Level Governance

ALTR’s auditable query logs emerged as an indispensable tool, meticulously documenting every instance of sensitive PHI and PII data access to prove privacy controls were effective. This company can now govern each user down to the individual query, track and log all activity, including administrative actions and implement rules and thresholds to govern the flow of data.

The Result

  • Complete Data Access Observability
  • Data Governance at Scale
  • Comprehensive Compliance-Ready Audit Trail
  • A Visionary Leader  

Complete Observability

This organization meticulously achieved a state of complete data observability, which has become the cornerstone of their data security framework. This heightened level of transparency not only fortified their data security infrastructure but also enabled them to proactively monitor, track, and respond to all instances of access to sensitive PHI and PII data. As a result, no unauthorized or suspicious activities go unnoticed, providing an invaluable layer of protection for their most critical information assets.

Data Governance at Scale

ALTR’s solution empowered this customer to seamlessly automate data masking policies across a sprawling landscape of tagged columns spanning multiple Snowflake databases. This automation substantially reduced manual efforts and contributed to policy consistency and effectiveness.

Comprehensive Compliance-Ready Audit Trail

The solution delivered an exhaustive audit trail that meticulously documented every instance of sensitive data access. This comprehensive audit trail played a pivotal role in this organization’s ability to fully satisfy the requirements of data privacy regulations and compliance standards.

A Visionary Leader

This company’s proactive embrace of tag-based policies and their astute utilization of automation exemplified their forward-thinking approach to data governance and significantly influenced the evolution of ALTR’s data governance capabilities.

ALTR’s easy-to-use solution allows our Data, Reporting and Analytics teams to leverage Snowflake object tagging to automatically apply data masking to thousands of tagged columns across multiple Snowflake data bases. We’re able to store PII/PHI data securely and privately with a complete audit trail. Our internal users gain insight from this masked data and change lives for good. 
– Director of Data Governance and Management