ALTR Brief: Snowflake Cybersecurity Investigation

Security Becomes a Business Enabler at this Leading Mortgage Firm

The financial services industry has years of experience dealing with state, federal and global regulations around data privacy and security. They’re subject to all regulations other industries face like GDPR and Sarbanes-Oxley, but also have to comply with PCI DSS (Payment Card Industry Data Security Standards), the Gramm–Leach–Bliley Act (GLBA) on data privacy and sharing, as well as the Financial Industry Regulatory Authority (FINRA). With this experience, banks, credit unions and mortgage companies are extremely confident in the data security of their on-premises databases.

But over the last few years, data migration to and consolidation in the cloud have challenged every industry, especially financial services. At the same time, data has spread throughout the business via analytics tools that need all the data to provide true insight. Suddenly the most sensitive customer financial data might no longer be safely ensconced in a company-owned datacenter but available everywhere from a cloud data warehouse to an analyst’s desktop.

In many organizations, data proliferation like this can trigger security teams to come in and lay down onerous data security requirements that data owners and managers have to follow to move forward. These can disrupt or even block the road to data-driven insights completely. In the case of this large mortgage broker, the InfoSec team realized there was an opportunity to become a business enabler instead of a blocker.

Getting ahead of the FinServ data security curve

In this organization, Line of Business (LoB) executives were already utilizing data in the cloud to better serve customers, deliver optimized reporting and analytics internally and to facilitate more data self-service to all areas of the business. Instead of acting as a “bad cop”, the CISO decided to take a step back to get ahead of the industry and the curve. The InfoSec team kicked off a project to roll out integrated Data Security & Intelligence across the company that included enterprise-wide data governance and an overall risk reduction effort.

The team decided on a data governance model to control data access and consumption in real-time, regardless of access point, and to protect all data sources, from Snowflake to on-prem datastores.

Their business goals:

  • Standardize on Snowflake as the single source of data truth 
  • Accelerate migration of additional operational workloads to Snowflake 
  • Protect enterprise datastores prior to their transition to Snowflake
  • Govern consumption of sensitive data throughout enterprise applications
  • Increase efficacy of data governance while reducing cost and complexity, via a single, unified solution

Data governance and risk-reduction with ALTR

ALTR presented a three-phase strategy to deliver on these goals. The proposal focused on reducing the risks associated with sensitive data by achieving full observability over all sensitive data consumption, regardless of location or access point, and integrating real-time alerting and signals into Snowflake Security Data Lake:

Phase 1) Start with Snowflake to gain visibility into how sensitive data is consumed by Snowflake users and mitigate credentialed access threats:

This phase starts with automated data discovery and classification; full visibility into sensitive data consumption; real-time, policy-based, data access control; and alerts and signals shared with Snowflake Security Data Lake.

Phase 2) Expand with Snowflake and Tableau via full visibility and stop credentialed access threats for all data in Snowflake, regardless of access point:

The next phase expands user-level observability and data access controls to Tableau shared service accounts, plugging a large security hole and significantly reducing risks associated with shared connections; real-time control over all data sharing use cases; and Snowflake alerts and anomaly signals fully integrated into Snowflake Security Data Lake.

Phase 3) Extend to Enterprise Applications with a single view of the truth for all data consumption and stop direct access threats to data across the enterprise:

The final phase extends governance to enterprise datastores accessed through applications and services; adds tokenization to protect sensitive PII at rest, in motion, and in use; and delivers enterprise-wide visibility over all sensitive data consumption directly into Snowflake Security Data Lake. This phase also greatly informs the enterprise on which data stores are the highest priority candidates to migrate to Snowflake.

These phases move the organization’s data governance maturity from Evolving through Advanced to Innovative. By the final phase, the institution will have a single pane of glass delivering visibility of data usage and security across the entire enterprise.

Several features of ALTR’s platform were attractive to the CISO and key to the decision to move forward: the SaaS-based solution and no-code integration with Snowflake; user-level visibility through Tableau Shared Service Accounts; ALTR’s unique drivers, proxies and API connections to expand across the enterprise, additional data sources and on-prem and in cloud applications; and the ability to deliver all alerts and signals to Snowflake Security Data Lake – regardless of source – enabling the security team to bring all enterprise data stores under security data lake surveillance.

While evaluating this approach to data governance across the business, the security team laid out a requirement that the line of business data owners implement an updated role-based-access-control strategy to better manage data access. The existing process led to a multitude of issues including poor client experience, difficulty knowing what dataset to request, who should be given access, and more. To resolve these, the team worked with a consultant to create a strategy to reduce more than 2000 Snowflake roles down to 20 across hundreds of Snowflake databases. With ALTR in place, the line of business team will be positioned to automate data access based on the policies associated with those roles.

ALTR’s API layer allows it to plug into the organization’s automated data management process so that data governance controls are updated along with other systems, such as data migration and analytics tools, whenever there is a new a business-level decision to change data availability. This reduces time to access and the possibility of human error, enabling the organization to store, move and securely share massive amounts of data efficiently at scale.

The ALTR solution removes the traditional data security vs data team issue: meeting the security team’s requirements without putting an additional burden on the LOB. In fact, it actually made their jobs easier.

Solving the data security problem across the enterprise

In the past, data teams saw security as an obstacle while security saw data teams as a liability and a risk. With this enterprise-wide strategy, made possible by ALTR’s solution, the security team is enabling business projects by owning the governance and security, so data teams can focus on getting value from data. Both sides get what they want. And the firm surges ahead of the competition as a leader in FinServ data governance and security.

According to the CISO, “With ALTR’s integrations and scalability, I’m not just solving for this problem on Snowflake – we’re just starting with and building on Snowflake. We’re embracing a solution that can solve this problem across the enterprise for us. And we can roll it out to the line of business because we’re making their lives easier.”