ALTR Brief: Snowflake Cybersecurity Investigation

Tax and Compliance Software Vendor Bolsters Security and Simplifies Data Complexity with ALTR

The Situation

Tax Day, April 15th (or 18th), is notorious in the United States for tax filers’ stress and anxiety. Many individuals spend hours navigating the complexities of tax preparation, often feeling uncertain about the accuracy of their filings. In a parallel scenario, data teams grapple with the DIY approach to data governance and security, struggling to protect and comply with sensitive data. 

ALTR’s customer, a privately held tax preparation and financial technology company, serves over 10 million customers annually by enabling electronic federal and state tax return filings. This massive operation generates a vast amount of highly sensitive, personally identifiable information (PII) that must be safeguarded responsibly. Compounding the challenge, the company’s workforce swells by nearly 200% during tax season, necessitating hiring hundreds of temporary workers.

The Federal Trade Commission (FTC) mandates stringent data security practices for tax preparation companies to safeguard stored PII, with severe legal consequences for non-compliance. Recognizing the imperative to securely store and protect entrusted sensitive data in Snowflake while simplifying processes for internal and third-party data users, the company turned to ALTR as the ideal solution for its data governance and data security needs.

The Challenge

  • Complex and time-consuming manual data policies in Snowflake
  • Adherence to strict compliance regulations
  • Lack of visibility and control over data access via service accounts

Simplifying Previously Complex Data Policies

The data owners within this organization acknowledged the substantial effort involved in tasks such as data discovery, classification, and the creation of manual data masking policies in Snowflake. These activities consumed significant hours and necessitated repetitive manual action whenever a new policy was introduced. 

Closing and Perfecting the Audit Loop

From a compliance standpoint, the organization required a robust data governance solution to finalize and enhance its audit and compliance procedures. They needed to identify sensitive data, track who accessed it, and provide evidence of its protection. The entire reputation of this customer hinges upon their role as a trustworthy custodian of their clients’ highly confidential financial data.

Limiting Data Access to Service Accounts 

After gaining a clearer picture of data flow and a deeper insight into which users and roles interacted with sensitive information, this organization assessed the usage patterns of third-party organizations that had been granted access to Snowflake. 

The customer became aware of a common practice among their developers: granting service accounts, like SSIS, Heap Analytics, and Marketo, unrestricted access to all data in its raw form due to their busy schedules. Consequently, they sought a solution to comprehensively track and restrict the data access of these service accounts, including understanding what data they accessed, how they accessed it, and how frequently they did so.

The Solution

Discovery and Classification 

The initial phase of ALTR’s solution plan for this customer was Data Classification in Snowflake. ALTR offers two options for Classification –Snowflake Native Classification, a Google DLP extension within ALTR. Both options yield a robust classification report identifying any columns that contain sensitive data, making it infinitely easier to determine what data should be subject to governance policies.

Side Note: ALTR’s Discovery and Classification are FREE for life on Snowflake. Get connected today to understand your data better. 

Correct Access for Service Accounts 

Granting access to specific data sets, whether for a role or a third party, doesn’t automatically imply unrestricted access at any time. 

Previously, their data team granted unrestricted access to plain-text data to all third-party vendors, exposing them to compliance risks and security breaches. ALTR swiftly empowered this customer to establish precise data access policies. ALTR’s patented thresholding capabilities enable them to trigger alerts or block queries when predefined thresholds are met, providing near-real-time security for data access.

Simplified Masking Policies for the Non-Technical Data User

Writing manual masking policies for unique data users was a heavy lift for this customer.

ALTR’s masking policies allow data users to quickly and effortlessly limit data access based on tags or columns. They can also define roles with access to data and specify how those roles are allowed to utilize the data. Our diverse masking options empowered this customer to maintain control over sensitive data access while ensuring its usability when needed.

ALTR’s point-and-click UI gave this customer digestible and documented masking policies. Had this customer chosen to DIY these policies, it would be challenging to prove policy accuracy, and replicating these policies would be tedious and time-consuming, not allowing our customers to seamlessly scale as needed. ALTR allowed this customer to instantly observe the creation of masking policies and witness their real-time application to the dataset, saving them time and ensuring immediate implementation of the correct procedures.

The Result

  • Reduced masking policy creation time from 3 hours to under 35 seconds 
  • Increased the amount of protected data in their database sixfold
  • Enhanced visibility and control of data access and usage
  • Guaranteed adherence to compliance regulations

This customer is now fully running a data governance and data security strategy with ALTR. To date, they’ve connected numerous databases, run multiple weekly queries, regularly classifying data, done multiple tag import jobs, and have numerous unique roles querying data within the ALTR platform. This customer regularly runs classification jobs in ALTR, guaranteeing they consistently have a handle on what data they have access to and ensuring all tags, policies, and access levels are up to date.  

ALTR was the only complete data governance and security solution that could provide this customer with simplicity, extensive, and scalable solutions. Because of ALTR’s SaaS-based architectural advantages, we were able to efficiently help this customer increase utility and decrease data complexity – allowing them to gain value from their data more quickly in Snowflake.