How OvalEdge Provides AI-Powered Access Management in Snowflake

How OvalEdge Provides AI-Powered Access Management in Snowflake

When you opt for a data management or storage solution, you always consider the security implications. You want to ensure your data is always safe, but how often do you consider compliance? Many users seem to forget the devastating fallout from operating outside of regulatory frameworks but do so at your peril.

Of course, there are the fines, which often equate to millions of dollars, a crippling amount for most companies. Then there is the erosion of your brand, the lack of trust users have in your organization if you fail to deal with their data to the letter of the law. And this has a massive impact on customer attrition. The fallout of poor data governance isn’t just a hit; it has a cascading domino effect. Can you afford to take the risk?

OvalEdge integrates with Snowflake in every aspect of data governance. However, this blog will focus on how OvalEdge technology supports data access management on the Snowflake platform, providing users with advanced access features beyond simple masking.

Related Post: How End-to-End Data Governance in Snowflake Supports Business Agility

Standard Access Management in Snowflake

Snowflake provides robust access control and data masking features, enabling users to enhance their security by obscuring sensitive, confidential, or PII data. Users can easily restrict or mask any specific attribute by navigating to Snowflake's administrative module or API, ensuring only authorized personnel can access particular data.

However, most companies have vast numbers of objects with millions of associated attributes. Given this vastness and complexity, pinpointing which attributes to mask to ensure full-spectrum data security is impossible to carry out manually. And, in many cases, if even a single piece of sensitive information is unmasked and publicly accessible, the consequences from a data privacy compliance perspective can be grave.

That's why a governance process must be in place to identify which attributes should and shouldn't be masked. When this isn't present, as with Snowflake's native tools, users are often concerned that they may have failed to catch all of the data that required masking and instead mask too much. This hinders widespread access, and as a result, innovation suffers.

OvalEdge enables users to decide which attributes should be masked and which shouldn't through well-defined, department-specific processes.

Related whitepaper: How to Ensure Data Privacy Compliance with OvalEdge

Access Management in Snowflake With OvalEdge: How Does it Work?

OvalEdge enables Snowflake users to boost data security and undertake comprehensive data access management using the following methodologies:

Design policies and workflows based on classification and department: Within every organization, there are multiple departments and business units, and each will require various levels of data classification. The first step to developing a dynamic data access strategy is to ask each department to decide which level of access they want to attach to the data under their stewardship.

This means defining a department-centric data access policy that states the level of classification required, be that PII, Sensitive, Confidential, or another suitable category, who should be allowed to access the data and the classification process. For example, a company's Sales team may classify General Sales data as Sensitive but not Confidential.

Use AI and ML to identify all the data objects in that classification: Individual departments must appoint one or more representatives to define the classification process and identify the specific attributes they wish to classify. These attributes are marked, and teams can then use OvalEdge AI and ML tools to find all of these attributes within the data, regardless of how much there is to scan.

This automated system supports the human level of curation and incorporates guidance from well-defined processes, enabling organizations to quickly mask data in Snowflake based on specific classification levels.

Design a self-service process for unclassified data using metadata: Companies or departments may sometimes be reluctant to rely on masking to protect the most confidential data. For example, a Finance department may wish to make a company's balance sheet inaccessible to all users because the ramifications of any accidental leak are too high. In this and other related instances, companies require an extra layer of security that relies on specific access requests for unclassified data assets.

OvalEdge provides a self-service shopping cart experience for data access management natively unavailable in Snowflake. Using the OvalEdge Access Cart, users can request access to specific data assets and send that request for approval. If granted, access is configured in OvalEdge, and the user can access the data in Snowflake.

In Snowflake, the options for data access are yes or no. The user can't get a glimpse at the data available because it is masked. With OvalEdge, users can view the metadata and, based on this metadata, learn which data objects may support a specific project and request access to that data.

It's like having a jewelry cabinet with a locked door. In Snowflake, the door is solid steel. If a piece of jewelry is deemed too precious to be handled by the general public, the door remains locked and obscured. However, in OvalEdge, the door is toughened glass so users can look inside. While taking any jewelry at will is impossible, catalog users can peer into the cabinet and see what's available before requesting the particular item.

Related Post: Data Security in Snowflake Via OvalEdge

Identifying Sensitive Fields in OvalEdge

While Snowflake's native architecture requires users to manually search for sensitive fields in data sets, OvalEdge enables this functionality automatically. Here's how it works:

  1. AI-driven recommendation engine identifies sensitive fields
  2. Users set up masking policies
  3. Masking policies are synched with Snowflake
  4. Users set up tag-based policies
  5. Tag-based policies are synched with Snowflake

Snowflake Integration Architecture

Pictured below is OvalEdge’s Snowflake integration architecture.

OvalEdge and Snowflake Integration Architecture

Wrap Up

Snowflake's masking capabilities are unequivocally effective. Once initiated, they do as they promise, blocking any public access to data that administrators have prohibited, but these restrictions shouldn't hinder the path of invention.

Data-driven innovation is dynamic and reliant on the volume and diversity of the data available. When data rules are too rigid, this capacity for innovation at scale is stifled. That's why it is important to inform Snowflake's masking approach with comprehensive, flexible data governance policies.

OvalEdge not only provides this functionality but does so in a way that enables Snowflake users to apply policies created in OvalEdge to the Snowflake platform seamlessly. Snowflake is a potent tool that can change an organization from the inside out, streamlining digital transformation.

However, the platform supports integrations for a reason. Dedicated tools like OvalEdge enable users to make the most of Snowflake without compromising.

What you should do now

  1. Schedule a Demo to learn more about OvalEdge
  2. Increase your knowledge on everything related to Data Governance with our free WhitepapersWebinars and Academy
  3. If you know anyone who'd enjoy this content, share it with them via email, LinkedIn, or Twitter.