Automating Snowflake Data Governance for Cloud Data

Organizations are accelerating adoption of modern data stacks to empower growing numbers of internal and external data consumers. However, according to the 2022 State of Data Engineering Survey, 88% of respondents indicated their organizations are subject to one or more data use rules or regulations that threaten to stifle new workloads.

In response to this trend, Immuta enables organizations to automate and simplify Snowflake data security and policy management to scale cloud workloads. Data teams using Snowflake can now seamlessly implement Immuta’s universal cloud policy authoring, which independent research from GigaOm showed reduces policy management burden by up to 75X.

Beyond Snowflake, Immuta gives data teams the ability to:

  • Impersonate end users of other systems such as BI tools
  • Discover sensitive data using custom classifiers based on confidence levels
  • “Approve to Promote” workflows to manage the SDLC for policy enforcement in the most sensitive data environments

In this blog, we’ll explore Immuta’s key innovations for Snowflake.

The Ultimate Guide to Data Access Control in Snowflake

Content Bundle

Download Ebook

Enhanced Snowflake Integration for Seamless Adoption & Simpler Operations

Our enhanced integration with Snowflake provides data teams the ability to seamlessly deploy Snowflake’s row access and column masking policies, as well as leverage object tagging. Snowflake users also benefit from Immuta’s universal cloud policy authoring, and highly scalable and evolvable attribute-based access controls (ABAC).

Immuta previously managed dynamic ABAC policies using secure views in Snowflake. With the introduction of native governance capabilities from Snowflake, Immuta fully automates native access controls and tagging to scale adoption without impacting data consumer workflows.

Impersonation for BI Tools on Cloud Data

The numbers of end users and BI consumption technologies (Tableau, Looker, etc.) are increasing. Enabling seamless, effective policy enforcement across those users and systems is becoming ever more critical, yet it remains a path filled with friction.

The next progression in Immuta’s impersonation enables organizations to enforce access control policies for each end-user from business intelligence (BI) dashboards, such as Tableau, which use service accounts that otherwise bypass policies for users with different access levels. With this capability, Immuta uniquely enables data teams to publish sensitive data to BI tools without any disruptive changes or risk of a data leak.

Organizations often are unable to publish dashboards from BI platforms using service accounts. While this approach is common, it can bypass fine-grained access policies in SaaS data platforms such as Snowflake, Amazon Redshift, and Azure Synapse. Snowflake users with Immuta can impersonate each end user to restrict access based on existing policies, without any disruptive changes or risk of a data leak.

Enhanced Sensitive Data Discovery (SDD)

The geometric nature of data from an expansion and data type (volume, type) perspective means that automating any key facet, such as sensitive data discovery, is critical. This approach can yield enormous benefits, including more accurate detection of personally identifiable information (PII) at scale.

Immuta provides customers the ability to greatly improve classification by adjusting and customizing aspects of SDD. Users are able to create custom classifiers, in addition to Immuta’s 60+ built-in classifiers. Ultimately, with effective, functioning SDD, they will be better able to build effective global policies.

Without this feature, organizations are unable to create custom classifiers, such as identification numbers from health insurance cards, and tag them based on a confidence level determined by the discovery process. Immuta can discover and tag domain-specific and custom classifiers based on a desired confidence level across hundreds or thousands of fields. For example, organizations wishing to take a conservative approach to governance may tag all unique insurance identification numbers when confidence level is > 80%.

Approve-to-Promote for Increased Visibility into Policy Approvals

Approve to Promote enables organizations in industries that have stringent audit requirements, such as financial services, healthcare, and the public sector, to ensure that policies are approved by all necessary users and are auditable before being pushed to production.

This avoids the need for organizations to develop their own workflows to promote Immuta policies to production systems with full policy auditing. Immuta’s Approve to Promote feature allows organizations with policy audit and validation obligations to require a certain number of users to approve authored data policies before they are promoted to production systems. This is an increasingly common requirement for organizations operating highly sensitive data environments.

Additional Capabilities

SQL Auditing Functionality

With Immuta acting as the central control pane between raw data and end users, data teams can now audit everything that is happening in their data ecosystems, such as tracking requests, policy changes, usage, and query execution – all in real-time.

Getting Started

Customers can leverage Snowflake data governance automation and other innovations for cloud data platforms on Immuta’s SaaS deployment. If you’re new to Immuta and want to see how we work together with Snowflake, as well as other cloud data platforms, request a demo with one of our team of experts.


Related stories