As modern organizations look to innovate with agility, migrating to the cloud enables them to unlock data’s value at scale. Leading cloud data platforms like Snowflake allow data teams to store and analyze mass amounts of data, all while providing access for an ever-increasing number of users and use cases. And while there are a myriad of challenges organizations face while migrating data to the cloud, there are also a range of ways in which teams are overcoming them.
At the 2023 Snowflake Summit, Vice President of Data and Model (AI/ML) Governance and Ethics at Thomson Reuters, Carter Cousineau, shared her team’s cloud migration experience. In this blog, we’ll highlight how Thomson Reuters used Immuta to implement effective cloud data protection measures across Snowflake workloads, allowing the team to surmount various cloud migration challenges and continue driving innovation.
Thomson Reuters’ Cloud Data Protection Challenge
As a leading provider of trusted content and technology that helps companies make the right decisions, Thomson Reuters relies heavily on the ability to gather and analyze cutting-edge data. This requires seamless real-time access to information, as any significant delay reduces the accuracy and impact of these decisions. To keep up with the demands of its industry, Thomson Reuters recognized the need to move past its existing on-premises data architecture and into the cloud.
Migrating to the cloud would allow Thomson Reuters to evolve its data storage and access capabilities, while also enabling continued artificial intelligence (AI) tool development to enhance analytics. When discussing her team’s cloud migration goals, Cousineau listed “being able to enable cloud data, retire legacy systems…enable faster time to move, scale your data, and have the ability to scale your users as well” as high priorities.
The challenge? Moving data to the cloud and using it to train new AI models inherently increases risk. But refusing to migrate and sticking with outdated legacy tools would prevent Thomson Reuters from providing the up-to-date insights its clients require.
This led to what Cousineau referred to as the “cloud data security dilemma.”
“How do we ensure everyone has the right, appropriate access and your data is protected, while on the same coin being able to be business-agile and create innovation across your organization and not be left behind?…There's very few examples where there's a sole data producer and sole data consumer. If there was, it would be a lot easier to ensure you have the right access and security in place.”
Ultimately, Thomson Reuters needed to strike the balance between cloud access and security, and mitigate risk to continue supporting data users and use cases.
How Thomson Reuters Modernized Its Cloud Data Protection
How did the Thomson Reuters team migrate to the cloud while maintaining cloud data protection? Cousineau credits their success to the following measures:
Improved Organization-Wide Visibility
“Creating the visibility, I would say, is the biggest takeaway that I would hope you come out of this session [with]” Cousineau told the Summit crowd. Thomson Reuters needed a system that could provide stakeholders with real-time data visibility, regardless of where they sit in the data ecosystem–from data producers, to end users, consumers, and beyond.
“Whether you’re the producer or consumer side, as you look at seeing how that data moves across your organization…[it] can start to allow you that visibility and transparency and the comfort of knowing you have the appropriate access and security in place,” said Cousineau. While her team had the capacity to migrate and scale operations in the Snowflake Data Cloud, they needed an integrated tool that could facilitate growth while maintaining oversight and security.
To enhance its cloud data protection, Thomson Reuters leveraged Immuta’s data monitoring and detection capabilities. Continuous data ecosystem monitoring provides organizations with consistent oversight of data activity. It also gives governance, risk, and compliance teams better visibility into data activity, whether it be in data workflows or data transfers. This creates both protection at scale and peace of mind that data is being used by the right people for the right purposes.
Cross-Domain Data Tagging
To fully leverage their cloud capabilities across various business offerings, the Thomson Reuters team needed to host data in various different Snowflake domains for unique purposes and use cases. Creating distributed domains drives data democratization and allows teams to work on specific initiatives like testing generative AI and training new large language models (LLM).
However, distributing data across domains causes additional risk. The more widely distributed resources are, the larger the surface is for malicious attacks or accidental leaks. To combat this, the Thomson Reuters team needed to not only monitor activity in their ecosystem, but also have a comprehensive understanding of their data resources. This necessitated cross-domain data tagging and classification capabilities, something Immuta’s native Snowflake integration was able to easily provide.
With Immuta’s data discovery and classification, Thomson Reuters was able to apply standard tagging to its data from the outset of the cloud migration process. Cousineau noted the importance of tagging from the very beginning.
“Getting to know your organization and what tagging you would need at a minimum…is always something that is good to land as early as possible, and then key to the business outcome,” she said. By classifying and tagging sensitive data from the start, the team was able to scale domain access and security with a greater understanding of the types of data involved and how best to protect them in the cloud.
Balanced Governance & Access
At the core of the “cloud data security dilemma” is finding a working balance between modern data governance requirements and user access needs. Like Thomson Reuters, any organizations that work with data are subject to a number of regulatory compliance standards meant to ensure data privacy and cloud data protection. But they also need to ensure that time-to-data is not impacted by the need to secure data with governance and compliance controls.
The Thomson Reuters team could set up data security governance controls in Snowflake that met their compliance needs, but they still bottlenecked access for users. Manually building, implementing, and approving roles and policies added extra time into the data access process that was costing time and money. Without Immuta, Cousineau shared that the Thomson Reuters governance team faced consistently timely manual work, going through the processes of “the request[s], the approvals, identifying your data, implementing controls, and logging access.”
Using Immuta’s automated policy enforcement capabilities, the team found that they were able to “take the request and approvals, [and] move them through the identification of data and management of controls…in a more automated fashion and in a centralized view.” By automating the data access process and providing centralized access control capabilities, Immuta enabled Thomson Reuters to expedite time-to-data and time-to-value for their users without sacrificing governance or security. Not only does this free up data engineering and governance teams from excessive review and approval tasks, but it has also driven results like:
- A 60x increase in usage of data in Snowflake across the organization
- Higher levels of productivity across teams
- One global subscription policy automating access across all domains
Immuta + Snowflake for Scalable Cloud Data Protection
“When you look at data access and security, this is something that I can say you want to get right,” said Cousineau at the close of her presentation. “And you want to get it right from the start.”
By choosing to leverage the Snowflake Data Cloud and Immuta Data Security Platform from the start, the Thomson Reuters team met the “cloud data security dilemma” head-on to achieve a successful, secure, and scalable cloud migration with effective cloud data protection. Through a single global subscription policy that automates data access across all domains, Thomson Reuters can protect tagged sensitive data while still providing flexible and timely access to users.
To learn more about Thomson Reuters’ experience with Snowflake and Immuta, you can check out this case study. To dig deeper into how Immuta and Snowflake distribute ownership and secure data ecosystems, download Powering Your Data Mesh with Snowflake & Immuta today.
Powering Your Data Mesh with Snowflake & Immuta
Learn more about distributing ownership while maintaining security.
Learn More