Thomson Reuters (TR) informs the way forward by delivering trusted content and technology that professionals and institutions need to make the right decisions.
The company enables professionals and institutions to drive meaningful impact in society through purpose-driven content and technology. It is modernizing the pillars of society through the digitalization of the tax and legal professions, the free press, commerce, and the rule of law, and elevating the way professionals and institutions work.
The company uses technology to make information more relevant and personal, and to deliver it to customers faster. Thomson Reuters has over 26,000 employees globally, with software engineers, systems architects, operations experts, information security specialists, technical support analysts, and data scientists designing and developing products that it believes will significantly advance customers’ experiences.
Challenge
Thomson Reuters (TR) sought to modernize its business by embarking on several major transformations: pivoting to cloud, transitioning from being a holding company to an operating company, and, perhaps most importantly, evolving its data, analytics, and artificial intelligence (AI) capabilities.
To develop and execute a data and analytics strategy, the company formed teams to deprecate old data warehouses, unify data products, and mature data, analytics, and AI governance capabilities across the enterprise.
Data access was a priority. We were looking for a tool that would bridge the gap between our governance needs to address data access and security, and it had to scale with our data."
As part of its digital transformation journey, Thomson Reuters aimed to simplify its tech stack and move its data to Snowflake. However, the process presented a few hurdles, including the need to build a system to manage and account for data access. Developing such a system in-house would have been an error-prone distraction from core priorities.
Relying on manual data management processes and legacy approaches was not feasible for a large organization like Thomson Reuters. Translating technical governance roles to non-technical stakeholders added bottlenecks and inefficiency to the data pipeline processes, and ensuring compliance with internal and external requirements and regulations required additional time and resources to build, implement, and approve.
Solution
To reach its data goals, Thomson Reuters needed an efficient, scalable way to manage access against data policies. Ultimately, it leveraged the Immuta Data Security Platform, integrated with Snowflake’s security architecture, to rapidly and safely deploy new data workloads in the cloud.
We chose Immuta because it met our requirements and was capable of handling the complexity and scalability of our operations."
Thomson Reuters had several key requirements for its data security solution, including scalability and future-proof capabilities. Other solutions would require significant resources and overhead to grow with the company. In addition, the data team needed a solution that could seamlessly integrate with its existing tech stack, without requiring the adoption of multiple new technologies. End-users also needed a seamless and secure experience.
Moreover, the company wanted to bridge the security-utility divide by ensuring that data was both secure and supportive of analytics functionality, rather than relying on legacy security approaches that were impractical for getting results at the pace of business.
With Immuta, Thomson Reuters can manage access to Snowflake tables by administering Snowflake row access policies and column masking policies, allowing users to query tables directly in Snowflake while dynamic policies are enforced. Users can then leverage the Snowflake Web UI, PowerBI, and Tableau to query protected data natively in Snowflake, so there are no impacts to workflows or additional overhead required.
Outcome
Thomson Reuters realized several operational efficiencies and revolutionized organizational culture regarding data security. Currently, 25% of domains have migrated to Immuta from the legacy security capabilities with a goal of reaching 100%. With Immuta, their goal is to provide data security across all domains with just one global subscription policy governing 10,000 tables within 200 data sources, rather than manually managing access based on user roles.
Because we don't have to worry about the problems Immuta is solving, we move a lot faster in trying to solve the problems that are inherent to large mountains of data sitting in one place."
All Snowflake users are automatically subscribed to tables that do not contain confidential information, instantly broadening access across the organization. At the same time, fine-grained access controls ensure that only the right people can access the right data. For instance, financial analysts can be shown data needed to evaluate economic trends without being exposed to personally identifiable information.
“Immuta absolutely can increase the speed of our development because Immuta gets to focus on what they’re good at, which is data security,” said Cousineau. “Because we don’t have to worry about the problems Immuta is solving, we move a lot faster in trying to solve the problems that are inherent to large mountains of data sitting in one place.”
By separating policy from platform, Thomson Reuters can efficiently centralize and scale consistent security and access control while breaking down data silos across the enterprise. Furthermore, data owners author their own policies in plain language and are easily understood by governance and security stakeholders, fostering a culture of trust across the organization.
With Immuta managing data security and Snowflake enforcing it, Thomson Reuters is poised to accelerate innovation and unlock more value from its data for years to come.