Immuta + Snowflake

Simplify and Automate Snowflake Data Security & Access Control

Immuta partners with Snowflake to provide end-to-end data security and access control. With Immuta, customers can discover sensitive data, write dynamic data policies leveraging attributes (not roles), and detect risky user behavior.

Snowflake Data Access Control

Built on top of Snowflakes’ foundation controls, Immuta provides Snowflake customers with advanced security, access control, auditing, and privacy management. Data-driven organizations that have moved to Snowflake can now add Immuta to simplify, automate, and scale their data operations and data sharing.


Benefits of this partnership

Automated Access Control and Data Security

Author data policies once and enforce everywhere, even as data sets and users grow, without managing an explosion of roles.

Plain Language Understandable Policies

Empower policy stakeholders to manage access without specialized SQL engineering resources.

Policy Auditing and Versioning

Easily prove proper data use and compliance against data use agreements.

  • Immuta is a Premier Snowflake partner
  • Immuta integrates with Snowflake's Data Lineage product

As a founding member of Snowflake's Data Governance Accelerated program, Immuta leverages Snowflake’s native data governance capabilities to simplify and automate enterprise-wide data access controls for Snowflake customers. We value our partnership with Immuta, which can enable Snowflake customers to expand their consumption in a secure and governed manner, to get maximum value from their Snowflake investment.

Jeff Lee Technology Alliance Director

Frequently Asked Questions

What is Snowflake dynamic data masking?

Snowflake dynamic data masking entails the application of masking policies that scale and apply automatically to your sensitive Snowflake data without requiring the copying or moving of information. These masking policies can be created manually in Snowflake by an organization’s data security and/or data privacy officer(s), an in turn be applied to relevant rows and columns in Snowflake data sets. When supplemented by Immuta’s dynamic policy creation and orchestration, these masking policies can be written once and applied universally across your entire data ecosystem. This adds an extra layer of automated privacy and security to your organization’s Snowflake data.

What are best practices for data masking in Snowflake?

To effectively implement data masking in Snowflake, teams should first ensure that their data stack includes tools that enable sensitive data discovery and classification. This will ensure that any sensitive PII and/or PHI that is added to their Snowflake ecosystem is identified appropriately. Secondly, teams should make sure that masking policies are enforced consistently across their storage and compute platforms, rather than needing to manually reinforce them at every point of storage and/or access. Once sensitive data is correctly identified and masking policies are implemented accordingly, data masking can be applied invariably throughout Snowflake data ecosystems.

What is the Snowflake data exchange?

The Snowflake Data Exchange is a collaborative data hub that allows users to share data with their entire ecosystem–both internally and externally–securely and at scale. When enhanced by Immuta’s dynamic access policies, Snowflake users will not be required to update policies and permissions for each and every share they make. Instead, the data sharer can create a project in Immuta and adjust the sharing “entitlements” to encompass only the information they’d like to share with a given party. Once this is complete, the Snowflake Data Exchange can be leveraged to share this specified information directly between user and consumer, removing bottlenecks while maintaining data security.

How do you build a Snowflake masking policy?

Data teams can manually build a Snowflake masking policy based on role-based parameters. Using conditional expression functions, context functions, and UDFs, teams can construct SQL policies that mask data based on a specific user type and their role within an organization. With Immuta, a Snowflake masking policy can be created once in plain-language terms and applied dynamically across all parts of both your Snowflake platform and greater data ecosystem. This policy will be built using dynamic attribute-based access controls (ABAC), and can scale as you add more and more data to Snowflake. Masking policies can also be built manually in Snowflake, by creating roles for relevant user types and building static masking policies around these relevant roles.

See what’s trending

Thought leadership in data security and privacy + Immuta news

Simplify and Automate Data Access Control