Snowday was full of surprises. I was ready to see loads of exciting new features. I wasn’t prepared to see a llama on stage. And while the llama was definitely a show-stopper, it was Snowflake Horizon, Snowflake’s new integrated data governance solution, that stole the show, in my opinion. In this post I want to delve into some of Snowday’s security highlights. Lets begin.
Compliance:
Data Quality Monitoring
Snowflake is introducing new features to monitor data quality. Snowflake is introducing a library of predefined metrics to track data quality. Moreover, users will be able to create custom metrics to accommodate monitoring to their own standards and needs. Finally, they will be able to automate and schedule the execution of this metrics. This, combined with Snowflake’s ‘alert’ functionality will allow users to create custom responses to metric results, such as notifications or the execution of particular actions. All this information will be accessible in a centralized table in your account.
Data Lineage UI
In the future, users will have access to an interactive interface providing an overview of an object’s lineage. This has obvious benefits, such as tracking the impact of modifications on downstream objects. Less obviously, users will be able to follow and alter the propagation of tags, simplifying management of access and masking policies.
Security:
Adding data to Snowflake necessarily involves giving up a certain degree of control over that data. The following measures show that it need not mean giving up any security.
Shared responsibility model
The shared responsibility model is a framework clarifying the division of security responsibilities between different actors in the Snowflake platform, accross different areas. These actors include the customer, Snowflake and the Cloud Service Provider.
Center for Internet Security (CIS) Benchmark
The CIS benchmark is a set of industry-recognized best practices and configurations. One of its purposes is to make it easier for customers to verify and ensure that they are adhering to security best practices. It contains guidelines for Snowflake and Cloud Service Providers too.
Trust Centre
Trust center is a new interface to discover security risks and make recommendations to solve them. It aims to streamline and centralize security monitoring. It will quickly scan your account searching for security violations based on the remove aforementioned CIS Benchmark. This will generate a chart of violations over time, ranked and color-coded according to their severity. It will also allow you to examine each violation in detail, probable consequences and course of correction.
Privacy:
Differential Privacy
Differential privacy will ensure that query results do not contain sensitive information. Customers will be able to share sensitive information without masking or pre-aggregating. This allows analysts to analyze without intruding. It has two key elements:
Noise is added to results:
A carefully tuned amount of noise is added to each query based on its sensitivity. As a result, safe queries will yield statistical insights while revealing queries will cover sensitive information.
Privacy budget tracking:
Even with noisy results, information about underlying data is still revealed. Differential privacy allows us to quantify this ‘privacy loss’ and stop queries before the privacy bufget is exceeded.
Further Reading:
https://www.snowflake.com/en/data-cloud/horizon/
