With the California Consumer Protection Act (CCPA) and General Data Protection Regulation (GDPR) now in full swing, the regulatory landscape for businesses has never been more complicated. Consumers are increasingly aware of cybersecurity in their daily lives, and they are demanding better protection against these threats when using online services.
Despite this crackdown on data protection, there were still massive data breaches in 2019. The largest fine on record was given to British Airways in July 2019, at a staggering $230 million under GDPR after more than 500,000 individual customer names, billing addresses, email addresses, and card details were compromised.
Adherence to compliance policy comes from intelligent database design, not the database itself. You could use the most innovative, modern database software on the planet, and still risk data breaches due to improper identity access management (IAM) and data sensitivity categorization.
Snowflake and Compliance Management
Snowflake is a leading data warehousing and analytics platform that uses serverless computing to improve data protection compliance management. Specialized compute clusters handle database processing, and employees interface with your database through a master node abstraction layer. This centralizes your point of access, unifying individual database clusters behind a single, easily managed entry point.
Let us explore some of the security features on the Snowflake platform.
IP-Level Network/Site Access – Snowflake offers IP whitelisting and blacklisting functionality, which is easily managed using its graphical user interface (GUI).
This allows you to set static IP addresses for each department and whitelist or blacklist the IPs in line with your data access policy. You lack granular control with this method, but they also offer account-level access management.
Identity Access Management (IAM) – For more fine-tuned control, you can use IAM on the Snowflake platform to control your data access policy.
Every individual network user can be permitted or blocked from accessing information depending on their security clearance. This management functionality can be as narrow as per-object in a database with proper categorization and tagging of data, maximizing accessibility, and minimizing risk.
SSO And MFA – Single-sign-on (SSO) and multi-factor authentication (MFA) can further bolster your database security arsenal.
With SSO, you can simplify day-to-day computing for employees by omitting the need to enter login details when accessing your database. Employees will often decide to use the same password for each program, increasing the number of attack surfaces and impeding security policy adherence. By centralizing your account credentials, you have more visibility into potential security issues, improving security compliance.
MFA adds a second authentication requirement during login. This means if a third party obtains an employee's login details, they still won’t have the security key needed to get into your systems.
Automatic Data Security – Snowflake automatically secures all the data you store using either AES 128/256-bit end-to-end encryption (E2EE). This covers both at-rest and in-transit data processing, securing both your stored datasets and data transmitted over the internet.
During loading and unloading of data, Snowflake can downgrade the encryption level to 128-bit, offering a 40% or higher performance boost due to reduced CPU overhead. It is always possible to force AES 256-bit, but you will use more processing power and increase your costs—albeit with higher overall security.
With their enterprise tier, you can perform periodic rekeying of encrypted data. Much like changing the locks on a property after a tenant moves out, rekeying your encrypted data will ensure long-term security. By compartmentalizing datasets, you reduce the amounts of data using the same decryption key, reducing the scope of cyberattacks in the event of a breach.
Securing Your Data with Snowflake and Trianz
Trianz is a leading data compliance management and data warehousing consulting firm, with industry-leading knowledge on data protection best practices. We have partnered with Snowflake to give our clients access to the bleeding-edge of data security management. Our team of consultants will work with you to assess, plan, and undergo your database migration, bolstered by the cloud-native security features on the Snowflake platform.
Get in touch with our data compliance management team to learn how Trianz can help you shield your customers' data from attackers before it’s too late.
