How to Control Access to PII in Snowflake with Satori

Organizations are adopting Snowflake to accelerate time to value (TTV) from their data by enabling more people access to more data. Enterprise data warehouses such as Snowflake have become an aggregation point of disparate data sources and systems, but with great power comes great risk. When organizations provide broad access to data, they risk data misuse or leaks.

 

Personally Identifiable Information, or PII, is any data that could potentially identify an individual or that can be used to distinguish one person from another. Broadly, PII can deanonymize previously anonymous data. Such data is widely available in many business-to-consumers (B2C) and business-to-business-to-consumers (B2B2C) environments. Actions and information generated by end-users (consumers) are being accessed, processed, stored, analyzed and reported on by increasing numbers of  employees.

Protecting PII Today

Protecting against misuse or leakage of PII is challenging and raises many questions: Where is the PII? Who should have access to it and for what purpose? Should PII data sets be quarantined? Should they be anonymized?

 

Did I mention that this is a challenging process? For most organizations, protecting PII borders is impossible. That’s why organizations take on a step-by-step approach: deploy a classification solution to identify the location of the PII, funnel data store query logs to a security information and event management (SIEM) software, scan those logs to correlate queries about the PII’s location, and so forth.

 

 

A Much Simpler Approach

Satori’s secure data access platform allows organizations to transcend the challenges described above by using a different, unique approach—identifying PII in motion, as it’s being accessed, and making a decision on whether to allow access in real-time. By shifting the data classification task from an ongoing background process to a real-time activity, correlating data access logs to where PII resides becomes redundant. This modification increases protection accuracy and reduces the effort required in deploying enterprise data protection.

 

Setting a policy to monitor unauthorized access to PII with Satori is as simple as it gets. For example, the following straightforward policy would generate an alert when users that are not the Snowflake administrators try to access PII:

 

rules:
  - name: "Alert on access to PII"
    action: alert
    data_tags:
      - c12n.pii

    identity_tags:

      - "NOT identity.datastore.role:ACCOUNTADMIN"
    priority: 1

 

Note how we didn’t have to specify in which tables or columns we expect to find PII because Satori doesn’t scan the data upfront, and it only scans the result sets of actual queries. Satori is also able to detect PII in semi-structured data, like JSON documents. A full list of all PII data types that Satori supports is available here: https://www.satoricyber.com/docs/acl/tags/#personally-identifiable-information-pii-data-types

 

The alert action doesn’t impact how users consume PII—it only monitors usage. To prevent unauthorized access to PII, change the action to block. Users will get an error message if they try to access PII:

SnowUI query

To learn more about Satori and start your free trial, sign up here: https://go.satoricyber.com/start-now-snowflak

START NOW