Companies choose to utilize Snowflake for its analytics capabilities and other beneficial cloud offerings. However, moving data to the cloud poses security risks and demands to follow stricter privacy and data cross-border requirements, especially when the data contains personal and sensitive customer information. The privacy requirements have grown rampant and spread widely across the globe following the inception of GDPR in Europe. California had followed with its CCPA law and other countries have adopted their own similar versions of these regulations (including Mexico’s Federal Data Protection Law, LGPD in Brazil, the Personal Data Protection Bill in India, Australia’s Privacy Principle and Data Privacy Act in the Philippines.)
In addition, multi-national organizations looking to leverage cloud data platforms for analytics are facing not only the challenges of GDPR, CCPA and other privacy regulations but also data sovereignty. In such cases, the notion of de-identification is further enhanced with the need for Segergation of Duties (SoD) and Key Segregation — two important elements at the core of data-sharing and global data operations.
A natural solution would be to encrypt the data on Snowflake, but that requires uploading and storing exposed personal data to Snowflake, causing a potential violation of privacy and security requirements.
SecuPi developed a solution for this challenge by encrypting data on-prem, before it’s uploaded to Snowflake. This allows uploading encrypted data safely to Snowflake (without violating privacy requirements and security needs) and still enjoying the benefits of cloud analytics. Once the data analysis is said and done, it can be accessed again in the clear only by data analysts who have SecuPi with the appropriate policies that allow them to access it.
SecuPi enables to apply “single out” (preventing analysts from querying VIP customers), “max out” (alerting when analysts extract an abnormal amount of customer data), logical deletion and row, column & cell level anonymization, as well as dynamic masking, providing even more effective and flexible ways for protecting data.
SecuPi was purposely built to comply with all technical articles of the different privacy regulations mentioned above and data cross border controls, ensuring access on a “need-to-know” basis while adhering to security by design, customer consent and “right to be forgotten” attributes.
Watch this video to see how the SecuPi solution for Snowlake works: