Cloud data platform admins have virtually unlimited control over a company’s instance. They set up security protocols, they set up users and access, they manage data flows in and out.
If they wanted to obtain highly sensitive data they’re not authorized to access, they easily could. They could assume the role of an approved user by modifying a user account, or they could disable governance and security controls to access the data directly. And even if you trust your admin, you can’t guarantee that their credentials will never be stolen or misused.
While there’s no foolproof way to stop the admin or someone with their credentials from attempting to access the data, ALTR can reduce the impact and risk. Acting as neutral third party, ALTR provides consumption visibility and data protection that’s natively integrated yet outside the control of the platform admin.
ALTR can make it impossible to access the data without key people being notified and can limit the amount of data revealed, even to admins, via a unique combination of features:
Real time alerts: With ALTR, data can be tokenized outside of Snowflake. When the admin (or any user), tries to access the data, the platform has to contact ALTR in order to get the de-tokenized data. When this occurs, it triggers an alert notifying relevant stakeholders at the company. If none of the allowed users accessed the data, they’ll know unauthorized access has occurred within seconds. Alerts can include text message, Slack or Teams notifications, emails, phone calls, SIEM integrations, etc.
Data consumption limits: ALTR can limit the amount of detokenized data delivered to any user, including the admins. While a user might request 10 million records, they may only get back 10,000 or 10 per hour. This can also trigger an alert to relevant stakeholders.