Data Governance In Snowflake Gets Better with Ketch

By Ketch / November 16, 2021

Earning and maintaining customer trust in our data-driven and increasingly regulated world is a major challenge for B2C and B2B companies. Paramount to this challenge is maintaining compliance, governance, and privacy controls while using responsibly gathered data to grow your business. 

Privacy regulations were a governmental response to rising consumer awareness and alarm about how their data was collected and used without their knowledge or permission. At Ketch, we believe this privacy is an essential human right. At the same time, data collection is essential to business growth. The key is to create automated compliance guardrails within your data architecture. 

Why Ketch and Snowflake Together?

Privacy Controls and Governance for Data in Snowflake 

The integration between Snowflake and Ketch allows our joint customers to establish -- and proactively enforce -- critical governance policies that protect and secure the privacy of personal data stored within their Snowflake database. 

Wherever your data is stored, it requires visibility, control, and security. By combining Ketch and the Snowflake Data Cloud, you get the governance and security capabilities required to understand your data, comply with regulatory and corporate mandates, and collaborate with confidence inside your organization and beyond.’

Ketch and Snowflake is an ideal pairing of next-gen technologies to ensure companies can build value while honoring values

With Ketch and Snowflake, mutual customers can do more with data, while ensuring they meet growing expectations for data privacy and protection.

Three Steps to Responsible, Compliant Data Growth

So: how do you build the data assets you need for growth, while complying with privacy regulations, corporate ethics, and governance policy? Take these three critical steps to ensure you’re covered: 

  • Understand where and what types of data you have so that you can properly assess and control for corresponding risk.
  • Decide your policies for data governance and privacy compliance, including engaging consumers with transparency and control over how you’ll use their data.
  • Enforce those policies and controls across your data ecosystem, ensuring consumer privacy choices are respected everywhere.  

Let’s dive into each of these steps in detail, including how Ketch and Snowflake can help in the process.

1. Understand Your Data: Discovery, Classification and Access History

For many reasons -- including compliance with privacy regulations, data hygiene and security purposes -- companies need to first understand what types of sensitive and personal data they have, where that data is stored, and who accesses it. 

Data Discovery. The challenges with traditional data discovery is that it takes too long, involves manual effort or surveys, and is expensive. To address these challenges, Ketch provides scalable, safe and efficient data discovery that integrates with Snowflake seamlessly to unlock privacy and governance use cases, such as data subject rights fulfillment and access requests. 

Data Classification. Correctly classifying data as sensitive and personal is another challenge, especially doing so at a granular level. Ketch machine learning models read data and apply labels (e.g. social security number, address) and classification (e.g. personal or sensitive, demographic, behavioral), at a granular level, streamlining the entire process for companies.

Data Access History. An important part of protecting sensitive data is knowing who has access to it, and whether it has been moved from one database to another. Ketch's data-lineage reporting allows you to ask and document: who has accessed this data, and how was it used? We use Snowflake’s Access History capability to inform data lineage reporting in Ketch.



Ketch + Snowflake Features 


Classification / Tagging

Ketch makes it easier to know and control your data by applying business context, such as tags that identify data objects as sensitive and PII data. Ketch leverages Snowflake Object Tagging to persist inferred tags within Snowflake. 

  • Easily track sensitive and PII data at scale for reporting and access control
  • Flexible privilege management, supporting both centralized and decentralized tagging

Access History

Expanded Access History view helps you know your data end-to-end, from both external sources and as it flows within Snowflake, making compliance auditing easier and faster.

  • Quickly understand who accesses data to inform policy settings

2. Decide: Access & Security Controls for Sensitive & Personal Data

Customers, regulators and ethical companies alike are keen to ensure sensitive data is protected by security and access policies, and reflect the latest consent and permitted use from data subjects (a fancy, legalese name for “people”). 

Centralized Policy Setting. To meet this obligation, Ketch provides a user interface and policy center from which data governance and compliance teams define policies such as privacy, data security and access. Policy setting is centralized, but importantly, data stays decentralized. In other words, you make  your policy decisions in one place, Ketch, and control data wherever it lies,giving you flexibility and coordinated, programmatic control. 

Security Controls. For data in Snowflake, Ketch leverages Snowflake dynamic data masking functions for enforcement of security and governance policies, such as how data needs to appear, e.g. tokenized, masked, anonymized. 

Access Control. Of course, there’s no point in collecting and storing data in Snowflake if your analysts can’t efficiently and safely query it for insights. With Ketch you can define purpose based access for data in Snowflake, determining who can see data (and in which format) based on their specific task (e.g. analytics, marketing etc). 



Ketch + Snowflake Features


Dynamic Data Masking

A column-level security feature that uses masking policies to selectively mask plain-text data in tables and view columns at query time.

  • Simplify data management. No need to copy data sources for masked versions. If you don’t use Snowflake but want to migrate over, this feature will streamline the process
  • Easily scalable. Write a policy once and have it apply to thousands of columns across databases and schemas.

Granular Access Policies 

Allows you to control access to data using Snowflake’s fine-grained, content-based row access policies.

Row access policies allow you to consolidate data by controlling access dynamically based on specific user authorization

  • Easily manage access controls with centralized, flexible policies
  • Prevent secure view explosion i.e. creating and maintaining an ever growing number of secure views

3. Enforce: Privacy and Data Governance Controls in Snowflake


In addition to enforcing access and security controls on data in Snowflake, Ketch ensures that the specific rights provided to the consumer based on his or her jurisdiction are reflected and respected. 

For example, California consumer privacy law (CCPA) requires businesses to clearly provide data subjects an opportunity to, “limit the use of my sensitive data.” Once it’s much easier for consumers to opt out, we’ll likely see a spike in such requests, all of which must be enforced across internal and vendor data systems. (Wondering if you have to comply with CCPA? Check out our recent blog.)

When a consumer makes a “Do Not Sell” choice under California privacy law, Ketch orchestrates that choice to ensure that data in Snowflake isn’t used or processed for activities that contravene the Do Not Sell provisions. 

And that’s one law, but privacy regulations are cropping up all over the world. 

Governments are moving to expand and strengthen existing laws in order to provide their citizens with even more control over the collection and use of their data. For instance, the California Privacy Rights Act (CPRA) , broadens the definition of “sensitive personal information” to include, among other things, geo-location data, a data set marketers have used to target consumers for ages. 

Today, 16 countries have GDPR-like laws, and that number is growing each year. Within the U.S., three states have enacted such laws -- California, Colorado and Virginia. All but 15 states have consumer privacy bills working their way through their legislatures. 

Ketch provides the scalability and flexibility to quickly respond to new legislation, and ensure the downstream connectivity to systems like Snowflake continues to honor the latest state of compliance and consumer choice. Ensuring that you always deliver the privacy experience your customers expect.

Ensure Your Data In Snowflake Is Privacy Compliant with Ketch

At Ketch, we believe that granular control of data isn’t limiting; instead, it can create a framework for responsible data growth. With the right tools in place, you can: 

  • Build trust with consumers by providing transparency and control over how their data will be collected and used 
  • Instill confidence in your team and business, that they can honor privacy and governance choices across every touchpoint and data system
  • Provide privacy-safe methods to get the best use out of data to grow your business and, ultimately, provide your customers with better experiences.

Ketch can help you realize the full value of your investment in Snowflake. With Ketch, you can augment your Snowflake environment in many ways: 

  • Understand the breadth and depth of personal and sensitive data residing within Snowflake 
  • Protect data by establishing and proactively enforcing data governance policies that protect and secure the privacy of personal data in Snowflake and other data systems
  • Unlock data for analytics and AI purposes, and remain confident that you are in full compliance with all regulations and corporate data governance policy

Let’s meet so you can learn more.

Share this: