How IDMC Supports Native Security Controls in Snowflake

The latest release of the Informatica Intelligent Data Management Cloud™ (IDMC) introduces enhancements to Cloud Data Access Management (CDAM), a service of IDMC. The updates allow users to quickly automate and enforce security and privacy controls directly within data platforms, starting in Snowflake Data Cloud. CDAM’s policy pushdown capability orchestrates native controls to simplify operations and make it easier for data teams to scale secure access.

Informatica and Snowflake’s strategic partnership delivers unparalleled value to customers across the complete information value chain. IDMC, integrated with Snowflake’s governance solution, Snowflake Horizon, helps organizations in governing data from the initial discovery and integration of data sources. This process helps support data democratization and sharing in Snowflake's scalable Data Cloud. Policy pushdown is a logical extension of our solution as CDAM delivers automated, policy-based controls driven by IDMC’s common metadata platform. 

Snowflake provides granular controls, however, these need to be managed individually for each table or view. Many organizations want to reduce the maintenance overheads to manage data access consistently for a growing number of data assets.

As part of IDMC, CDAM leverages metadata captured by Informatica’s intelligent discovery, classification and cataloging to define policies that are not tightly coupled to any specific instance of a dataset. This simplifies policy management and allows for greater scalability, as a single policy can provide consistent and trackable protection for many tables and views across multiple data sources.

Policy pushdown translates these CDAM policies to instruct the native mechanisms that apply controls within data platforms like Snowflake. CDAM supports access control for tables and views based on attributes of data and user groups, with row, attribute and cell-level controls to come.

Data consumers can experience seamless access to data through their preferred tools across business intelligence, analytics or AI projects. Meanwhile data stewards, architects and engineers are also beneficiaries of policy pushdown. They’ll spend less time on maintenance because policies composed with metadata can be reused across multiple assets and environments. No-code policy authoring means business users can define policies, without being dependent on a technical user to grant access to specific tables and views, as illustrated in Figure 1.

Figure 1: CDAM policies are composed of metadata and conditional logic, which simplifies policy management and allows for greater scalability.

While easily scaling enforcement on multiple platforms is the most obvious advantage of policy pushdown, there are benefits whether you manage a single source or thousands:

• Business users involved in data governance can intuitively understand, compose and manage policies without coding.
• Streamlined privacy and security controls make it easier to satisfy data consumers with quick access to create value even from sensitive data sources.
• Data consumers get access to appropriate and protected data exactly where they want to work in seamless, non-invasive user experiences.
• New data sources do not require new policies, provided data is scanned, cataloged and classified.
• Applications built on top of Snowflake can leverage these controls, enabling organizations to deploy new use cases in analytics and AI quickly.
• Rich operational logging supports audit and traceability with the who, what, when and why of data access.

CDAM’s seamless orchestration of controls in Snowflake ensures that those who need data get access when they need it and demonstrates compliance with relevant standards and regulations, minimizing risks.

Our vision involves consistent, scalable and universal policy enforcement that allows data access to be extended to more users and applications while maintaining a rigorous security and privacy posture across the data ecosystem. Leaders recognize the need to secure data and inspire trust as they embrace a data-driven culture and unleash more value from data through broader use.

In forthcoming releases, we’ll expand policy pushdown in Snowflake to support control at additional levels of granularity, including row-level filtering, data masking and other privacy-preserving transformations for data within tables and views.

At the same time, our pushdown framework allows us to build support for any data source so that Informatica customers can manage data access consistently across all their important use cases.

Watch “What's New in Cloud Data Governance and Catalog, Cloud Data Access Management, and Cloud Data Marketplace” to learn more about policy pushdown and other new IDMC data governance and privacy capabilities, including demos.

For more details on Cloud Data Access Management, read our datasheet or take an interactive tour.