Daanalytics

Five days inside Snowflake Data Governance – Connect your Ecosystem

In a previous blog I mentioned that Snowflake’s Data Governance Framework focuses on three key areas:

  • Know your Data
  • Protect your data
  • Connect your Ecosystem
Five days inside Snowflake Data Governance – Connect your Ecosystem

Connect your Ecosystem

In this blog we will focus on the key area; ‘Connect your Ecosystem’.

Collaboration is one of the important workloads in the Data Cloud. Snowflake Data Governance provides the necessary controls and mechanisms to ensure secure collaboration within the Snowflake Data Cloud. It enables organizations to define and enforce access controls, securely share data, apply fine-grained security measures, track data usage, and integrate with existing data governance tools. These capabilities promote collaboration while ensuring data privacy, security, and compliance.

Secure Data Sharing

Snowflake’s Data Sharing capabilities enable organizations to securely share live data sets with external partners, customers, or other teams within the organization. Data owners can control access to the shared data using Snowflake’s access controls, ensuring that sensitive data remains protected while enabling collaboration and data-driven decision-making across boundaries.

In Snowflake, there are three different options for sharing data:

  1. Listing: With a Listing, you offer a share along with additional metadata as a data product to one or more accounts. It allows you to package and publish a collection of database objects, such as tables or views, along with associated metadata. Other accounts can then subscribe to the Listing and gain access to the shared data and metadata. This option is useful when you want to share data with a wider audience or make it available as a data product for consumption.
  2. Direct Share: In a Direct Share, you can directly share specific database objects, referred to as a share, with another account in your region. This option provides a more targeted and controlled way of sharing data. You can specify the specific objects you want to share, such as tables or views, and grant access to the recipient account. This enables secure and direct data sharing between specific accounts, ensuring data privacy and control.
  3. Data Exchange: The Data Exchange option allows you to set up and manage a group of accounts within Snowflake. You can create a group of accounts, often referred to as a Data Exchange, and offer a share to that group. This option is useful when you want to establish a data sharing ecosystem within a specific group of accounts, such as different business units within an organization or a consortium of partners. It provides a centralized platform for sharing data among the accounts within the Data Exchange group, ensuring controlled and efficient collaboration.

These three options—Listing, Direct Share, and Data Exchange—provide different levels of granularity and control over data sharing in Snowflake, catering to various use cases and collaboration scenarios.

Direct Data Sharing

If you want to securely share data with another account you need to execute a few steps. You need to have ACCOUNTADMIN to execute some steps both in the producer account as wel as the consumer account.

  • Create Data Sharing Access Table
    • e.g. create a table with a reference to the city in the frostbyte_tasty_bytes.raw_customer.customer_loyalty-table and a reference to the account you want to share to
    • load the table specifying which account is allowed to see which table
  • Create Secure View
    • create a secure view using the Data Sharing Access Table and the frostbyte_tasty_bytes.raw_customer.customer_loyalty-table joining on city and filtering on current_account()
  • Create Share
    • when the share is created make sure the objects (database, schema, view, etc.) are granted to the share
    • add the required account to the share

Go to the account you want to share to and execute the following:

  • Create a Database form the Direct Share
  • Create similar Role and Execute Grants
Snowflake Direct Data Sharing

Data Cleanrooms

Snowflake Data Cleanrooms is a feature of Snowflake’s Data Cloud architecture that enhances data privacy and security while enabling collaborative data sharing and analytics. It is closely tied to Snowflake Data Governance and helps organizations maintain strict data governance practices within their data operations.

“A Data Cleanroom differs from data sharing in that a provider can define rules about the types of queries that can be run on the data, but restrict the company that is running the queries from accessing the underlying data itself.”

Snowflake Data Cleanrooms provide a secure and isolated environment for data consumers to analyze and work with sensitive data without exposing the actual raw data to them. It leverages the concept of virtual data copies, known as data cleanrooms, which are created on-demand and populated with data subsets.

Snowflake Data Cleanrooms relate to Snowflake Data Governance and the Snowflake Data Cloud Architecture on the following aspects:

  1. Data Privacy and Compliance: Snowflake Data Cleanrooms address data privacy concerns by ensuring that sensitive or regulated data remains protected.
  2. Data Masking and De-Identification: Within a data cleanroom, Snowflake provides built-in data masking and de-identification capabilities. These features allow sensitive data fields to be dynamically masked or replaced with obfuscated values during query execution.
  3. Fine-Grained Access Control: Snowflake Data Cleanrooms align with Snowflake’s fine-grained access control mechanisms, such as role-based access controls and data access policies.
  4. Collaboration and Data Sharing: Snowflake Data Cleanrooms facilitate collaboration and data sharing within the Snowflake Data Cloud.
  5. Integration with Data Governance Tools: Integration with third-party data governance tools, leveraging existing data governance investments and extend them to include the data cleanrooms within Snowflake.

How the Snowflake Data Cleanrooms work are explained in this video and can be tried by yourself in this QuickStart.

Snowflake Data Cleanrooms Architecture

Marketplace

Snowflake Marketplace serves as a centralized platform within the Snowflake Data Cloud Architecture that promotes data sharing, collaboration, and integration. It aligns with Snowflake Data Governance principles, ensuring data quality, security, and compliance. By leveraging the Marketplace, organizations can discover, access, and share a wide range of data assets and solutions while maintaining robust data governance practices within their Snowflake environment.

nowflake Marketplace is a key component of Snowflake’s Data Cloud architecture that enables organizations to discover, access, and share a wide range of data sets, data services, and applications. It provides a curated and centralized platform where data providers can publish their data and solutions, and data consumers can easily find and leverage them.

Snowflake Marketplace

Here’s how Snowflake Marketplace relates to Snowflake Data Governance and the Snowflake Data Cloud Architecture:

  1. Data Governance and Security: Snowflake Marketplace is built on top of Snowflake’s robust Data Governance and security features. Data providers who publish their data sets and solutions on the Marketplace can apply Data Governance policies to control access, ensure data privacy, and maintain security. Data consumers can trust the data quality and security of the offerings available in the Marketplace, as they adhere to Snowflake’s rigorous governance standards.
  2. Data Sharing and Collaboration: Data providers can securely share their curated and prepared data sets with specific consumers or make them available to a broader audience. This promotes collaboration and accelerates data-driven insights by enabling easy access to high-quality data assets across organizations and ecosystems.
  3. Unified Data Access and Integration: Snowflake Marketplace provides a unified platform for accessing and integrating third-party data sets and applications into Snowflake’s data ecosystem.
  4. Data Governance Integration: Snowflake Marketplace integrates with Snowflake Data Governance capabilities to ensure consistent governance practices across the platform. This integration enables data consumers to easily understand and evaluate the data quality, lineage, and compliance of the available data sets, facilitating effective data governance and decision-making.
  5. Extensibility and Customization: Snowflake Marketplace allows organizations to extend and customize their data ecosystems. Data providers can offer custom-built data services, applications, or solutions on the Marketplace, tailored to specific business needs. Data consumers can leverage these offerings to address their unique requirements while adhering to their data governance frameworks.

Connect your Ecosystem

All the Data Governance features within Snowflake work seamlessly together with third-party applications. E.g. when I create a query in Mode, features like Dynamic-, Conditional-, and Tag-based Masking still work.

Example query for Data Governance Features in Mode Analytics.

Data Governance Accelerated

The Snowflake Data Governance Accelerated is a concept that highlights the collaborative efforts between Snowflake and its partner ecosystem, to enhance and streamline data governance practices within the Snowflake Data Cloud Architecture. It aims to provide organizations with comprehensive data governance solutions and accelerate their data governance initiatives.

Data Governance Accelerated Technologies

One of the partners in Snowflake’s ecosystem is Alation. In a following blogpost will go deeper into the Alation capabilities related to Snowflake.

Alation - Snowflake Reference Architecture

Till next time.

Director Data & AI at Pong and Snowflake Data Superhero. Online better known as; DaAnalytics.

Daan Bakboord

Bekijk ook: