Data Sharing and Security

This guide outlines secure data sharing practices in Snowflake, detailing how to use secure views and reader accounts to protect sensitive information. It highlights managing access permissions, conducting regular audits, and establishing data governance policies. Essential for organizations aiming to share data securely with both internal and external stakeholders, this guide ensures that data sharing in Snowflake maintains the highest security standards.
Loved by leading security teams around the world.

Snowflake's data sharing capabilities enable organizations to share data seamlessly with both internal and external stakeholders without duplicating data or compromising security.

Understanding Secure Data Sharing in Snowflake

Snowflake allows data sharing directly from one Snowflake account to another, facilitating real-time access to live data. For external stakeholders without a Snowflake account, Snowflake provides reader accounts. To enhance security, Snowflake supports the creation of secure views that restrict the visibility of sensitive data.

Strategy 1: Implementing Secure Views

Secure views limit the exposure of sensitive data while sharing, serving as a critical tool for maintaining data privacy.

Creating Secure Views

  1. Identify Sensitive Data: Assess your datasets to identify sensitive or confidential information that requires protection.
  2. Create Views: Use the CREATE SECURE VIEW SQL command to create views that present only the necessary data, masking or omitting sensitive details.

For example:

SELECT column1, column2
FROM source_table
WHERE condition;

Strategy 2: Utilizing Reader Accounts for External Sharing

Reader accounts allow external users to access shared data in a controlled environment, without providing direct access to your Snowflake account.

Setting Up Reader Accounts

  1. Create a Share: Begin by creating a data share that specifies which data objects (e.g., tables, secure views) you intend to share.
  2. Create a Reader Account: From the Snowflake UI or via SQL commands, create a reader account for the external party.
  3. Grant Access to the Share: Associate the created share with the reader account, granting the external party access to the specified data.

Strategy 3: Managing Access and Permissions

Carefully manage permissions for both internal and external users to ensure that they have access only to the data they require.

Internal Stakeholders

  • Utilize role-based access control (RBAC) to assign permissions based on job functions or data access needs.

External Stakeholders

  • Regularly review and adjust the permissions and data available to reader accounts to prevent unintended data exposure.

Best Practices for Secure Data Sharing in Snowflake

  • Regular Audits: Conduct periodic audits of shares, secure views, and reader accounts to ensure that data sharing practices remain secure and compliant with data protection policies.
  • Data Governance Policies: Establish comprehensive data governance policies that outline procedures for secure data sharing, including criteria for sharing data and steps to take in case of a data breach.
  • Educate Stakeholders: Provide training for both internal and external stakeholders on secure data handling practices and the importance of data security.

Data sharing in Snowflake, when executed with security in mind, offers a powerful means of collaborating on and leveraging data across organizational boundaries. By employing secure views, reader accounts, and meticulous access management, organizations can share data securely, ensuring that sensitive information remains protected. Adhering to best practices and maintaining vigilant oversight of data sharing arrangements are key to upholding data security and integrity in Snowflake.

Connect, Protect, Defend

Streamline your approach to security posture management throughout your entire company.
Get a Free Security Assessment
By installing or using the software, you acknowledge and agree to be bound by the Terms of Service.