Data security has established itself as an unwavering foundation within the technological framework of modern applications. Snowflake came with a new feature – “dynamic data masking” – an essential tool that allows it to address the never-ending issue of sensitive data protection.
Dynamic Data Masking will protect/control the column data and make it visible to only authorized persons or groups.
- The feature is available in Enterprise Edition and above. it allows you to create a dynamic masking policy as an object in the database.
- You can then attach this object to a table or view columns.
- The masking policy is applied dynamically to any query referencing these columns with a policy attached, making it powerful.
- It doesn’t mask data persistently in the database. Based on the conditions of the masking policy, the SQL execution context, and the role hierarchy, Snowflake query operators might encounter the original plain-text value, a partially masked value, or a fully masked value.
Problem Statement:
Companies using Snowflake to store data have important information like customer names and sales figures. They have a need to hide some of this data to follow privacy rules and protect against bad actors inside and outside the company. They want to ensure that people in one area can’t see private information from another. But they still want the data to be helpful for the right people and follow the rules.
Solution:
To keep data safe and follow the rules, we’ll use the Data Masking Policy to create a way to hide some important information in Snowflake. This way, people in one place can’t see key information from another place. But for the authorized personnel, the data will look normal and follow the rules.
We can create a Masking Policy as below:
Example 1: Masking Sales Figures with Zero Value
Objective: To mask the “sales_figure” column with a zero value if the user doesn’t have a specific role.
— Create a masking policy
— Apply the masking policy to the sales_figure column
Example 2: Partial Masking of Contact Column (Showing Email Domain)
Objective: To partially mask the “contact” column, revealing only the email domain if the user doesn’t have a required role.
— Create a masking policy
— Apply the masking policy to the contact column
Example 3: Hashing Sales Info Column
Objective: To hash the “sales_info” column if the user doesn’t have a certain role.
— Create a masking policy
— Apply the masking policy to the contact column
Objective: To mask data for region based and non-authorized users
— Create a masking policy on region
— Apply the masking policy
ALTER TABLE SALES SET MASKING POLICY region_masking_policy;
Output:
Benefits of data masking:
Easy to Set Up: You can make one rule that hides information in many places. It’s like having one remote control for lots of TVs.
Easy to Change: You can change the rule without much extra work. It’s like changing the rules of a game without starting over.
Sharing Secrets Safely, Keeping Data Safe, Controlling Who Sees What
Conclusion:
Snowflake’s Dynamic Data Masking is a powerful tool that lets you safely add sensitive information to your data system. It helps you manage and control this data efficiently, and you can hide or show it as needed, all without much trouble. It’s like having a magic cloak for your data, making it visible or invisible as you wish.