Fortanix for Snowflake
Description
Fortanix and Snowflake offer an easy to implement and cost-friendly external tokenization service that allows customers to seamlessly tokenize sensitive data inside and outside Snowflake. Fortanix Data Security Manager SaaS (DSM SaaS) seamlessly integrates with SnowFlake to offer a highly scalable solution that can be deployed in minutes.
Key Pillars for the Solution
Obtain Rapid and Easy Integration With Snowflake
The Fortanix integration with Snowflake can easily be deployed in minutes vs. weeks or months—thus delivering much faster time to value. This gives customers the speed and efficiency to ingest tokenized data in Snowflake in less than 5 minutes.
Format Preserving with Granular Access Controls
The combination of Format Preserving Tokenization and role-based access control (RBAC) for applications helps in protecting sensitive data. With Fortanix, authorized users can get authenticated through RBAC, query the data, and tokenize data on the fly.
Advanced Data Masking
A user can choose to dynamically mask an entire field of tokenized data or part of the field based on user or group.
Tokenize Any Custom Object or Data Type
Users can tokenize any custom objects to protect any kind of data such as a credit card, SSN, name, email etc.
Vaultless tokenization with FIPS 140-2 Level 3 certified HSM
Vaultless Tokenization is more secure. Fortanix also offers vaultless tokenization that uses a FIPS 140-2 Level 3 compliant HSM to tokenize data. There is no centralized token database required.
Rest API Driven, Developer and Cloud-Friendly Solution Offering Easier Integration With Data Flows
Fortanix DSM is a cloud native and DevOps friendly, with full container support and native RESTful APIs. This makes the solution ready for the challenges of public cloud, hybrid cloud, dynamic regulatory environments, and agile application development.
Key Benefits
Integrated Data Security Platform With ‘Single Pane of Management’
Fortanix Data Security Manager SaaS (DSM SaaS) is an integrated data security as a service that provides secure key management and cryptography services including cloud key management, secret management, and tokenization to protect sensitive data in public, private, hybrid or multicloud environments. Built-in encryption, key management and tokenization supports a variety of interfaces like REST APIs, PKCS11, CNG, JCE, KMIP etc.
Achieve Privacy Compliance for Personally Identifiable Information and Sensitive Data
With data breaches on the rise, organizations are undergoing more intensive scrutiny by government regulatory bodies and concerned authorities. They are subject to regulations like PCI, DSS, HIPAA, GDPR, Schrems II etc. As organizations scale, it is critical to ensure that the sensitive data is protected and meets these compliance requirements. The Fortanix Tokenization service substitutes tokens for sensitive data using REST APIs to achieve privacy compliance. This helps eliminate the link to sensitive data and protect against data breaches and avoid regulatory penalties from data privacy regulations such as General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Tokenization can also prevent insiders from accidentally or intentionally exposing customer data.
Eliminate Risks of Key Compromise in Shared Infrastructure
The sheer volume of users utilizing Cloud and SaaS services increases the risk of unauthorized access to sensitive data stored within the cloud. The external tokenization service helps Snowflake customers significantly reduce the chances of key secrecy being violated in a shared infrastructure, including by government officials or the CSP itself.
Cost-Effective External Tokenization Delivered as SaaS. No Hardware or Perpetual License Required
External tokenization offered as a service can be consumed based on a ‘Pay as you grow’ model based on required and expected operational volume. Tokenization has traditionally been a solution for the larger enterprise that can afford high cost of implementation and ongoing licensing. With Fortanix, customers get external tokenization as a service allowing them to manage their costs and get value quicker than traditional deployments.
Summary
Customers moving sensitive data and workloads from their on-prem environments to the cloud can tokenize this data sitting in the cloud instance before ingesting it to Snowflake. Snowflake does not encrypt the data until the data is inside the Snowflake application. The data can be secured using the Fortanix DSM for cloud environments. Once the data is tokenized inside the cloud, it’s ingested into Snowflake. Customers can then provide specific user-based control to the tokenized data.
