Currently, many authorization models in the Federal Government focus on role-based access control (RBAC), which relies on static pre-defined roles that are assigned to users and determine their permissions within an organization. Zero trust architecture should incorporate more granularly and dynamically defined permissions, as (ABAC) is designed to do.
In today’s tech-driven world, data security is a paramount concern for every industry. But when sensitive government or educational data is involved, the stakes become even higher. The need to protect this information, ensure citizen and student privacy, and mitigate threats to their data has never been more critical.
That’s why Immuta and Snowflake have taken an important step in providing data security for public sector and academic institutions through Immuta’s integration with Snowflake’s Government and Education Data Cloud. This latest extension of Immuta’s partnership with Snowflake helps ensure that joint users can securely achieve a range of objectives, from easily collaborating on data to enabling zero trust architectures in line with federal mandates.
In this blog, we’ll dive into the Government and Education Data Cloud and get a better understanding of how Immuta’s integration helps Snowflake data teams that are implementing zero trust protect their most sensitive data, while unlocking its full value.
What is the Government and Education Data Cloud?
The Government and Education Data Cloud unites Snowflake’s platform and solutions with industry-centric data sets so that public sector agencies and academic institutions can provide citizens and students with the highest quality services to improve everyday lives. In practice, it helps government and educational organizations modernize their IT infrastructure, share and collaborate on data, centralize reporting, and monitor for fraud, waste, and misuse, among other objectives.
Immuta’s integration adds a layer of data security so that users can access solutions built specifically for their respective industries. This allows them to leverage best practices, accelerate time-to-value, and increase overall impact, without compromising the privacy or integrity of their data.
“We are looking forward to working with our ecosystem of partners to help government agencies and educational institutions accelerate their modernization efforts,” says Snowflake Global Head of Public Sector Jeff Frazier. “Our continued partnership with Immuta will help organizations leverage the data they need to drive meaningful change in their communities.”
As these organizations modernize and seek compliance with industry standards, zero trust has become a top priority that Immuta’s integration with Snowflake’s Government and Education Data Cloud can help solve.
What is the Zero Trust Data Security Methodology?
To understand why a zero trust approach to data security is particularly useful for government and education, we need to first know the fundamentals.
Zero trust is a data security methodology based on the idea that no users should be implicitly trusted to access data assets, and instead must undergo continuous authentication and authorization. It has gained popularity as organizations shift from on-premises ecosystems with defined network edges to more flexible cloud or hybrid structures.
Zero trust is based on six clearly defined pillars that must be known in order to have a successful implementation:
- Identity – user information, based on attributes like title, department, or location
- Device – technology assets that can connect to a network, such as laptops and servers
- Network – a medium through which communications flow, including internet and messaging systems
- Applications and workloads – systems, programs, and services that operate within a data environment
- Data – assets (at rest and in transit) that must be managed across devices, networks, and applications
Data security authorities have also weighed in on zero trust, giving organizations explicit guidance on how to implement it. These include:
- NIST: Widely considered a leading force in data security, NIST recommends that data teams implementing zero trust keep a detailed inventory of all data resources, users, and processes in order to assess risk, and ensure access control policy enforcement is as granular and close to the resource as possible. This requires continually evaluating data access using dynamic policies (we’ll talk more about that below).
- ISO 27017: Like NIST, this security standard requires data teams to maintain a thorough data asset inventory with clear labels and owners. It also sets the standard to manage access controls at the data set level to mitigate unauthorized access and ensure that only the right people can access the right data.
- CDMC EDM Council: According to the council’s Cloud Data Management Capabilities Framework, data teams should adopt automation for cloud security and governance, in addition to ensuring that data’s sensitivity levels are appropriately classified and labeled. In practice, metadata-based policies should be automatically enforced across multiple platforms and applications in order to effectively implement zero trust.
Understanding these foundational elements helps pinpoint the mechanisms that must be in place to put zero trust’s “never trust, always verify” ethos into practice.
Zero Trust Data Security for Government and Education
Implementing zero trust as a data security measure helps mitigate the risk of an individual gaining blanket access to data sets or being “grandfathered in” as data ecosystems evolve. This is crucial in the public sector and academia since they are constantly and rapidly changing: Data on issues like the economy, international relations, demographics, and scholastic achievement rarely stays the same for long, and the people who need to access it can shift on a dime.
To put this into perspective, let’s imagine a defense contractor who received top secret clearance for a specific project. Upon completion, they no longer require access to that information. However, due to a breakdown in communication and a high volume of access requests, the admin in charge of user permissions fails to revalidate the contractor’s clearance level and as a result, the contractor continues to have access to top secret information. If the contractor had any malicious intent or reason to leak sensitive government information, they would have a virtually unchecked ability to do so. With zero trust, this would not happen; the contractor’s clearance level would be reauthorized each time they attempted to access top secret data, meaning they would be automatically blocked once their clearance level was changed.
For government agencies specifically, zero trust isn’t just a nice-to-have – it’s a mandate. A 2021 executive order on zero trust requires federal institutions to adopt zero trust principles by the end of the 2024 fiscal year. It’s safe to assume that other industries will follow suit, regardless of whether or not a mandate forces the issue.
How Immuta and Snowflake Simplify Zero Trust Data Security
Over several years of collaboration, Immuta and Snowflake’s partnership has grown into a deep integration that combines high performance storage and analytics with best-in-class data security. The Government and Education Data Cloud validates that our joint approach is optimized to power workloads efficiently and securely. But how?
Dynamic Security & Access Control
Immuta integrates directly with Snowflake Data Governance capabilities to enable potentially complex scenarios that require highly-granular and dynamic access control, such as zero trust data security. When Immuta is connected to Snowflake, data teams can provide row-, column-, and cell-level protection on the fly using attribute-based access control (ABAC). In fact, a memo from the Office of Management and Budget (OMB) specifically recommended that zero trust frameworks include ABAC instead of or in addition to legacy role-based access control:
When data access is based on various attributes instead of linearly tied to roles, permissions can be automatically granted or restricted on a per query basis – no manual intervention required. This enables continuous authentication at scale – a core tenet of zero trust – without delaying access or slowing workflows. For public sector agencies, speed to access can literally be a matter of life or death, so dynamic security and access control are essential.
Data Discovery & Classification
Data access control – and by extension, zero trust implementation – will only be successful if the right data is effectively protected by the right policies. This requires data platform and governance teams to have visibility into what data they have and what policies are applied to it.
Immuta’s integration with Snowflake automatically discovers, tags, and classifies sensitive data from millions of tables without manual effort, providing users with a real-time view of their data assets. By leveraging Snowflake APIs to ingest native object tags, using Snowflake lineage for tag propagation, and enriching user metadata from Snowflake and other connected sources, Immuta streamlines sensitive data discovery for policy enforcement. With new data constantly being added to government and education institutions’ ecosystems, this automated, ongoing data discovery helps ensure no sensitive information slips through the cracks.
Data Monitoring & Detection
Assuming that threats are imminent is at the core of the zero trust data security ethos. While its purpose is to prepare for the fact that no user is inherently trustworthy, implementing zero trust does not eliminate the risk of data leaks, breaches, or unauthorized access. Therefore, data monitoring is essential to detecting and addressing threats, and having a fully effective zero trust framework.
Immuta’s integration with Snowflake delivers timely insights into Snowflake data access and user activity via Immuta Detect, so data teams can quickly respond to anomaly indicators and remediate risks. Snowflake data teams can also generate views of their data’s sensitivity level, risk profile, and policy version history, as well as pull audit reports to prove compliance. This is key for public sector and academic organizations that are subject to requirements like the Privacy Act of 1974, CCPA, FERPA, and others, since achieving and proving compliance is necessary to avoid penalties and workflow disruptions.
Having a data security platform like Immuta integrated with Snowflake streamlines these three data security components, making zero trust implementation simple and seamless.
5 Uses for Zero Trust Data Security in Government and Education
The ways in which public sector agencies and educational institutions use data are vast and varied. But there is common ground in the need to secure data in their operations, as well as in their ultimate goals: to improve citizen and student experiences and outcomes. By implementing zero trust data security measures alongside powerful analytics, organizations can simplify data sharing and operations, protect their data at scale, and maximize the value of their assets.
Here are five examples of how zero trust helps protect government and education data:
- Public Health Initiatives and Response: Government agencies involved in public health management routinely work with medical records, health statistics, demographic data, and other protected health information (PHI), which allows them to develop policies and rapidly respond to public health crises. Zero trust data security measures like access controls and privacy enhancing technologies (PETs) ensure only the right people are able to access this sensitive information for the right purposes.
- Infrastructure and Transportation Safety: Enabling efficient operations is an essential task for public infrastructure and transportation agencies. Securing networks and devices that power these operations using the zero trust methodology helps protect against cyberattacks and unauthorized access, which have the potential to take systems offline and compromise public safety.
- Law Enforcement and Crime Mitigation: Law enforcement agencies leverage highly confidential data related to ongoing cases, suspects, and witnesses in order to protect citizens and mitigate crime. A zero trust approach helps strictly control and monitor this information so only individuals with the appropriate clearances can access relevant data, without increasing the risk of leaks, tampering, or compromising investigations.
- Research and Innovation: Research and innovation are cornerstones of academia. To identify trends, develop best practices, and contribute to breakthroughs in education, researchers need access to vast amounts of potentially sensitive data. Implementing zero trust helps ensure that analysis is done securely and compliantly, regardless of the data sets being analyzed.
- Educational Achievement and Policy Making: Information about student demographics, enrollment trends, graduation rates, and academic achievement help administrators and policymakers measure the effectiveness of their programs, allocate resources, and develop policies to close equity gaps. Zero trust data security measures help protect students’ personal information and continuously monitor for unauthorized access or misuse.
Getting Started
Regardless of industry, taking steps to implement zero trust for stronger, more efficient data security will help ensure sensitive data remains protected from unauthorized access and risks. Immuta’s integrations with Snowflake and other partners deliver automated data discovery and classification, security and access control, and monitoring and detection, so you can simplify operations, improve data security, and unlock the value of your data.
With Immuta and Snowflake, fintech firm Billie accelerated time to data from days to minutes, an improvement of 100x, and a global currency exchange secured 500,000+ Snowflake tables. Find out what you can accomplish by scheduling a demo with our team.