Snowflake’s single, cross-cloud governance model has always been a powerful differentiator, enabling customers to manage their increasingly complex data ecosystems with simplicity and ease. As a result, Snowflake is enhancing its governance capabilities that thousands of customers already rely on through Snowflake Horizon. Snowflake Horizon is Snowflake’s built-in governance solution with a unified set of compliance, security, privacy, interoperability, and access capabilities. Snowflake Horizon makes it easy for customers to govern and take immediate action on data, apps, and more across clouds, teams, partners, and customers — both inside and outside of organizations. Integrations with other Apache Iceberg-compatible catalogs and engines , and with partners, further extend Snowflake Horizon across customers’ ecosystems.
Snowflake continues to advance Snowflake Horizon with additional capabilities for compliance, security, privacy, interoperability, and access.
Enhanced compliance through additional certifications, data quality monitoring, and lineage
Snowflake Horizon protects and audits customers’ data with compliance, business continuity, data quality monitoring, and lineage. We have an extensive number of compliance certifications and continue to add more. Snowflake recently achieved compliance for the UK’s Cyber Essentials Plus (CE+), FBI’s Criminal Justice Information Services (CJIS) Security Policy, IRS’s Publication 1075 Tax Information Security Guidelines, and assessments by the Korea Financial Security Institute (K-FSI), as well as StateRAMP High and U.S. Department of Defense Impact Level 4 (DoD IL4) Provisional Authorization on AWS GovCloud. These reiterate Snowflake’s commitment to providing its customers with the highest security and privacy assurances for their data needs, especially those across the public sector.
To effectively monitor and report on degradation in data quality across their organization, customers can use the new Data Quality Monitoring feature (in private preview) to either access out-of-the-box system metrics or create custom metrics. They can define the frequency for automatically measuring the quality of their data and configure alerts to receive email notifications when quality thresholds are violated.
Snowflake is also launching a new Data Lineage UI (in private preview) to give customers a bird’s-eye view of the upstream and downstream lineage of objects. With this new user interface, customers can easily see how downstream objects may be impacted by modifications that happen upstream. In addition, governors can take bulk action to propagate tags and policies to protect all downstream columns that have personally identifiable information.
More comprehensive security with the introduction of Trust Center and added platform protections
Snowflake Horizon secures customers’ environments with continuous risk monitoring and protections, RBAC, and granular authorization policies. To help customers better discover security risks while providing recommendations to resolve these issues, Snowflake is launching the Trust Center (private preview soon). The Trust Center streamlines cross-cloud security monitoring in one centralized place to reduce security monitoring costs, resulting in lower total cost of ownership (TCO) and the prevention of account risk escalations.
We recently announced the Snowflake Shared Responsibility Model as part of Snowflake’s collaboration with the Center for Internet Security (CIS) and the security community to finalize the CIS Snowflake Foundations Benchmark. The Trust Center provides a programmatic way to verify that both Snowflake and customers are fulfilling their respective responsibilities in the Snowflake Shared Responsibility Model to uphold industry best practices outlined in the CIS Snowflake Foundations Benchmark.
To further secure data, Snowflake is improving manageability, troubleshooting, and granular controls for security admins with the following features:
- Network rules and network isolation for S3 stages (in public preview) for better management of network restrictions to Snowflake to enhance network security
- Multiple SAML IDP support, authentication policy, and identifier first flow (in public preview soon) to improve authentication
- Database roles (generally available) to make access management easier while enhancing secured and flexible data sharing
Unlocked value for sensitive data with differential privacy
With Snowflake Horizon privacy capabilities, customers can unlock the value of their sensitive data with advanced privacy policies and data clean rooms. The introduction of Differential Privacy Policies (in development) will further enhance Snowflake’s data privacy controls, which currently include Dynamic Data Masking, Aggregation (in private preview), and Projection Policies (in private preview). Differential Privacy Policies will help customers ensure that query output does not contain information that can be used to draw conclusions about individual records in the underlying data set. This will allow customers to enable other teams and business partners to analyze PII, confidential medical and financial data, and other sensitive data types while protecting the data from accidental leaks and even targeted privacy attacks.
Increased interoperability with other Apache Iceberg-compatible catalogs and engines
Snowflake Horizon allows organizations to connect their data ecosystem inside and outside Snowflake through integrations with other Apache Iceberg-compatible catalogs and engines , and with leading data catalog and data governance partners. To give customers flexibility for how they fit Snowflake into their architecture, Iceberg Tables can be configured to use either Snowflake or an external service like AWS Glue as the catalog to track metadata. This is made possible by a new account-level object called a Catalog Integration (in public preview soon), which allows Snowflake to securely read metadata from AWS Glue and object stores. We have also contributed an SDK to the open source Apache Iceberg project, which allows Apache Spark clients to access metadata when reading Snowflake-managed Iceberg Tables. In addition, Snowflake is working on an Iceberg catalog REST API (in development).
Advanced access with new search and classification capabilities
Classify, share, discover and take immediate action on data, apps and more across regions and clouds with Snowflake Horizon. We are announcing the private preview of Universal Search, an LLM-powered search tool to quickly discover and access relevant data and apps across your Snowflake account, including Iceberg Tables and Marketplace listings.