Blogs & Resources

Theom and Snowflake Horizon: Govern and Secure Your Data in the Data Cloud

Grace Rotondo, Director Routes to Market - Theom
Ravi Kumar, Senior Partner Sales Engineer - Snowflake

With the advent of OpenAI and ChatGPT, the world realized how far AI had come and marveled at the potential impact it would have. Subsequently, the world recognized that AI is driven by data, and not just AI models. With this increased reliance on data, there is an increased importance for governance and security because, as with anything: Garbage in, garbage out. Data governance and security are no longer nice to have, but they are a must-have for building robust, reliable, and trustworthy (non-hallucinating) AI.

Theom, a data access governance and security platform, is excited to announce that it has joined the Snowflake Horizon Partner Ecosystem. Snowflake Horizon is the Data Cloud’s built-in governance solution with a unified set of compliance, security, privacy, interoperability, and access capabilities. Snowflake Horizon makes it easy for customers to govern and take immediate action on data, apps, and more across clouds, teams, partners, and customers — inside and outside organizations. With Theom’s pre-built integrations with the Snowflake Data Cloud, we’re proud to be a part of the Snowflake Horizon Partner Ecosystem.

How Theom integrates with Snowflake Horizon

Theom, a Snowflake Select Technology Partner and Powered by Snowflake Partner, provides fine-grained data access governance and security within Snowflake. Marrying data access governance with breach protection enables our joint customers to uniquely enforce end-to-end protection of their data in Snowflake, even when it moves across clouds and data stores. Theom integrates with several Snowflake native features, including:

         ●      Metadata Retrieval using account_usage views or information_schema: Seamlessly integrate metadata in Snowflake with Theom to scale data access and security

               Policy Setting or Retrieval

                  ●      Dynamic Data Masking (Column-level): Easily protect and manage sensitive data with granular data masking controls

                  ●      Row Access Policies: Secure data with fine-grained, content-based row access policies

         ●      Object Tagging: Know and control your data by applying business context

         .        ●      Set or Retrieve Snowflake object tags, and apply them to objects and/or columns

         ●      Access History: Know the lineage of your data end-to-end

                  ●      Read (for auditing who accessed what)

                  ●      Write (for determining lineage)

         ●      Object Dependencies: Assess downstream impacts and push changes with confidence

         ●      Data Lineage Tracking: View the trajectory of your data upstream and downstream

The architecture above demonstrates how Theom integrates with Snowflake.

Theom collaborates with Snowflake on some particularly compelling use cases, including data and AI governance, data mesh and data contract governance, and insider threat detection and prevention.

Data and AI access governance

Enforcing strict governance over the data that feeds AI is critical to producing models that are accurate and reliable versus those that are not. Theom builds on top of Snowflake Horizon to provide fine-grained access controls over data and AI. Taking a data-centric approach to data access governance, Theom sees every data access event and query in the clear and enforces data access policies and configurations appropriately. This approach enables joint customers to protect their data from bad actors manipulating it, and thus damaging the integrity of the output of their AI models. Theom goes a step further by enforcing the same level of governance over AI, tracking access events related to LLMs and acting on potential prompt injection attacks.

Data mesh and contract governance

The data mesh approach to data management, which decentralizes data ownership and treats data as a product, offers several advantages to data product teams. However, this decentralized approach to data ownership can also present security challenges by making it difficult to establish and enforce a consistent set of global security protocols and increasing the risk of data breaches or unauthorized access to sensitive information. Theom solves these challenges and protects the data mesh in a variety of ways, by:

         ●      Taking inventory of, categorizing, and tracking sensitive data;

         ●      Centralizing data access and privacy controls;

         ●      Implementing data masking measures;

         ●      Securing data boundaries; and

         ●      Continuously monitoring and auditing data access and usage events

Theom also enforces purpose-based access control over data contracts, ensuring data access behaviors comply with the data contracts in place inside Snowflake.

Insider threat protection

By tracking data access and usage and correlating those with policies and permissions, Theom builds a baseline of user behaviors and monitors what is authorized access and what is not. Theom then maps suspicious access behavior to the MITRE ATT&CK framework from Reconnaissance, Infiltration, Intelligence Collection, and Data Gathering. Before threats become full breaches at Exfiltration, Theom takes preventative action through integrations with Security Information and Event Management (SIEM) and Security Orchestration Automation and Response (SOAR) tools.

Theom has deployed in some of the most highly regulated Snowflake environments at Fortune 100 Tech and Financials, Systemically Important Financial Institutions (SIFIs), Healthcare, and Airlines companies helping them enforce data and AI access governance, minimize the risks of data breaches, and ensure compliance with data protection and security regulations. Through the Snowflake Horizon Partner Ecosystem, Theom and Snowflake ensure our joint customers have all the necessary capabilities for real-time observability, governance, and security across their entire data estate. Reach out to [email protected] today to learn more!