Skip to main content

Sensitive Data Discovery

ALTR offers a variety of data discovery tools to assist in data discovery and governance, including an integration with Google Data Loss Prevention (DLP) tools as well as Snowflake's data classification capabilities. These integrations enable ALTR customers to scan data sources connected to ALTR and identify which data may be sensitive. This information can then be used to automate access controls and security policies.

Google Data Loss Prevention (DLP) Classification

ALTR's integration with Google's DLP classification tool randomly samples columnar data from a connected data source and classifies it using Google's DLP API. This API may return an "infotype" indicating what kinds of data may be present in the sample. ALTR provides this information back to users in a Classification Report available on the Classification Report tab, Data ConfigurationData ManagementClassification Report.

ALTR will not sample customer data or send it to the Google DLP tool without explicit instruction from an ALTR administrator. ALTR takes independent samples of data from each column to prevent row identification. ALTR does not persist the sample of data after a given classification job is completed.

Google DLP classification can be performed by toggling Classify and Tag Data and selecting the Google DLP option for a new or already-connected Data Source. Data classification may take a long time to run, depending on the number of columns present in a data source. ALTR will send an email to administrators once a data classification is complete. Performing a Google DLP classification on Snowflake data sources will activate a Snowflake Warehouse. The length of time this warehouse is active depends on the number of columns present in the data source.

Note

Google DLP classification only classifies Snowflake columns and tables that are present in the schema snapshot. This snapshot updates every 72 hours. If your schema information is constantly changing, contact ALTR Support.

Snowflake Classification

ALTR's integration with Snowflake classification enables customers with connected Snowflake data sources to classify columnar data without sampling or sending data to third parties. This option is useful when customers do not wish ALTR to sample data or send it over Google's DLP API. When a Snowflake classification is completed, the resulting Semantic Categories are assigned to relevant columns within Snowflake as Object Tags. ALTR also provides this information in a Classification Report available in the Classification Report tab, Data ConfigurationData ManagementClassification Report.

Snowflake Classification can be triggered by toggling Classify and Tag Data and selecting the Snowflake Classification and Object Tag Import option for a new or already-connected Snowflake Data Source. Snowflake classification may take some time run, depending on the number of columns present in the data source. ALTR will send administrators an email once classification is complete. Performing a Snowflake classification activates a warehouse. The amount of time the warehouse is active depends on the number of columns and amount of data present in the data source.