Implement data protection strategies and configure secure data sharing between Snowflake accounts (12% of exam).
This domain covers implementing data protection strategies including Time Travel, Fail-safe, and data cloning. It also covers using data masking policies, row access policies, and object tagging for data governance. Understanding and configuring secure data sharing among different Snowflake accounts, using listings and data exchanges, and meeting compliance requirements are also key topics.
5 minutes
5 Questions
Data Protection and Data Sharing are fundamental concepts in Snowflake that every SnowPro Core certification candidate must understand thoroughly.
**Data Protection:**
Snowflake provides comprehensive data protection through multiple layers of security. Time Travel allows users to access historical data for a configurable period (1-90 days depending on edition), enabling recovery from accidental modifications or deletions. Fail-safe provides an additional 7-day period where Snowflake can recover data after Time Travel expires, though this requires contacting Snowflake support.
Encryption is automatic and always-on in Snowflake. Data is encrypted at rest using AES-256 strong encryption and in transit using TLS 1.2. Tri-Secret Secure combines customer-managed keys with Snowflake-managed keys for enhanced security control. Snowflake also supports periodic rekeying of encrypted data.
Role-based access control (RBAC) ensures proper authorization, while network policies restrict access based on IP addresses. Multi-factor authentication (MFA) adds another security layer for user authentication.
**Data Sharing:**
Snowflake's Secure Data Sharing enables organizations to share data between accounts in real-time with zero data movement or copying. Providers create shares containing database objects (tables, views, UDFs) and grant access to consumer accounts.
Key benefits include:
- No data duplication or ETL required
- Consumers see live, current data
- Providers maintain full control over shared data
- Billing remains with the provider for storage; consumers pay for compute
Reader accounts allow sharing with non-Snowflake customers, where the provider manages and pays for the reader account's compute resources.
Data Marketplace extends sharing capabilities, allowing providers to monetize datasets or offer free data products to the broader Snowflake community. Private listings enable controlled sharing with specific partners.
Secure views and secure UDFs protect underlying data logic while enabling sharing, ensuring sensitive business rules remain hidden from consumers.Data Protection and Data Sharing are fundamental concepts in Snowflake that every SnowPro Core certification candidate must understand thoroughly.
**Data Protection:**
Snowflake provides comprehensive data protection through multiple layers of security. Time Travel allows users to access historica…