Blog

Rethinking data governance: Enforcing policy where data lives

Data ecosystem complexity now requires policy enforcement to be embedded and automated for better governance

Sam Tawfik
Product Marketing Director
June 2, 2025

Enforcing data policies in Snowflake
1. Connect to Snowflake
2. Classify your data
3. Define data policies
4. Detect violations
5. Enforce policies with Snowflake native controls
A new era of embedded governance

As organizations increasingly rely on cloud data platforms like Snowflake to power analytics, AI, and operational workloads, the complexity and volume of data use have outpaced traditional governance models. Data must be accessible and responsibly used, leaving no time for manual processes and fragmented controls.

This shift calls for a new approach: embedding policy enforcement where data lives and decisions are made. Rather than relying on downstream mechanisms that are often inconsistent or reactive, forward-thinking data leaders are reimagining governance as a proactive, integrated function within their data architecture.

That’s why OneTrust Data Policy Enforcement helps translate governance intent into action, enabling organizations to define, detect, and enforce data policies automatically in cloud platforms like Snowflake.

Shape

Enforcing data policies in Snowflake

OneTrust Data Policy Enforcement integrates with Snowflake through native connectors, enabling direct visibility into data structures, access patterns, and classification metadata. From there, teams can define and apply column-masking and row-filtering policies programmatically that are embedded into the workflow.

1. Connect to Snowflake

Setting up the integration involves authenticating OneTrust with your Snowflake account using secure credentials. Once connected, Data Policy Enforcement can access metadata and monitor objects such as tables, views, and roles in real time.

Figure 1 describes the connection setup steps for assigning a OneTrust worker node and providing the login credentials.

Figure 1: Connecting to data sources

2. Classify your data

Data Policy Enforcement supports and extends Snowflake’s native classification features. This allows teams to leverage Snowflake’s classifications for PII, health information, financial identifiers, and other sensitive attributes. Classifications are continuously updated and mapped to defined data domains or regulatory categories. OneTrust leverages Snowflake’s classification tags and maps them to OneTrust terms. Users can also assign additional terms in OneTrust for more accurate and granular classifications.

Figure 2 provides an overview of how the OneTrust user navigates the Snowflake metadata and the assigned tags.

Figure 2: Snowflake metadata navigation

3. Define data policies

Policies can be authored using a no-code interface, enabling governance teams to write clear, reusable rules. These policies can reflect conditions based on user role, data sensitivity, and/or processing purpose. They are applied to flag violations or enforce the appropriate controls.

Figure 3 illustrates how to create a new data policy, assign its owner and severity, and set up policy conditions based on sensitivity tags and roles.

Figure 3: Policy definition

4. Detect violations

As classifications are applied, Data Policy Enforcement evaluates them against centrally managed policies, such as “financial data must be masked for external contractors” or “personal data should not be queried without consent.” Violations are flagged in real-time dashboards, allowing teams to understand where enforcement gaps exist and why.

Figure 4 shows unmasked sensitive data in Snowflake that requires masking in specific columns to protect confidential information. The user also has the option to apply policy actions directly from the violations report.

Figure 4: Policy violations

5. Enforce policies using Snowflake native controls

With Data Policy Enforcement, OneTrust automates governance by transforming policies into enforceable, machine-readable code. It applies governance dynamically within data pipelines for native data policy enforcement in Snowflake. 

OneTrust offers column-masking and row-filtering data controls to address data privacy and consent requirements for effective data use governance.

Column-masking policies ensure that sensitive data, such as SSNs or emails, is masked for unauthorized users (see figure 5).

Figure 5: Data masking policy

Row-filtering data policies provide the necessary controls to limit data access based on the consent of personal data collected and the purpose of the user (see Figure 6).

Figure 6: Row-filtering policy

A new era of embedded governance

As data environments become more distributed and dynamic, the role of governance must evolve from static oversight to embedded, actionable policy enforcement. Placing controls directly within the data platform — where access decisions are made — offers a scalable, consistent, and future-ready approach to managing data use. For organizations aiming to build trust in their data while enabling innovation, this shift isn't just logical — it's essential.

Blog

Rethinking data governance: Enforcing policy where data lives

Table of contents

Enforcing data policies in Snowflake

1. Connect to Snowflake

2. Classify your data

3. Define data policies

4. Detect violations

5. Enforce policies using Snowflake native controls

A new era of embedded governance

You may also like

AI Governance

Automating metadata capture: Future-proofing data management for AI

This webinar will explore how automating metadata capture can streamline the management of unstructured data, making it AI-ready while ensuring data quality and security.

January 14, 2025

Navigating the top 5 data sharing challenges

This webinar will uncover the top 5 data sharing challenges organizations face and demonstrate how advanced data governance solutions can streamline processes, improve data quality, and enhance compliance, allowing organizations to discover the full potential of their data assets.

October 31, 2024

Data Discovery & Classification

Enhancing Data Governance: OneTrust and Snowflake strategies for data-driven businesses

Join us for a webinar with Jim Warner and Alex Cash to explore how Snowflake and OneTrust can revolutionize your data governance strategy, helping you maintain data quality, ensure compliance, and exceed marketing ROI in 2024.

September 24, 2024

AI Governance

Data and AI governance for responsible use of data

Learn why discovering, classifying, and using data responsibly is the only way to ensure your AI is governed properly.

September 12, 2024

Data Discovery & Classification

Catch it live: See the all-new features in OneTrust's Spring Release and Post-TrustWeek recap

June 06, 2024

Privacy & Data Governance

Data governance across industries: Leveraging your organization's most valuable asset

Download our new eBook and learn how to leverage the value of data governance across industries, including financial services, healthcare, retail, and manufacturing.

April 17, 2024

Data Discovery & Classification

The KuppingerCole Leadership Compass on Data Governance

OneTrust has been named a leader in the 2024 KuppingerCole Leadership Compass on Data Governance, receiving the highest rating for Product​, Innovation​, and Market.

March 08, 2024

Data Discovery & Classification

OneTrust Privacy & Data Governance Cloud gains momentum with widespread industry recognition

OneTrust maintains its leading position in Privacy & Data Governance, with a record number of recognitions in the last six months from KuppingerCole and Forrester

March 07, 2024

Data Discovery & Classification

Data governance in manufacturing: Challenges and use cases

Learn the impact a data governance program has in manufacturing and how it enables greater efficiency across your supply chain

February 26, 2024

Data Discovery & Classification

What to look for in a data discovery solution

Make sure you choose the right data discovery solution for your organization with our comprehensive breakdown of key benefits and features to look for.

February 20, 2024

Data Discovery & Classification

Data governance in retail: Challenges and use cases

Learn how data governance can help manage the high volume and sensitivity of data that runs through your retail operations.

February 12, 2024

Data Discovery & Classification

Data governance in healthcare: Challenges and use cases

Learn how data governance can help your healthcare organization effectively manage its protected health information (PHI) and other sensitive data.

February 08, 2024

Data Discovery & Classification

Data governance in financial services: Challenges and use cases

Learn how data governance can help address common challenges in the financial services industry and protect your most critical information.

January 12, 2024

Data Discovery & Security

A guided tour of OneTrust Data Discovery magic

Our expert speaker will demonstrate how common real-world data challenges can be identified, addressed, and reported on, leading to better data governance, security, and alignment with business goals.

October 26, 2023

Data Discovery & Security

Data minimization and risk assessment in data discovery

Explore the concept of data minimization and its crucial role in enhancing security, privacy, and reducing risk.

October 19, 2023

Data Discovery & Security

Data Discovery Dispelled: Data's dark corners

Join the first part of our Data Discovery Dispelled webinar series where we will discuss the hidden sensitive information that could pose risks for your organization.

October 12, 2023

Data Discovery & Security

Data Discovery Dispelled: Unmasking the mysteries of data

Join us for a journey into the heart of data management as we explore the depths of data within organizations and shed light on how technology can enhance data security, privacy, and compliance.

October 12, 2023

Data Discovery & Classification

Ultimate guide to building a data governance program

Download this eBook and learn practical methods in building a flexible data governance program that aligns with your business.

OneTrust has been named a leader in the 2024 KuppingerCole Leadership Compass on Data Governance, receiving the highest rating for Product, Innovation, and Market.

Join us for this instalment of our Future of Privacy Automation Series for a discussion of the challenges, key components, and building blocks of DSAR automation.