Leaving Shared Database Accounts Behind: Securing Snowflake and MongoDB
by Rob Richardson, Developer Advocate, Cyral
About Me
Rob Richardson is a software craftsman building web properties in ASP.NET and Node, React and Vue. He's a frequent speaker at conferences, user groups, and community events, and a diligent teacher and student of high quality software development. You can find this and other talks on https://robrich.org/presentations and follow him on twitter at @rob_rich.
Data Store
Authentication
Get access to data store
Data Access
Governance
Managing who,
Ensuring it's safe
The difference:
Who accessed your data?
Who accessed your data?
Who accessed your data?
In most cases we don't know ...
... because of shared accounts.
User-specific accounts
User-specific accounts
Shared team accounts
Shared team accounts
Service accounts
Service accounts
Data Access Governance
Is there no way to get identity enriched access logs without a mountain of issues?
Application Access Governance
Why SSO with Apps Works
Why can't we
SSO with Data Stores?
The Goal
Cyral Network Diagram
Demo
Securing access to MongoDB and Snowflake
Cyral enables
- federated access control
- consistent visibility
- unified policies
- real-time attack detection and response