Snowflake Horizon Advances Industry-Leading Governance with Simplified Internal Marketplaces and AI Innovations

With the rapid adoption of generative AI (gen AI) and large language models (LLMs), organizations are racing to unlock as much business value as possible from their content across data, apps and models. This requires supercharging more employees with the ability to immediately find and collaborate on relevant content to derive insights faster. At the same time, organizations must ensure the right people have access to the right content, while also protecting sensitive and/or Personally Identifiable Information (PII) and fulfilling a growing list of regulatory requirements. Snowflake Horizon empowers these organizations to govern and discover with a built-in, unified set of compliance, security, privacy, interoperability and access capabilities for data, apps and models in the AI Data Cloud —  and even extending these to Iceberg tables. 

With Snowflake Horizon, data governors and stewards can quickly uncover and resolve cross-cloud security risks; universally implement access controls across clouds; and easily apply out-of-the-box, proven governance protections to sensitive content. In addition, data teams can quickly search, discover, access and share these governed data, apps and models from across their ecosystem to boost privacy-preserving collaboration. 

Snowflake Horizon continues to innovate, allowing data teams to now collaborate in a governed way within their organization. To help organizations better govern AI, Snowflake Horizon is also advancing security, lineage and sharing capabilities for models. Additional built-in UI’s and privacy enhancements make it even easier to understand and manage sensitive data. 

The Internal Marketplace (private preview) introduces a new way for customers to boost secure collaboration, through a single directory of all data products specifically curated for use within an organization. This is made possible with the introduction of Organizational Profiles and Listings, which can only be shared within an organization to prevent unintended exposure while providing rich metadata, such as data dictionaries, ownership, usage examples and usage analytics. Access to Organizational Listings can be granted granularly to individual roles within the source account, to a set of accounts or to the entire organization. In addition to sharing data and Snowflake Native Apps, data teams can now also use listings to easily share AI models (private preview soon), Iceberg Tables (generally available) and Dynamic Tables (generally available) across cloud regions.  

Snowflake is also making it easier for you to manage listings. Listings can now be managed through APIs (public preview) to help with large-scale implementations and repeatable processes through automation and integration into existing applications. To save costs and promote content freshness, Object-level Replication (generally available) optimizes the fulfillment of just the required objects across regions and clouds. Snowflake has also made it easier to access listing content from across regions and clouds with the introduction of Uniform Listing Locators, or ULLs (private preview). Just as the URL was pivotal in connecting the world with the internet, the ULL is connecting the world with data, apps and models across the AI Data Cloud. ULLs can be embedded within a SQL query to access shared data in Organizational Listings without having to mount a shared database or require elevated privileges.

To enhance discoverability and curation, Snowflake is announcing several innovations to help data teams and data governors and stewards better understand their content. AI-powered Object Descriptions, in private preview soon, uses AI to allow customers to automatically generate relevant descriptions and comments to tables and views, while the Object Insights Interface (private preview) provides more context by surfacing relevant insights about the popularity, access, quality and dependencies of these objects.

To streamline classification, the Sensitive Data Classification Interface (generally available soon) lets data governors and stewards start a data-classification job for an entire schema, or a subset of tables within it, and allows them to choose when to review and apply the classification results. They can even run classification with auto-tagging, which allows the “auto-application” of high-confidence Snowflake classifiers to objects. Through Sensitive Data Auto-Classification (private preview), they can further use SQL to automate the classification and tagging of sensitive data on a configurable interval, or when a new table is created, to reduce manual work and orchestration. Automatic Tag Propagation (private preview soon) is another new feature that will let them proactively propagate a tag (along with any applied policies) when the data flows to new objects or is projected using a view.

Universal Search (generally available) leverages AI so anyone can now use natural language to search and discover tables, views, databases, schemas, Iceberg tables, Snowflake Marketplace listings, Snowflake documentation, and now also worksheets, dashboards and content from.

Security improvements for models and apps

Inconsistent security and access controls, across systems and users, require laborious configurations and introduce risk, which is exacerbated by the complexity of securing LLMs. With Snowflake Horizon, governors and stewards get centralized, secure-by-default capabilities to help the organization comply and enable appropriate access without exposing vulnerabilities. For AI security, Snowflake recently released the Snowflake AI Security Framework to help organizations evaluate the safety of their AI systems with proposed mitigations. Additionally, Snowflake Cortex Guard will soon be generally available - this capability leverages Meta’s Llama Guard, an LLM-based input-output safeguard model, to filter for harmful content associated with violence and hate, self-harm and criminal activities. 

With the Trust Center (generally available soon), governors and stewards can quickly discover and resolve security and compliance risks across clouds in one centralized place, to lower security monitoring costs and prevent escalation of account risks. They can quickly scan their Snowflake account to detect security violations based on industry best practices. Snowflake is making an additional enhancement to the Trust Center to include scans for software vulnerabilities in Snowflake Native Apps (private preview soon).  

Snowflake is further enhancing access protections with a set of generally available authentication improvements — including authentication policies, identity-first login flow and support for federated SAML authentication using multiple identity providers — to help reduce user lockouts and further prevent unauthorized access. With the general availability of several enhanced network security capabilities like network rules, which are schema-level objects that group network identifiers into logical units, data governors and stewards can now improve manageability, troubleshooting and auditability. When combined with network rules, network policies can now restrict access based on the identifier of an AWS S3 endpoint or Azure private endpoint. Snowflake Secrets, which are native Snowflake objects that store sensitive data or authentication credentials, are now also generally available to securely connect and authenticate with external API endpoints and first-party connectors. Snowflake will further extend private connectivity for outbound connections from Snowflake to CSP services (private preview soon) to help organizations, especially those in highly regulated industries, comply with connectivity requirements.

Snowflake is revolutionizing how technical and nontechnical users are collaborating on sensitive data while preserving privacy through out-of-the-box templates and a no-code UI in Snowflake Data Clean Rooms. In December 2023, Snowflake announced its acquisition of data clean room technology provider Samooha. Now, Samooha’s offering is integrated and available as Snowflake Data Clean Rooms, generally available to customers in select regions. Nontechnical teams can easily leverage prebuilt templates and deploy machine learning models for key multiparty collaboration use cases such as look-alike modeling, audience overlap, last-touch attribution and more. Developer APIs allow for clean room customizations and deployment of any AI model. Learn more in the blog. 

Adding to the family of privacy policies comes support for entity-level aggregation constraints (generally available), which allow customers to use aggregation policies directly with transactional data. To unlock sharing scenarios with highly sensitive or regulated data, customers can use differential privacy policies (public preview soon) to protect data subjects like people, organizations and locations from re-identification and privacy attacks. Additionally, customers can generate synthetic data (private preview soon) based on their sensitive data sets to create a row-level reproduction of data that retains the referential integrity of the original and can be shared or moved to different testing and development environments.

Snowflake Horizon helps organizations successfully perform internal and external compliance reviews and audits with built-in lineage and data-quality monitoring. For data governors and stewards to better understand upstream and downstream relationships for root cause analyses, Snowflake is expanding the Lineage Visualization Interface beyond data objects, like tables and views (public preview soon), to ML assets (private preview). For tables and views, they can see downstream objects impacted by modifications and follow intuitive UI workflows to propagate tags to protect downstream columns with PII. For ML assets, they can trace end-to-end feature and model lineage, from data to insight, for reproducibility, stronger compliance and simplified observability.

Finally, with Data Quality Monitoring (generally available soon), organizations can define and automatically measure and monitor either out-of-the-box system metrics (such as null count) or custom data-quality metrics to effectively monitor and report on degradation in data quality. 

The powerful governance and discovery capabilities of Snowflake Horizon extend well beyond data stored internally in Snowflake. With the open Polaris Catalog (public preview soon), any engine that already supports the Iceberg REST API can now create an Iceberg table, and after these tables are synced to Snowflake, Snowflake Horizon’s leading governance and discovery capabilities can easily be applied to them as if they were native Snowflake objects. To further extend Snowflake Horizon’s governance capabilities beyond Snowflake and Iceberg, organizations can leverage prebuilt integrations by enterprise data catalog, governance and security partners in the Snowflake Horizon partner ecosystem. 

Snowflake Horizon empowers data governors and stewards, and data teams with a unified way to govern and discover data, apps and models in the AI Data Cloud. With centralized threat-monitoring and RBAC across clouds, easy and granular protection of content, along with quick discovery and privacy-preserving collaboration, Snowflake Horizon enables a well-governed data foundation that unlocks a fast and secure path to productizing AI, applications and more in the enterprise.
To learn more about Snowflake Horizon, check out the demo in the Snowflake Horizon YouTube playlist and read the Definitive Guide to Governance in Snowflake.