AKT London

_{Why the status quo created risk}

‍

The absence of structure introduced several risks. From a security perspective, daily operations relied heavily on highly privileged roles, increasing exposure if credentials were misused. From an operational standpoint, ingestion pipelines depended on individual users rather than service accounts, creating fragility in the event of offboarding or unexpected absence.

‍

Cost management was equally challenging. With all compute activity running on one warehouse, the business lacked insight into which tools, teams, or workloads were driving Snowflake spend. And without clear separation between raw, transformed, and analytics-ready data, governance and lineage were difficult to enforce.

‍

‍

_{Rebuilding Snowflake with governance at the core}

‍

AKT London partnered with Biztory to redesign its Snowflake environment around best practices for security, governance, and scalability. Rather than applying incremental fixes, the focus was on creating a structure that would remain robust as data volumes and usage grew.

‍

The Snowflake account was reorganized around the medallion data model, clearly separating data into Bronze (raw), Silver (cleaned and transformed), and Gold (business-ready) layers. Within each database, schemas were introduced to distinguish staging data, intermediate transformations, marts, and curated BI views. This structure brought immediate clarity to data lineage and enabled precise access control at each stage of the pipeline.

‍

A dedicated governance database was also created to centralize global policies and administrative logic, ensuring consistency as the platform evolves.

‍

‍

_{Improving cost control with purpose-built warehouses}

‍

To address cost visibility and performance, the single default warehouse was replaced with service-specific warehouses. Separate compute resources were assigned to ingestion, transformation, and analytics workloads, making it possible to track usage by service and identify optimization opportunities.

‍

This shift not only improved transparency around Snowflake spend, but also reduced contention between workloads and improved overall performance.

‍

‍

_{Establishing role-based access and removing key-person risk}

‍

Security and access management were overhauled through a structured RBAC strategy. Instead of relying on the ACCOUNTADMIN role for daily operations, Biztory defined clear responsibilities for Snowflake’s built-in roles and introduced custom roles tailored to specific services and user groups.

‍

Dedicated service accounts were created for tools such as Fivetran and dbt Cloud, ensuring ingestion and transformation pipelines remained stable regardless of personnel changes. Read-only and governance-specific roles enforced least-privilege access, reducing risk while simplifying administration.

‍

‍

_{Strengthening security with MFA and dynamic masking}

‍

To further protect sensitive data, multi-factor authentication was enforced for all Snowflake users via Duo Security. On the data side, tag-based dynamic masking policies were implemented to ensure PII was consistently protected across all datasets.

‍

This approach allowed sensitive fields to be masked by default while still enabling authorized administrative access when required—balancing compliance with usability across analytics and reporting tools.

‍

‍

_{Impact: A platform built for scale and trust}

‍

The restructured Snowflake environment delivered immediate improvements in security, governance, and operational efficiency. Access management became clearer and easier to maintain, key-person dependencies were eliminated, and sensitive data was protected by default.

‍

Service-specific warehouses provided transparency into compute usage and costs, while the medallion architecture brought clarity to data flows and ownership. Beyond stabilizing the current platform, the engagement also produced a forward-looking roadmap—highlighting opportunities to adopt advanced Snowflake capabilities such as Notebooks, Cortex AI, Snowpark, and Marketplace integrations.

‍

AKT London now operates on a Snowflake platform that is not only secure and governed, but ready to scale—supporting future innovation with confidence and control.