Zero Standing Privilege is the holy grail of access control. It combines the principles of Zero Trust, Least Privilege Access, and Just-in-Time Access Management. In this session, I will introduce Zero standing privilege and discuss how to implement it in a data platform setting using Snowflake.

The zero-standing-privileges design is highly prized in the security world. However, it comes with some additional hurdles when operating in a Data Platform setting. Data development work often requires prolonged access to systems, where just-in-time access can cause frustration if timeouts are too aggressive. Data engineering work also involves interacting with the platform, often using privileged access. Requiring a strong separation of duty without introducing too much friction.

Infrastructure in the cloud should also use Infrastructure as code (IaC) with version control. Our security infrastructure is no different in this regard. In this session, I will introduce the concept of Access as Code (AaC), making our RBAC access structure declarative, autitable, and self-healing.