Protecting sensitive data

Matillion ETL software integrates with virtually any data source, ingests data into leading cloud data platforms, and transforms data so it can be used by leading analytics and BI tools and synced back to the business.

Matillion offers selected Universities the usage of the Software for student enablement on data engineering.

ALTR (al·tr [/ôltər/]) is the only automated data access control and security solution that allows you to easily govern and protect sensitive data in the cloud – so you can gain more insights and value from more data in less time.

Step by step approach to securing your data

by Naima Houbati

Protecting sensitive data is becoming a critical aspect of any organization’s data processes. Sensitive information, such as financial data, personal information, and confidential business information, must be kept secure to prevent unauthorized access, theft or misuse.

Of course, by implementing robust security measures and technologies, such as data loss prevention tools, network protection, and strong access controls, companies can significantly reduce the risk of a breach and protect sensitive data.

Tokenization can come on top of ‘traditional’ security measures to protect sensitive data, by physically replacing the original data at the database level using a unique identifier or token. This token can be used to revert the process to see the original data on the fly.

Sounds like masking data? Yes and no… While the data remains clear when applying a mask, tokenization physically alters the underneath data… So, it goes one step further than simply masking data.

Detokenization is the process of reversing tokenization  by taking the token and returning the original data. This process is typically only done in secure systems where the data is needed for legitimate purposes, such as for a financial transaction.

Codex Consulting prioritizes protection of sensitive data and is dedicated to implementing tokenization and detokenization techniques in a straightforward manner, without the need for complex protocol.

In this blog, ALTR ( is the go-to solution for data security, data governance and monitoring. Matillion is the data integration and productivity tool for streamlining data pipelines and delivering promised protection to organizations. Snowflake is the Data Cloud platform on which we want to add another layer of security and protection.

Therefore, our goal is to convey our expertise on seamlessly incorporating tokenization and detokenization to secure sensitive data within your Snowflake environment.

Let’s take the example where customer emails require protection and only specific roles have access to the clear data.

These are the steps of tokenization & detokenization: 


The purpose of this function is to detokenize sensitive data that has been previously tokenized using the ALTR_PROTECT_TOKENIZE function.

Let’s create a script (SQL component in Matillion) to call the Snowflake Function we just created.

We run the script below in the Snowflake environment with component SQL script and will want to choose the email data we want to protect.

Now let’s check the email column in Snowflake. We can see that the email field is now protected.

But we also want to make sure that only authorized groups can see the data in clear.


As per our observations, the email data has been physically modified in Snowflake so that only specific groups can access the unencrypted data while the data remains tokenized for others. Is it possible to reverse this process and restore the data to its original state? Yes, definitely!

These are the steps in Snowflake and ALTR:

Run the following script in the SQL component: 

Ultimately, tokenization and detokenization are effective and effortless using Matillion and ALTR.

The automation offered by these tools is remarkable and saves a lot of time for data engineers, allowing them to access and utilize cloud data in a matter of minutes.