Model based on security isolation
For sensitive workloads consider the security isolation before migrating your workload.
The necessary first component is setting up access control for your users. Choose to apply access controls on the client tools or directly in the database. You can use RBAC to apply policies based on organizational or application-level grouping and tag data with meaningful metadata to use in policies for data-oriented access controls (that is, access rules follow the data). After these basics are complete, you can create a single Virtual Warehouse for a specific security grouping, which ensures that only users in that group can access those specific compute resources.