The door is locked
First, the door is locked. Same with the front door of your house you cannot access Snowflake without a key. In this case, the key is a user/password combination.
To make it even meet modern security standards Snowflake can use multi-factor authentication. This means it sends you a code on your phone you need to provide back. Or features like Single-Sign-On, so you don’t even need to choose a new password but use the authentication from your company to log in.
There's much more to learn about authentication in Snowflake via Snowflake's documentation website.
Safe environment
Next to having a proper lock Snowflake also makes sure you can only log in from a safe environment. So only approved locations are allowed in, for example from your home address or your office. Also, it is possible to enable VPN which makes it even more secure because of an additional security layer.
Access for others
Finally, there are loads of options to make sure that people who have access to your Snowflake only have access to data they should have access to. In my opinion, this is not really a lot different from traditional databases. Snowflake provides granular control over access to objects. My simple take from this is that you are a user, with a certain role (Role-based Access Control (RBAC)). Based on that role you have access to different tables. And, obviously, you can have multiple roles as a user.
Maybe good to add, and this makes Snowflake even more secure than traditional, on-premise databases, is the lack of a super-user. There is no one user that rules us all.
A summary for your convenience
Snowflake provides industry-leading features that ensure the highest levels of security for an account and users, as well as all the data you store in Snowflake.
The following table provides a high-level summary of the feature categories, the features within each category.
Category | Features |
Network/site access |
Site access controlled through IP allow and block lists, managed through network policies. Private communication between the VPC/VNet and the Snowflake service. Private communication to Snowflake internal stages. Configure the idle session timeout for your account or a user through session policies. |
---|---|
User & Group Administration |
SCIM to manage user identities and groups (i.e. roles). |
Account/user authentication |
Key Pair Authentication & Key Pair Rotation for increased security with client authentication. MFA (multi-factor authentication) for increased security for account access by users. OAuth for authorized account access without sharing or storing user login credentials. Support for user SSO (single sign-on) through federated authentication. Key-Pair Authentication as an alternative to basic authentication (i.e. username and password) and key-pair rotation to support multiple active keys. |
Object security |
Controlled access to all objects in the account (e.g. users, warehouses, databases, tables) through a hybrid model of DAC (discretionary access control) and RBAC (role-based access control). |
Data security |
All ingested data stored in Snowflake tables is encrypted using AES-256 strong encryption. All files stored in internal stages for data loading and unloading automatically encrypted using AES-256 strong encryption. Periodic rekeying of encrypted data. Support for encrypting data using customer-managed keys. |
Security validations |
Soc 1 Type II and Soc 2 Type II compliance. Support for HIPAA compliance. PCI DSS compliance. HITRUST CSF compliance (see supported regions). FedRAMP Moderate compliance (in the US government regions). IRAP Protected compliance (in specified Asia Pacific regions). |
Conclusion
So, to conclude… Snowflake takes security really seriously. At Biztory we have multiple experts who are more than happy to provide you with more information about Snowflake's security measures.
Build a data-driven organization with Snowflake.
A powerful data cloud thanks to an architecture and technology that enables today’s data-driven organizations.
Want to try out Snowflake? We got you covered! Sign up for a Snowflake trial today and receive $400 worth of free usage when you test drive Snowflake. Don't hesitate to reach out to us if you need some assistance with you setting up your Snowflake trial. We'll get one of our bright minds to help you with it.
Lex Pierik
Analytics Consultant
Biztory
Discover other Snowflake content
- Technologies - Snowflake
- Blog | Snowflake 101: Why is Snowflake Great? (1/4)
- Blog | Snowflake 101: Setting Up Environment and Database (2/4)
- Blog | Snowflake 101: Loading Data from Local (3/4)
- Blog | Snowflake 101: Loading Data from Cloud using AWS (4/4)
- Blog | What is Snowflake?
- Blog | What are the different Snowflake components?
- Blog | Is Snowflake difficult to learn
- Blog | The Power of Snowflake's Data Sharing
- Blog | Snowflake Security - The essentials
- Blog | How to pass the SnowPro Core certification exam