I’m going to be honest with you, I’m not an expert in security. Sure, I know you need to lock your front door, but not which type of lock is the best or which certificates it comes with.

For me it’s the same with storing your data, I know security is really important, but there are a lot of terms around security that puzzles me. This is why I dived a bit deeper in the security around Snowflake and I like to break down what I found. What I can say upfront is that Snowflake takes security very seriously. 

The door is locked

First, the door is locked. Same with the front door of your house you cannot access Snowflake without a key. In this case, the key is a user/password combination.

To make it even meet modern security standards Snowflake can use multi-factor authentication. This means it sends you a code on your phone you need to provide back. Or features like Single-Sign-On, so you don’t even need to choose a new password but use the authentication from your company to log in. 

There's much more to learn about authentication in Snowflake via Snowflake's documentation website.

 


Safe environment

Next to having a proper lock Snowflake also makes sure you can only log in from a safe environment. So only approved locations are allowed in, for example from your home address or your office. Also, it is possible to enable VPN which makes it even more secure because of an additional security layer. 

Again, if you want to read more, please read the following page on Snowflake's documentation website.

 


Access for others

Finally, there are loads of options to make sure that people who have access to your Snowflake only have access to data they should have access to. In my opinion, this is not really a lot different from traditional databases. Snowflake provides granular control over access to objects. My simple take from this is that you are a user, with a certain role (Role-based Access Control (RBAC)). Based on that role you have access to different tables. And, obviously, you can have multiple roles as a user. 

Maybe good to add, and this makes Snowflake even more secure than traditional, on-premise databases, is the lack of a super-user. There is no one user that rules us all.

If you want to learn more about authorization please read the following page on Snowflake's documentation website.

 

A summary for your convenience

Snowflake provides industry-leading features that ensure the highest levels of security for an account and users, as well as all the data you store in Snowflake.

The following table provides a high-level summary of the feature categories, the features within each category.

Category Features

Network/site access

Site access controlled through IP allow and block lists, managed through network policies.

Private communication between the VPC/VNet and the Snowflake service.

Private communication to Snowflake internal stages.

Configure the idle session timeout for your account or a user through session policies.

User & Group Administration

SCIM to manage user identities and groups (i.e. roles).

Account/user authentication

Key Pair Authentication & Key Pair Rotation for increased security with client authentication.

MFA (multi-factor authentication) for increased security for account access by users.

OAuth for authorized account access without sharing or storing user login credentials.

Support for user SSO (single sign-on) through federated authentication.

Key-Pair Authentication as an alternative to basic authentication (i.e. username and password) and key-pair rotation to support multiple active keys.

Object security

Controlled access to all objects in the account (e.g. users, warehouses, databases, tables) through a hybrid model of DAC (discretionary access control) and RBAC (role-based access control).

Data security

All ingested data stored in Snowflake tables is encrypted using AES-256 strong encryption.
All files stored in internal stages for data loading and unloading automatically encrypted using AES-256 strong encryption.
Periodic rekeying of encrypted data.
Support for encrypting data using customer-managed keys.

Security validations

Soc 1 Type II and Soc 2 Type II compliance.

Support for HIPAA compliance.

PCI DSS compliance.

HITRUST CSF compliance (see supported regions).

FedRAMP Moderate compliance (in the US government regions).

IRAP Protected compliance (in specified Asia Pacific regions).

 


Conclusion

So, to conclude… Snowflake takes security really seriously. At Biztory we have multiple experts who are more than happy to provide you with more information about Snowflake's security measures. 


Build a data-driven organization with Snowflake. 

A powerful data cloud thanks to an architecture and technology that enables today’s data-driven organizations. 

Snowflake can power a near-unlimited number of concurrent workloads, ranging from data warehousing, data lakes, data engineering, data science, data application development, securely sharing and consuming shared data. The true workhorse of any modern data team. If you’re moving data into Snowflake or extracting insight out of Snowflake, Biztory is the technology partner and system integrator you're looking for. We will help you deploy Snowflake for your success.

Want to try out Snowflake? We got you covered! Sign up for a Snowflake trial today and receive $400 worth of free usage when you test drive Snowflake. Don't hesitate to reach out to us if you need some assistance with you setting up your Snowflake trial. We'll get one of our bright minds to help you with it.

avatar_120x120_email_lex_pierik
Lex Pierik
Analytics Consultant
Biztory 

 

Let's talk about your data challenges


Discover other Snowflake content

Author
Lex Pierik

Lex Pierik

I help you get insights from your data. Easier. Faster.

Read more articles of this author
Let's discuss your data challenges

Join our community of data enthusiasts

Get industry insights, expert tips and Biztory news sent straight to your inbox with our monthly newsletter.