The White House recently released the first National Cybersecurity Strategy, which among other things, holds the stewards of data accountable and shifts liability for insecure software products and services away from end users and toward vendors that are capable of taking actions to prevent bad outcomes. We are thrilled to announce both the availability of the Snowflake Shared Responsibility Model, alongside Snowflake’s collaboration with the Center for Internet Security (CIS) and the security community to create and publish the CIS Snowflake Foundations Benchmark.
In a previous blog post, we argued how security has been the guiding principle for designing and building Snowflake from the start. In this post, we are taking the next step to make the accountability model more transparent and also provide guidelines on how customers can secure their accounts.
What is the Snowflake Shared Responsibility Model?
It helps establish a clear understanding of who is responsible for which security controls and practices to ensure a collaborative, yet accountable, approach to security.
With the Shared Responsibility Model, our users can now have a more comprehensive view of their security obligations as well as the measures we, at Snowflake, have implemented to protect user data. This model fosters transparency and empowers our users to actively participate in securing their Snowflake deployments. Our guiding principle is to minimize the customer’s obligations under the model and assume a majority of the responsibilities through automation and feature availability within Snowflake’s product offering. This is clear from the size of the customer side of our model compared to other vendors in the market.
Key benefits of the Snowflake Shared Responsibility Model
1. Clear accountability: The model clearly defines the responsibilities of each party, eliminating any ambiguity and fostering a collaborative approach to security.
2. Enhanced security: The model ensures that both the platform provider and users actively contribute to the security of Snowflake deployments, creating a robust security posture. For example, the Snowflake platform provides customers with the ability to restrict access to a Snowflake account based on source IP addresses. Customers can configure the list of trusted IP addresses by setting up account-level network policies. The CIS Snowflake Foundations benchmark provides further guidelines on which security controls to configure on the Snowflake platform and how, thus helping customers increase the security of their account.
3. Improved compliance: Adhering to the Shared Responsibility Model helps organizations demonstrate their commitment to security and compliance requirements.
4. Ease of use: Security is built into Snowflake services, and the secure defaults available within our product help minimize the customer’s maintenance burden for their obligations under the shared responsibility model as much as possible.
Introducing the CIS Snowflake Foundations Benchmark
In addition to the Snowflake Shared Responsibility Model, we are excited to announce our collaboration with CIS to create a benchmark that captures Snowflake’s security capabilities and security best practices for our customers. The CIS Snowflake Foundations Benchmark is a set of industry-recognized best practices and security configurations that help organizations strengthen their Snowflake deployments. Join the CIS Snowflake community today to provide feedback and participate in creating the CIS Snowflake Foundations Benchmark. This benchmark will make it even easier to verify that you are following security best practices without being security experts.