Securing Your Snowflake Account

Most Snowflake accounts go live with the default configuration — no network restrictions, over-privileged users, no enforced authentication. That's a real exposure: one leaked credential or misconfigured role can compromise your entire data platform, and recovering admin access after a lockout can take two business days. This session is for the admins, platform engineers, and data team leads who need a clear, ordered playbook for locking it down right.

We walk through Snowflake's layered security model in the order that matters: recovery first so you can never lock yourself out, then roles and least privilege, then user provisioning, then network restrictions, then authentication policies. Each layer builds on the last. By the end you have a coherent security baseline, not a list of disconnected settings.

In this Hands-on Lab, we will be building each control live in a SQL notebook inside your own Snowflake account: • Setting up a break-glass emergency admin • Designing a role hierarchy with RBAC and least privilege • Creating network rules and policies for trusted IP ranges • Configuring authentication policies for MFA and SSO

Attendees leave with a working security baseline in their own account — a break-glass admin, a role hierarchy built on least privilege, network policies, and authentication policies for MFA and SSO. They'll also have the SQL and the reasoning behind each decision, so they can apply the same approach to any account they manage.