Snowflake Summit '25

Join fellow data and AI pioneers this June at Snowflake's annual user conference in San Francisco.

SNOWFLAKE SECURITY HUB

Secure your environment with continuous risk monitoring, vulnerability management, role-based access controls and network security policies.

horizon diagram
BLOG

Shared Destiny with Snowflake Horizon Catalog Built-In Security

Hear how Horizon Catalog security capabilities, empower security admins and CISOs to better protect environments and centralize threat monitoring and RBAC.

Secure by design

Snowflake services and accounts are designed for security, lowering the risk of vulnerabilities and breaches with features that help customers configure comprehensive levels of security for their data and users.

Easy to use

An intuitive security framework that integrates into daily operations, reducing manual work and development time.

AI-based monitoring

Snowflake continuously monitors its systems and networks for configuration drifts and suspicious activity, enabling rapid detection and response to potential threats and vulnerabilities.

SNOWFLAKE SECURITY BENEFITS

Trust Center

Monitor and manage risks 24/7 across your Snowflake accounts and cross cloud service providers, such as GCP, AWS and Azure.

Strong authentication

Enjoy flexibility with multiple industry-standard authentication options, including OAuth, SAML, key pairs, programmatic access tokens, MFA with passkeys and authenticator apps and more.

Leaked password protection

Rest assured that Snowflake takes steps to automatically protect your accounts against leaked passwords Snowflake has found on the dark web.

End-to-end encryption

Encrypt your data at rest and in transit to and from Snowflake, using your own encryption key via Snowflake Tri-Secret Secure.

Private networking

Improve privacy posture by routing traffic to and from your Snowflake account using a private IP address associated with the cloud platform that hosts your Snowflake account.

Multi-cloud policy enforcement

Use cloud service provider-agnostic policy language to configure authentication, networking and session policies.

Trust center screenshot

PARTNERS

TrustLogix logo
altr logo
Hunters
OneTrust Logo
Anvilogic logo
Snyk logo
panther logo
Wiz logo

CISO CORNER

Updates from Brad Jones, CISO, VP of Information Security at Snowflake

Quote Icon

Since our founding in 2012, the security of our customers’ data has been our highest priority. This unwavering commitment is why we’re continuously strengthening our industry-leading, built-in security policies to deliver a trusted experience for our customers. To foster ongoing transparency, we will regularly update this page with the latest security information.”

Brad Jones
CISO, VP of Information Security at Snowflake

Latest posts

12/02/2024 Update

Expanding on Snowflake’s commitment to the Cybersecurity and Infrastructure Security Agency (CISA) Secure by Design pledge signed earlier this year, we are announcing that by November 2025, Snowflake will block sign-ins using single-factor authentication with passwords. 

This enhanced level of protection adds to the growing security capabilities of the Snowflake Horizon Catalog, which empowers security admins and chief information security officers to better safeguard their security posture and mitigate risks of credential theft. 

Learn more about how this change will be phased out in customer accounts here.

09/13/2024 Update

As part of our continuing efforts, we are announcing that MFA will be enforced by default for all human users in any Snowflake account created starting October, 2024. Service users — accounts designed for service-to-service communication — will not be subject to this MFA requirement.

To help you further strengthen your security posture, starting in October, we will also require both newly created and altered user passwords to:

  • Have a minimum length of 14 characters, up from 8
  • Not be any of the last five passwords used

The rollout for these changes will follow the standard protocol in Snowflake’s Behavior Change Policy (BCR).

To learn more about what else you can do to enforce stronger authentication in Snowflake, read the blog.

07/09/2024 Update

Snowflake is committed to helping customers protect their accounts and data. That’s why we have been working on product capabilities that allow Snowflake admins to make multifactor authentication (MFA) mandatory and monitor compliance with this new policy. As part of that effort, today we're announcing several key features: 

  1. A new authentication policy that requires MFA for all users in a Snowflake account

  2. Snowsight prompting for user-level MFA setup

  3. The general availability of Snowflake Trust Center for monitoring adherence to MFA policies 

You can read more about Snowflake’s approach to security and these new announcements in this blog post.  

I also want to provide you with the latest update on the cyber threat activity situation we’ve been navigating. We have completed the investigations with Crowdstrike and Mandiant, whose findings both confirm our previous joint statement that was released on June 2nd — that we have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform. The Snowflake environment continues to be safe. The final Crowdstrike report is available to the public here

06/10/2024 Update

As part of our commitment to transparency around our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts, cybersecurity expert Mandiant shared this blog post today detailing their findings to date. As we shared on June 6, we continue to work closely with our customers as they harden their security measures to reduce cyber threats to their businesses, and we are developing a plan to require our customers to implement advanced security controls, like multi-factor authentication (MFA) or network policies. 

06/07/2024 Update

As an update to our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts, our most recent findings (see June 2 post below), supported by cyber experts CrowdStrike and Mandiant, remain unchanged.

We continue to work closely with our customers as they harden their security measures to reduce cyber threats to their business. We are also developing a plan to require our customers to implement advanced security controls, like multi-factor authentication (MFA) or network policies, especially for privileged Snowflake customer accounts. While we do so, we are continuing to strongly engage with our customers to help guide them to enable MFA and other security controls as a critical step in protecting their business. 

06/02/2024 Update

As an update to our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts, our most recent findings (see June 2 post below), supported by cyber experts CrowdStrike and Mandiant, remain unchanged.

We continue to work closely with our customers as they harden their security measures to reduce cyber threats to their business. We are also developing a plan to require our customers to implement advanced security controls, like multi-factor authentication (MFA) or network policies, especially for privileged Snowflake customer accounts. While we do so, we are continuing to strongly engage with our customers to help guide them to enable MFA and other security controls as a critical step in protecting their business.

Joint Statement regarding Preliminary Findings in Snowflake Cybersecurity Investigation

Snowflake and third-party cybersecurity experts, CrowdStrike and Mandiant, are providing a joint statement related to our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts.

Our key preliminary findings identified to date:
 

  • We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform;
  • We have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel;
  • This appears to be a targeted campaign directed at users with single-factor authentication;
  • As part of this campaign, threat actors have leveraged credentials previously purchased or obtained through infostealing malware; and 
  • We did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee. It did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or corporate systems. The access was possible because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s corporate and production systems.

Throughout the course of the investigation, Snowflake has promptly informed the limited number of Snowflake customers who it believes may have been affected. Mandiant has also engaged in outreach to potentially affected organizations.

We recommend organizations immediately take the following steps:

  1. Enforce Multi-Factor Authentication on all accounts;
  2. Set up Network Policy Rules to only allow authorized users or only allow traffic from trusted locations (VPN, Cloud workload NAT, etc.); and
  3. Impacted organizations should reset and rotate Snowflake credentials.

In addition, please review Snowflake’s investigative and hardening guidelines for recommended actions to assist investigating potential threat activity within Snowflake customer accounts. This investigation is ongoing. We are also coordinating with law enforcement and other government authorities.

05/30/2024 Update

We are aware of recent reports related to a potential compromise of the Snowflake production environment. As such, we are responding directly to some errant claims that have been made:
 

  • We have no evidence suggesting this activity was caused by any vulnerability, misconfiguration, or breach of Snowflake’s product.
  • Snowflake does not believe that it was the source of any of the leaked customer credentials.
  • There is no “master Application Programming Interface (API)” or pathway for customers’ credentials to be accessed and exfiltrated from the Snowflake production environment.
  • Snowflake is a cloud product and anyone can sign up for an account at any time. If a threat actor obtains customer credentials, they may be able to access the account. Snowflake employees are no different and can also create their own Snowflake “customer” accounts using personal credentials.
  • We did find evidence that similar to impacted customer accounts, the threat actor obtained personal credentials to and accessed a demo account owned by a former Snowflake employee. It did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or corporate systems. The access was possible because the demo account was not behind Okta or MFA, unlike Snowflake’s corporate and production systems.

SNOWFLAKE SECURITY COMPLIANCE

Certifications and compliance

Snowflake supports leading, globally recognized public sector and commercial security standards demonstrating a strong commitment to security, compliance and data protection, including:

  • ISO 27001
  • SOC 1 & 2 Type 2
  • FedRAMP Moderate and High
  • DoD IL4 and IL5
  • PCI-DSS
  • HITRUST
  • TISAX
  • ITAR

Please visit our self-service Compliance Center to view and download relevant compliance reports.

Security document icon

CISA secure by design pledge

Snowflake is committed to transparency and enhancing customer security through the seven Secure by Design (SbD) pledge areas defined by the Cybersecurity and Infrastructure Security Agency (CISA)

Database security icon

Infrastructure security and resilience

Built natively for the cloud, Snowflake uses cutting-edge cloud security technologies to provide a secure, resilient and highly configurable platform. This allows Snowflake customers to confidently rely on the service for their most critical and demanding data workloads.

FedRAMP logo
HITRUST logo
irap logo
ITAR logo
AICPA logo
PCI logo
A-LIGN logo
HIPAA logo

customers trust SnowflakeFor security and compliance

Vulnerability Reporting and disclosure

Snowflake is committed to the security of our customers and their data. We partner with HackerOne to run a private vulnerability disclosure program to work with security researchers to address vulnerabilities in a secure and coordinated manner. Researchers’ contributions help us identify and resolve potential issues before they can be exploited. If a researcher discovers a security vulnerability in any Snowflake products, services and systems, owned or hosted by or on behalf of Snowflake, we highly encourage it to be reported to us. Please refer to Snowflake’s Vulnerability Disclosure Policy (VDP) for additional details.  

Snowflake’s process for responsible vulnerability management and disclosure is a key component of our ongoing commitment to robust and transparent cybersecurity. In accordance with Snowflake’s CVE Policy, we publish CVEs for software and code that is developed and redistributed by us through open source channels. All in-scope issues trigger a security advisory, patch development and a review with details on the vulnerability and its fix. When applicable, Snowflake’s CVEs are published on cve.org, managed by MITRE, a trusted global resource for security professionals.

If you are a customer and have a password or account issue, please contact Snowflake support.

Start your 30-DayFree Trial

Try Snowflake free for 30 days and experience the AI Data Cloud that helps eliminate the complexity, cost and constraints inherent with other solutions.