EXTERNAL LINK
SNOWFLAKE SECURITY HUB
Secure your environment with continuous risk monitoring, vulnerability management, role-based access controls and network security policies.
Secure by design
Snowflake services and accounts are designed for security, lowering the risk of vulnerabilities and breaches with features that help customers configure comprehensive levels of security for their data and users.
Easy to use
An intuitive security framework that integrates into daily operations, reducing manual work and development time.
AI-based monitoring
Snowflake continuously monitors its systems and networks for configuration drifts and suspicious activity, enabling rapid detection and response to potential threats and vulnerabilities.
SNOWFLAKE SECURITY BENEFITS
Trust Center
Monitor and manage risks 24/7 across your Snowflake accounts and cross cloud service providers, such as GCP, AWS and Azure.
Strong authentication
Enjoy flexibility with multiple industry-standard authentication options, including OAuth, SAML, key pairs, programmatic access tokens, MFA with passkeys and authenticator apps and more.
Leaked password protection
Rest assured that Snowflake takes steps to automatically protect your accounts against leaked passwords Snowflake has found on the dark web.
End-to-end encryption
Encrypt your data at rest and in transit to and from Snowflake, using your own encryption key via Snowflake Tri-Secret Secure.
Private networking
Improve privacy posture by routing traffic to and from your Snowflake account using a private IP address associated with the cloud platform that hosts your Snowflake account.
Multi-cloud policy enforcement
Use cloud service provider-agnostic policy language to configure authentication, networking and session policies.
PARTNERS
CISO CORNER
Updates from Brad Jones, CISO, VP of Information Security at Snowflake
Since our founding in 2012, the security of our customers’ data has been our highest priority. This unwavering commitment is why we’re continuously strengthening our industry-leading, built-in security policies to deliver a trusted experience for our customers. To foster ongoing transparency, we will regularly update this page with the latest security information.”
Brad Jones
CISO, VP of Information Security at Snowflake
Latest posts
12/02/2024 Update
Expanding on Snowflake’s commitment to the Cybersecurity and Infrastructure Security Agency (CISA) Secure by Design pledge signed earlier this year, we are announcing that by November 2025, Snowflake will block sign-ins using single-factor authentication with passwords.
This enhanced level of protection adds to the growing security capabilities of the Snowflake Horizon Catalog, which empowers security admins and chief information security officers to better safeguard their security posture and mitigate risks of credential theft.
Learn more about how this change will be phased out in customer accounts here.
09/13/2024 Update
As part of our continuing efforts, we are announcing that MFA will be enforced by default for all human users in any Snowflake account created starting October, 2024. Service users — accounts designed for service-to-service communication — will not be subject to this MFA requirement.
To help you further strengthen your security posture, starting in October, we will also require both newly created and altered user passwords to:
- Have a minimum length of 14 characters, up from 8
- Not be any of the last five passwords used
The rollout for these changes will follow the standard protocol in Snowflake’s Behavior Change Policy (BCR).
To learn more about what else you can do to enforce stronger authentication in Snowflake, read the blog.
07/09/2024 Update
Snowflake is committed to helping customers protect their accounts and data. That’s why we have been working on product capabilities that allow Snowflake admins to make multifactor authentication (MFA) mandatory and monitor compliance with this new policy. As part of that effort, today we're announcing several key features:
A new authentication policy that requires MFA for all users in a Snowflake account
Snowsight prompting for user-level MFA setup
The general availability of Snowflake Trust Center for monitoring adherence to MFA policies
You can read more about Snowflake’s approach to security and these new announcements in this blog post.
I also want to provide you with the latest update on the cyber threat activity situation we’ve been navigating. We have completed the investigations with Crowdstrike and Mandiant, whose findings both confirm our previous joint statement that was released on June 2nd — that we have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform. The Snowflake environment continues to be safe. The final Crowdstrike report is available to the public here.
06/10/2024 Update
As part of our commitment to transparency around our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts, cybersecurity expert Mandiant shared this blog post today detailing their findings to date. As we shared on June 6, we continue to work closely with our customers as they harden their security measures to reduce cyber threats to their businesses, and we are developing a plan to require our customers to implement advanced security controls, like multi-factor authentication (MFA) or network policies.
06/07/2024 Update
As an update to our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts, our most recent findings (see June 2 post below), supported by cyber experts CrowdStrike and Mandiant, remain unchanged.
We continue to work closely with our customers as they harden their security measures to reduce cyber threats to their business. We are also developing a plan to require our customers to implement advanced security controls, like multi-factor authentication (MFA) or network policies, especially for privileged Snowflake customer accounts. While we do so, we are continuing to strongly engage with our customers to help guide them to enable MFA and other security controls as a critical step in protecting their business.
06/02/2024 Update
As an update to our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts, our most recent findings (see June 2 post below), supported by cyber experts CrowdStrike and Mandiant, remain unchanged.
We continue to work closely with our customers as they harden their security measures to reduce cyber threats to their business. We are also developing a plan to require our customers to implement advanced security controls, like multi-factor authentication (MFA) or network policies, especially for privileged Snowflake customer accounts. While we do so, we are continuing to strongly engage with our customers to help guide them to enable MFA and other security controls as a critical step in protecting their business.
Joint Statement regarding Preliminary Findings in Snowflake Cybersecurity Investigation
Snowflake and third-party cybersecurity experts, CrowdStrike and Mandiant, are providing a joint statement related to our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts.
Our key preliminary findings identified to date:
- We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform;
- We have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel;
- This appears to be a targeted campaign directed at users with single-factor authentication;
- As part of this campaign, threat actors have leveraged credentials previously purchased or obtained through infostealing malware; and
- We did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee. It did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or corporate systems. The access was possible because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s corporate and production systems.
Throughout the course of the investigation, Snowflake has promptly informed the limited number of Snowflake customers who it believes may have been affected. Mandiant has also engaged in outreach to potentially affected organizations.
We recommend organizations immediately take the following steps:
- Enforce Multi-Factor Authentication on all accounts;
- Set up Network Policy Rules to only allow authorized users or only allow traffic from trusted locations (VPN, Cloud workload NAT, etc.); and
- Impacted organizations should reset and rotate Snowflake credentials.
In addition, please review Snowflake’s investigative and hardening guidelines for recommended actions to assist investigating potential threat activity within Snowflake customer accounts. This investigation is ongoing. We are also coordinating with law enforcement and other government authorities.
05/30/2024 Update
We are aware of recent reports related to a potential compromise of the Snowflake production environment. As such, we are responding directly to some errant claims that have been made:
- We have no evidence suggesting this activity was caused by any vulnerability, misconfiguration, or breach of Snowflake’s product.
- Snowflake does not believe that it was the source of any of the leaked customer credentials.
- There is no “master Application Programming Interface (API)” or pathway for customers’ credentials to be accessed and exfiltrated from the Snowflake production environment.
- Snowflake is a cloud product and anyone can sign up for an account at any time. If a threat actor obtains customer credentials, they may be able to access the account. Snowflake employees are no different and can also create their own Snowflake “customer” accounts using personal credentials.
- We did find evidence that similar to impacted customer accounts, the threat actor obtained personal credentials to and accessed a demo account owned by a former Snowflake employee. It did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or corporate systems. The access was possible because the demo account was not behind Okta or MFA, unlike Snowflake’s corporate and production systems.
SNOWFLAKE SECURITY COMPLIANCE
Certifications and compliance
Snowflake supports leading, globally recognized public sector and commercial security standards demonstrating a strong commitment to security, compliance and data protection, including:
- ISO 27001
- SOC 1 & 2 Type 2
- FedRAMP Moderate and High
- DoD IL4 and IL5
- PCI-DSS
- HITRUST
- TISAX
- ITAR
Please visit our self-service Compliance Center to view and download relevant compliance reports.
CISA secure by design pledge
Snowflake is committed to transparency and enhancing customer security through the seven Secure by Design (SbD) pledge areas defined by the Cybersecurity and Infrastructure Security Agency (CISA).
Infrastructure security and resilience
Built natively for the cloud, Snowflake uses cutting-edge cloud security technologies to provide a secure, resilient and highly configurable platform. This allows Snowflake customers to confidently rely on the service for their most critical and demanding data workloads.
customers trust SnowflakeFor security and compliance
It’s all about speed to value for customers. Traditional data architectures struggle between being economical but slow, or expensive but fast. In the modern cybersecurity world, we need a highly scalable, performant platform to quickly and easily deliver innovative features and products to customers. That’s why we chose Snowflake.
Karan Sondhi
Snowflake enables us to build a unique security program because we’re able to leverage the whole world of data science tools and expertise for our security investigations.
Max Burkhardt
With access to all of the data sources in Snowflake as our security data lake, we have better correlations across multiple attack surfaces and analytics are automatically actionable. And as a result, it has led to faster incidence response from our side.
Pallavi Damle
Vulnerability Reporting and disclosure
Snowflake is committed to the security of our customers and their data. We partner with HackerOne to run a private vulnerability disclosure program to work with security researchers to address vulnerabilities in a secure and coordinated manner. Researchers’ contributions help us identify and resolve potential issues before they can be exploited. If a researcher discovers a security vulnerability in any Snowflake products, services and systems, owned or hosted by or on behalf of Snowflake, we highly encourage it to be reported to us. Please refer to Snowflake’s Vulnerability Disclosure Policy (VDP) for additional details.
Snowflake’s process for responsible vulnerability management and disclosure is a key component of our ongoing commitment to robust and transparent cybersecurity. In accordance with Snowflake’s CVE Policy, we publish CVEs for software and code that is developed and redistributed by us through open source channels. All in-scope issues trigger a security advisory, patch development and a review with details on the vulnerability and its fix. When applicable, Snowflake’s CVEs are published on cve.org, managed by MITRE, a trusted global resource for security professionals.
If you are a customer and have a password or account issue, please contact Snowflake support.
Start your 30-DayFree Trial
Try Snowflake free for 30 days and experience the AI Data Cloud that helps eliminate the complexity, cost and constraints inherent with other solutions.