Snowflake Advances Cybersecurity Excellence by Joining CISA Secure by Design Pledge

I’m happy to share that Snowflake has signed the Cybersecurity and Infrastructure Security Agency (CISA) Secure By Design Pledge as we champion the advancement of industry standards for security in technology design. The CISA pledge to foster tech-ecosystem security deeply aligns with Snowflake’s own product design ethos, where security is built in from the start. It also adds to our already significant product security commitments and policies to further protect against ever-evolving cybersecurity threats. 

By participating in the CISA pledge, we are committing to take specific, measurable actions in line with its Secure By Design principles, which focus on enterprise software products and services. The pledge is focused on seven key areas of cybersecurity: ​​multifactor authentication (MFA), default passwords, reducing entire classes of vulnerability, security patches, vulnerability disclosure policy, common vulnerabilities and exposures (CVE), and evidence of intrusions. As part of the pledge, we will also publicly document both our progress and the challenges faced when developing technology that supports these principles, with the aim of helping others in the community in their journeys to design with security in mind. 

We look forward to collaborating with CISA to further customers’ trust across the technologies they rely on, while we stay on the forefront of security-first product design. 

The security of our customers’ data is, and always will be, our highest priority, which is why we have built security into the foundation of Snowflake’s platform since our inception. We offer a wide range of security tools to help our customers maximize their cybersecurity posture and protect themselves from cyberthreats. We made MFA free and available to customers when we first launched our service in June 2015, and it has been a part of our best practice guidelines and onboarding process for customers ever since. We’ve supported network policies since 2016. We also offer built-in encryption, authentication and unified role-based access controls (RBAC). 

MFA is one of the most important security measures that every business needs to utilize, and when paired with network policies, it delivers comprehensive security. This was brought to light recently as some of our customers experienced a cybersecurity compromise of their Snowflake account. Only customers that had their credentials stolen/breached on the darkweb and did not have MFA enabled or network policies for their accounts were affected. After multiple investigations, including by outside cybersecurity experts, there is no evidence our platform was breached. 

The most important point is we’re all in this together. That’s why we recently announced advancements to Snowflake’s MFA policy and the general availability of our Trust Center as the latest examples of our continued commitment to innovation around security. 

Snowflake’s MFA policy will require MFA for all newly created Snowflake accounts. It currently provides Snowflake admins with controls to enforce mandatory MFA for Snowflake users across their organization. 

Additionally, our newly released Trust Center is enabled by default and provides customers with account transparency and assurance regarding data security and compliance through a single interface. Customers can leverage the Trust Center Security Essentials scanner package to help mitigate credential theft issues. This package looks for MFA compliance, as well as the use of network policies. Customers also have the option to use the CIS Benchmarks scanner package to evaluate their account against the CIS Snowflake Foundations Benchmark so they can more seamlessly maintain the highest standards of trust and integrity for their data, all from Snowflake’s platform. 

The Snowflake Security Hub empowers organizations with resources to better safeguard their data. The Hub features best practices, investigative reports and deep dives into Snowflake’s latest security advancements to help customers protect themselves against threats across their Snowflake environment. 

We’re committed to continuing our investment into technology and tools that help customers achieve best-in-class security, and we will continue to accelerate in-product capabilities that support the CISA Secure by Design principles to further bolster security initiatives for our customers. 

Learn more about Snowflake’s recommended security best practices to reduce the risk of credential compromise here.