White Paper
SNOWFLAKE SECURITY HUB
Security has been foundational to the Snowflake platform since the very beginning. Our robust security features help you protect your data so you can achieve the results you need.
Since our founding in 2012, the security of our customers’ data has been our highest priority. This unwavering commitment is why we’re continuously strengthening our industry-leading, built-in security policies to deliver a trusted experience for our customers. To foster ongoing transparency, we will regularly update this page with the latest security information.”
Brad Jones
Helpful Links
CISO Corner
Updates from Brad Jones, CISO, VP of Information Security at Snowflake
12/02/2024 Update
Expanding on Snowflake’s commitment to the Cybersecurity and Infrastructure Security Agency (CISA) Secure by Design pledge signed earlier this year, we are announcing that by November 2025, Snowflake will block sign-ins using single-factor authentication with passwords.
This enhanced level of protection adds to the growing security capabilities of the Snowflake Horizon Catalog, which empowers security admins and chief information security officers to better safeguard their security posture and mitigate risks of credential theft.
Learn more about how this change will be phased out in customer accounts here.
09/13/2024 Update
As part of our continuing efforts, we are announcing that MFA will be enforced by default for all human users in any Snowflake account created starting October, 2024. Service users — accounts designed for service-to-service communication — will not be subject to this MFA requirement.
To help you further strengthen your security posture, starting in October, we will also require both newly created and altered user passwords to:
- Have a minimum length of 14 characters, up from 8
- Not be any of the last five passwords used
The rollout for these changes will follow the standard protocol in Snowflake’s Behavior Change Policy (BCR).
To learn more about what else you can do to enforce stronger authentication in Snowflake, read the blog.
07/09/2024 Update
Snowflake is committed to helping customers protect their accounts and data. That’s why we have been working on product capabilities that allow Snowflake admins to make multifactor authentication (MFA) mandatory and monitor compliance with this new policy. As part of that effort, today we're announcing several key features:
A new authentication policy that requires MFA for all users in a Snowflake account
Snowsight prompting for user-level MFA setup
The general availability of Snowflake Trust Center for monitoring adherence to MFA policies
You can read more about Snowflake’s approach to security and these new announcements in this blog post.
I also want to provide you with the latest update on the cyber threat activity situation we’ve been navigating. We have completed the investigations with Crowdstrike and Mandiant, whose findings both confirm our previous joint statement that was released on June 2nd — that we have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform. The Snowflake environment continues to be safe. The final Crowdstrike report is available to the public here.
06/10/2024 Update
As part of our commitment to transparency around our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts, cybersecurity expert Mandiant shared this blog post today detailing their findings to date. As we shared on June 6, we continue to work closely with our customers as they harden their security measures to reduce cyber threats to their businesses, and we are developing a plan to require our customers to implement advanced security controls, like multi-factor authentication (MFA) or network policies.
06/07/2024 Update
As an update to our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts, our most recent findings (see June 2 post below), supported by cyber experts CrowdStrike and Mandiant, remain unchanged.
We continue to work closely with our customers as they harden their security measures to reduce cyber threats to their business. We are also developing a plan to require our customers to implement advanced security controls, like multi-factor authentication (MFA) or network policies, especially for privileged Snowflake customer accounts. While we do so, we are continuing to strongly engage with our customers to help guide them to enable MFA and other security controls as a critical step in protecting their business.
06/02/2024 Update
As an update to our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts, our most recent findings (see June 2 post below), supported by cyber experts CrowdStrike and Mandiant, remain unchanged.
We continue to work closely with our customers as they harden their security measures to reduce cyber threats to their business. We are also developing a plan to require our customers to implement advanced security controls, like multi-factor authentication (MFA) or network policies, especially for privileged Snowflake customer accounts. While we do so, we are continuing to strongly engage with our customers to help guide them to enable MFA and other security controls as a critical step in protecting their business.
Joint Statement regarding Preliminary Findings in Snowflake Cybersecurity Investigation
Snowflake and third-party cybersecurity experts, CrowdStrike and Mandiant, are providing a joint statement related to our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts.
Our key preliminary findings identified to date:
- We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform;
- We have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel;
- This appears to be a targeted campaign directed at users with single-factor authentication;
- As part of this campaign, threat actors have leveraged credentials previously purchased or obtained through infostealing malware; and
- We did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee. It did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or corporate systems. The access was possible because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s corporate and production systems.
Throughout the course of the investigation, Snowflake has promptly informed the limited number of Snowflake customers who it believes may have been affected. Mandiant has also engaged in outreach to potentially affected organizations.
We recommend organizations immediately take the following steps:
- Enforce Multi-Factor Authentication on all accounts;
- Set up Network Policy Rules to only allow authorized users or only allow traffic from trusted locations (VPN, Cloud workload NAT, etc.); and
- Impacted organizations should reset and rotate Snowflake credentials.
In addition, please review Snowflake’s investigative and hardening guidelines for recommended actions to assist investigating potential threat activity within Snowflake customer accounts. This investigation is ongoing. We are also coordinating with law enforcement and other government authorities.
05/30/2024 Update
We are aware of recent reports related to a potential compromise of the Snowflake production environment. As such, we are responding directly to some errant claims that have been made:
- We have no evidence suggesting this activity was caused by any vulnerability, misconfiguration, or breach of Snowflake’s product.
- Snowflake does not believe that it was the source of any of the leaked customer credentials.
- There is no “master Application Programming Interface (API)” or pathway for customers’ credentials to be accessed and exfiltrated from the Snowflake production environment.
- Snowflake is a cloud product and anyone can sign up for an account at any time. If a threat actor obtains customer credentials, they may be able to access the account. Snowflake employees are no different and can also create their own Snowflake “customer” accounts using personal credentials.
- We did find evidence that similar to impacted customer accounts, the threat actor obtained personal credentials to and accessed a demo account owned by a former Snowflake employee. It did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or corporate systems. The access was possible because the demo account was not behind Okta or MFA, unlike Snowflake’s corporate and production systems.
Snowflake Joins CISA Secure by Design Pledge
Snowflake champions the advancement of industry standards for security in technology design, adding to its already significant product security commitments.
MODERN DATA SECURITY THAT’SBUILT IN, NOT BOLTED ON
Comprehensive Data Security
Entrust your most sensitive data to Snowflake, and enjoy peace of mind with powerful, built-in security features like dynamic data masking and end-to-end encryption for data in transit and at rest.
Government and Industry Data Security Compliance
Snowflake’s government deployments have achieved Federal Risk & Authorization Management Program (FedRAMP) Authorization to Operate (ATO) at the Moderate level. In addition, support for ITAR compliance, SOC 2 Type 2, PCI DSS compliance, and HITRUST compliance all validate the level of Snowflake security required by industries, as well as state and federal governments.
Infrastructure Security and Resilience
Built for the cloud, Snowflake leverages the most sophisticated cloud security technologies available. The result is a secure, resilient service that gives you the confidence to rely on Snowflake for your most demanding data workloads.
customers trust SnowflakeFor security and compliance
Vulnerability Reporting
Snowflake is committed to the security of our customers and their data. We partner with HackerOne to run a private bug program to help surface and resolve security vulnerabilities before they can be exploited. When reporting a potential vulnerability, please include your email address as well as a detailed summary of the vulnerability, including the target, steps, tools and artifacts used during discovery (screen captures welcome).
If you are a customer and have a password or account issue, please contact Snowflake support.
Start your 30-DayFree Trial
Try Snowflake free for 30 days and experience the AI Data Cloud that helps eliminate the complexity, cost and constraints inherent with other solutions.