The world is increasingly built on data. An estimated 120 zettabytes will be created, captured, copied, and consumed this year alone. Yet businesses looking to harness that data for improved decision making traditionally had a problem. Legacy data warehouses required the purchase of expensive hardware which had to be run on-premises in the customer’s datacenter. Costly, complex and inflexible, these solutions held organizations back from achieving their potential.
Snowflake is the best-known of a new breed of SaaS-based offerings designed to offer scale, simplicity and high performance, without breaking the bank. But given the sensitivity of data used in the tool, it’s important to understand where native controls can be enhanced by third-party solutions – such as data encryption.
Why everyone’s using Snowflake
Snowflake is designed to take the pain out of data warehousing. Its multi-cluster, three-layered architecture separates database, compute and cloud services capabilities to deliver a set of advantages over legacy offerings. These include:
- Simplicity for IT teams, because there are no installation or management overheads
- Low costs, as customers can store as much data as they like but only pay for what they use
- Seamless data sharing with internal and external users
- High performance thanks to a flexible cloud architecture, which allows queries to be run concurrently with no visible impact
Managing security challenges
An organization’s most important assets are its data. So new Snowflake customers should leverage the platform’s security capabilities as a priority, whilst understanding where these can be enhanced where necessary.
One area where they may benefit from investing in third-party solutions is data encryption – a critical control for mitigating cyber risk on Snowflake. While Snowflake offers Dynamic Data Masking to keep sensitive data hidden from unauthorized users, data must be loaded in plain text into the platform, and a database and schema must exist before a masking policy can be applied to a column. What does this mean? That the data remains unprotected at the database level and when it is used in external applications – meaning there’s a high risk of misconfiguration and data exposure.
Snowflake customers can mitigate these risks with solutions like comforte’s Data Security Platform, which is designed to integrate easily with the data warehousing platform. We offer:
- Protection for structured and semi-structured data inside and outside of Snowflake, empowering customers with secure self-service access to data
- Cloud-native integration for rapid implementation, to protect data as early as possible and consistently apply security policies to keep it secure throughout its lifecycle
- Tokenization or format-preserving encryption (FPE), which protects the data in a way that it is still usable in analytics or BI tools
Here are four more tips for securing Snowflake environments:
- Only allow connections to known clients, using Snowflake's network policies to block/allow IP addresses and address ranges
- Use multi-factor authentication (MFA) to add an extra layer of security to accounts. This requires users to input a second “factor” such as a one-time code sent to their app, in order to mitigate the risk of password theft
- Limit access in line with least privilege policy, leveraging Snowflake’s role-based access control (RBAC). This ensures only authorized users can view or modify data
- Monitor suspicious activity using Snowflake’s built-in auditing and logging features. These will track user activity, monitor access to sensitive data and identify potential security threats so any potential breach can be quickly remediated and contained. Organizations can also configure alerts to notify of any such activity