At Snowflake, we’re committed to making your data platform easy, connected and trusted, so you can confidently push the boundaries of innovation and accelerate your journey with AI. To keep you ahead of the curve, we’re thrilled to launch our “What’s New in Security” blog post series.
Security threats are constantly evolving. And we at Snowflake are proactively strengthening your security posture through secure-by-design principles and investing in defense-in-depth capabilities to help protect against emerging threats. By harnessing cutting-edge AI, we’re working to make your security experience simpler, smarter and more proactive so that you can quickly detect vulnerabilities and reduce risk in your environment.
Over the last six months, we have made tremendous progress in not just delivering capabilities but also improving the security posture:
We’ve seen a significant increase in customers adopting multi-factor authentication (MFA) to help protect their accounts. As a result, more human users — across every experience, from web to partner integrations — are now shielded by strong authentication methods such as passkeys, authenticator codes or single sign-on, with passkeys being the second most-used MFA method.
We rolled out malicious IP protection as a default, helping to proactively defend your environment.
Private connectivity inbound to and outbound from Snowflake to customer resources and services is becoming a standard across Snowflake. That provides support for roughly 80% of potential customer use cases across product surfaces and cloud service providers, and coverage for all generally available use cases of PrivateLink on AWS and Azure.
Trust Center is becoming an essential destination for our customers to understand their security posture, with over 5x customer growth.
Our team delivered a remarkable 20 new defense-in-depth features to help you raise your defenses.
Now let’s dig into the new features and how they further strengthen your security posture so you can confidently innovate and accelerate your AI journey.
The Snowflake platform has built-in security allowing you to focus on enabling your business outcomes. Over the last six months, we have enabled:
Malicious IP protection: This always-on capability attempts to automatically protect your data from bad actors and AI apps from known malicious IPs and anonymous browsers (such as Tor). This is in addition to the built-in leaked password protection and PAT protection. Learn more.
MFA by default for Snowflake UI: Building on our secure-by-design pledge and our commitment to a shared destiny with our customers, this month we have started a gradual rollout to enforce MFA by default for nonfederated password-only sign-ins for Snowflake UI. Not all MFA is equal, and we recommend customers use a passkey, which is an easy to use, phishing-resistant MFA method. For customers with an existing IdP (such as Okta or Entra ID), we highly recommend using single sign-on. Learn more.
AI-infused Trust Center: Snowflake Trust Center is frequently updated, adding new scanners to empower customers with findings to improve their security posture. We have enhanced Trust Center with an MFA readiness score for human and service users and abnormal login failure and job failure rate detections. To operationalize the Trust Center findings, we have enabled email notifications and added the ability to resolve findings as “fixed/won’t fix,” with support for adding evidence or status information to findings. Learn more.
The Snowflake platform provides security controls that work seamlessly across multiple clouds, are interoperable and built on open standards, and make it easy to connect and manage your data security in a centralized place. Over the last six months, we have enabled:
Expansive PrivateLink support: As part of Snowflake’s push for more secure connectivity, Snowflake is expanding coverage of PrivateLink connectivity across all products — from Streamlit to Snowflake Native Apps — keeping data secure without internet exposure. With newly added support for GCP Apache Iceberg™ tables, GCP-managed storage buckets, AWS KMS, Azure Key Vault and AWS cross-region SaaS partner connectivity, customers in highly regulated industries can run sensitive workloads with confidence. Plus, with PrivateLink-only access, public URLs are blocked entirely, providing additional protection against DNS attacks. Learn more.
Secretless strong authentication for services: With workload identity federation (WIF), you can move away from credentials altogether for your services and improve your security while eliminating the overhead of managing credentials. WIF is available for all supported cloud providers (AWS, Azure and GCP) and clients supporting OIDC (for instance, Kubernetes). Learn more.
Passkeys: Snowflake now supports passkeys as a modern, phishing-resistant authentication method. Passkeys use secure, device-linked cryptographic credentials to enable quick and safe sign-in with biometrics or a device PIN. This makes access to Snowflake both easier for users and stronger against credential-based attacks. Learn more.
Snowflake’s product and engineering teams are constantly adding new capabilities based on emerging threat patterns, industry standards and customer feedback to provide more options for customers to enable defense in depth.
Over the last six months, we have enabled:
Stronger authentication and more choice: Snowflake now gives users more secure sign-in options. Alongside passkeys, we’ve added support for authenticator codes and backup codes, making it easier than ever to stay protected while choosing the method that works best for you. Learn more.
Snowflake-managed SaaS network rules: This lets you quickly choose from a built-in library of rules to allowlist egress IPs for popular SaaS apps. No more chasing changing IP lists — Snowflake takes care of it, so you can focus on your workloads instead of manual network management. Learn more.
Granular model-level access control: Role-based access control at the model level lets account administrators control which large language models (LLMs) can be used by Snowflake Cortex AI features. User-based access control allows you to grant privileges on securable assets directly to users. Learn more.
Try out the new features and tell us what you think by submitting your ideas! This blog post has highlighted several key capabilities, but if you want more, check out the release notes for all the new security releases. You can also take action on the Trust Center findings right away.
Get ready for the MFA rollout: Ensure all human users use SSO or passwords with MFA, such as passkeys or authenticator apps, avoiding password-only access. Update service user workflows to use secretless authentication via workload identity federation or use key pair authentication, and work with third-party tool providers to enable strong authentication before MFA enforcement begins.
To stay updated on security updates from Snowflake, check out our cybersecurity blog posts and security documentation.
At Snowflake, we’re committed to making your data platform easy, connected and trusted, so you can confidently push the boundaries […]
At Workday Rising in San Francisco, Snowflake and Workday proudly announced a groundbreaking zero-copy, bidirectional partnership. This collaboration aims to […]
AI for the public sector: Why FedRAMP authorization for Cortex AI is a game changer The imperative for government agencies […]
Our services help both the big and small organisations in the identification of security breaches and provide outclass solutions to prevent any potential harm.