Snowflake is a cloud data warehouse that fast-growing companies can reliable upon and trust for their sensitive data. This SaaS company stores sensitive information, but people using it need to follow proper security guidelines to get the most out of the Snowflake security features that it offers, to guard against any security threats that they may face.
In this article, we will discuss some of Snowflake’s important features to show you why it is such a great product to bolster your data security.
Network Access Control Through Network Policies
It allows you to provide account access to a specific IP address by using network policies. It provides two granularity levels – one is user-specific, and the other is account-specific. You can set network policies either for one account, or for one user via SQL commands or Web UI.
It is also possible to provide a list of IPs you want to block, and a list of IPs you want to provide access to, according to your requirements. Remember that network access control through network policies only controls IPv4 addresses, and not IPv6 addresses.
For companies, user management seems to be a simple process initially, but it starts becoming complicated with time when more and more employees get access to data, and move from one project to the other.
Whilst allowing many users access to data can help make your business more successful, it is important to remember that it can put your sensitive information at risk. Your important data could get leaked as more people gain access to it, which makes access management very important. Thankfully, Snowflake user management features are very good at preventing this.
Granular Access Control
Snowflake’s regular permission model uses a table or view. It does not provide access control based on columns or rows. You can improve granular access control by using Secure Views. There is no doubt that Secure Views enhances your access control, but it does impact the optimization and queries.
Access Logging Attempts
If you are interested in keeping your data fully secured, then it is important to not only prevent the threats, but also learn when someone tries to get access to your data for no good reason. You can find out when someone who does not have permission or access tries to log in through your Snowflake account. This is a great way to keep track of any potential security breaches that may happen in the future.
You can check LOGIN_HISTORY and LOGIN_HISTORY_BY_USER to check who tried to log in to your account. Their IP address and the device used will be displayed along with other information of that user.
Identifying Failed Query Logs
If a user is trying to get access to a forbidden securable object, then again, you can get information about them through commands like QUERY_HISTORY or QUERY_HISTORY_BY_USER.
Using Satori for Improved Access Control and Security
Snowflake provides excellent features and tools to store your data securely. However, using an overlay like Satori can help you improve access control and security, to give you enhanced peace of mind. If you deploy Satori in front of Snowflake, you can improve global network access control, which allows you to provide wider visibility for violations to your security team, to allow you to keep track of all login sessions.