Products
By Use Cases By Roles
Data Command Center
View
Learn more

AI Security & Governance

Discover, assess, and safeguard AI usage

Learn more

Asset and Data Discovery

Discover dark and native data assets

Learn more

Data Access Intelligence & Governance

Identify which users have access to sensitive data and prevent unauthorized access

Learn more

Data Privacy Automation

PrivacyCenter.Cloud | Data Mapping | DSR Automation | Assessment Automation | Vendor Assessment | Breach Management | Privacy Notice

Learn more

Sensitive Data Intelligence

Discover & Classify Structured and Unstructured Data | People Data Graph

Learn more

Data Flow Intelligence & Governance

Prevent sensitive data sprawl through real-time streaming platforms

Learn more

Data Consent Automation

First Party Consent | Third Party & Cookie Consent

Learn more

Data Security Posture Management

Secure sensitive data in hybrid multicloud and SaaS environments

Learn more

Data Breach Impact Analysis & Response

Analyze impact of a data breach and coordinate response per global regulatory obligations

Learn more

Data Catalog

Automatically catalog datasets and enable users to find, understand, trust and access data

Learn more

Data Lineage

Track changes and transformations of data throughout its lifecycle

Learn more

Compliance Management

Automate Compliance with Global AI and Data Frameworks using Common Controls and Tests
Data Controls Orchestrator
View
Data Command Center
View
Sensitive Data Intelligence
View

Asset Discovery
Data Discovery & Classification
Sensitive Data Catalog
People Data Graph
Learn more

Privacy

Automate compliance with global privacy regulations

Data Mapping Automation

View

AI Security & Governance

View

Data Subject Request Automation

View

People Data Graph

View

Assessment Automation

View

Cookie Consent

View

Universal Consent

View

Vendor Risk Assessment

View

Breach Management

View

Privacy Policy Management

View

Privacy Center

View

Learn more

Security

Identify data risk and enable protection & control

Data Security Posture Management

View

AI Security & Governance

View

Data Access Intelligence & Governance

View

Data Risk Management

View

Data Breach Analysis

View

Learn more

Governance

Optimize Data Governance with granular insights into your data

Data Catalog

View

Data Lineage

View

Data Quality

View

AI Security & Governance

View

Compliance Management

View
Data Controls Orchestrator
View
Solutions
Technologies

Covering you everywhere with 1000+ integrations across data systems.

Snowflake

View

AWS

View

Microsoft 365

View

Salesforce

View

Workday

View

GCP

View

Azure

View

Oracle

View

Databricks

View

Learn more

Regulations

Automate compliance with global privacy regulations.

US California CCPA

View

CPRA
California Privacy Rights Act

View

European Union GDPR

View

Thailand’s PDPA

View

China PIPL

View

Canada PIPEDA Compliance Solution

View

Brazil's LGPD

View

+ More

View

Learn more

Roles

Identify data risk and enable protection & control.

Privacy

View

Security

View

Governance

View

Marketing

View
Resources

Blog

Read through our articles written by industry experts

Collateral

Product brochures, white papers, infographics, analyst reports and more.

Knowledge Center

Learn about the data privacy, security and governance landscape.

Securiti Education

Courses and Certifications for data privacy, security and governance professionals.
Company

About Us

Learn all about Securiti, our mission and history

Partner Program

Join our Partner Program

Contact Us

Contact us to learn more or schedule a demo

News Coverage

Read about Securiti in the news

Press Releases

Find our latest press releases

Careers

Join the talented Securiti team

Security & Privacy Layers in Snowflake – Overview

security privacy layers in snowflake banner

Published September 30, 2021

Introduction

The Snowflake data cloud is used by thousands of organizations worldwide to store and process data for business analytics, data science, data application development, data engineering, and other similar functions.

Snowflake’s architecture allows storage and computation to scale independently. This enables Snowflake to process multiple workloads quickly and concurrently.

Snowflake uses a similar, layered architecture for data and infrastructure security as well. It includes actions related to data governance, data security, and infrastructure security.

Organizations store personal and sensitive data in Snowflake and process it to improve their business offerings.

What is a ‘Data Security Layer’ in Snowflake?

Data Security Layers in Snowflake can be described as a group of actions that strengthen data security in Snowflake at multiple levels. These security actions can be classified into:

Data Governance - Row Access Controls, Column Level Security, and Object Tagging.
Data Security - Data Encryption, Key-pair Authentication, and Sensitive Data Masking.
Infrastructure Security - Network Access Controls and multi-location data backups.

This article discusses Data Security and Infrastructure Security Layers in Snowflake.

To learn more about Snowflake Data Governance, read our article on 5 things to know about Snowflake Data Governance.

The Data Security Layers in Snowflake

Encrypt data at rest

By default, Snowflake encrypts all stored data end-to-end, meaning only end-users or runtime components can read data. No third-parties nor Snowflake’s own computing platform can read this data. Encryption helps solidify data protection in Snowflake because even if the data is compromised in a cyberattack, the data cannot be decrypted without the encryption key.

Key-pair Authentication

Data Encryption Keys can be described as a set of unique characters that are used to ‘unlock’ encrypted data. Snowflake uses AES 256-bit encryption with a hierarchical key model. This model is called the Key-pair Authentication model. It adds additional layers of security by assigning account-level ‘Parent’ keys, and table/column-level ‘child’ keys. These keys are automatically renewed or ‘rotated’ every 30 days, and old keys are automatically destroyed.

Snowflake’s Tri-Secret Secure Feature Explained

This unique feature creates a master key by combining the customer’s key with a Snowflake-maintained key. If either key in the composite master key is revoked, the encrypted data cannot be decrypted. The dual-key encryption combined with Snowflake’s data access controls makes up the Tri-Secret Secure Feature.

Dynamic Sensitive Data Masking For Additional Data Security

Dynamic Data Masking is a column-level security feature that uses data masking policies to hide text data in tables and view columns at query time. Security teams enforce data masking policies based on user roles or entitlements. For example, if an analyst does not need access to SSNs, the security team can set a policy to mask the data before any analysts can access it.

Dynamic Masking also secures data before it is shared with internal or external stakeholders. This security feature ensures that sensitive data is always used by authorized parties only.

The Infrastructure Security Layers in Snowflake

Network Access Controls

Snowflake allows organizations to regulate site access through IP allow and blocklists. Any IPs that are not in the allowed list are automatically blocked from accessing the network. This feature strengthens network security significantly.

Additionally, Snowflake provides private connectivity to the Snowflake service and internal stages using AWS PrivateLink and Azure Private Link.

Multi-location data back-ups

Snowflake stores backup copies of an organization’s data and stores it in multiple locations to maintain steady service. This mitigates the risk of an organization losing its data if the servers in one location become unavailable or they are breached in a cyberattack.

Snowflake Data Security & Privacy with Securiti

Securiti combines Snowflake’s privacy and security layers with customized privacy solutions in one, powerful system; combined, the solution offers autonomous Data Intelligence, Governance, Security, and Privacy for Snowflake.

Learn more about Securiti’s solution for Snowflake, or see the solution in action by requesting a demo.

Security & Privacy Layers in Snowflake – Overview

Introduction

What is a ‘Data Security Layer’ in Snowflake?

The Data Security Layers in Snowflake

Encrypt data at rest

Key-pair Authentication

Snowflake’s Tri-Secret Secure Feature Explained

Dynamic Sensitive Data Masking For Additional Data Security

The Infrastructure Security Layers in Snowflake

Network Access Controls

Multi-location data back-ups

Snowflake Data Security & Privacy with Securiti

More Stories that May Interest You

Newsletter

Company

Resources

Terms

Get in touch

Security & Privacy Layers in Snowflake – Overview

Introduction

What is a ‘Data Security Layer’ in Snowflake?

The Data Security Layers in Snowflake

Encrypt data at rest

Key-pair Authentication

Snowflake’s Tri-Secret Secure Feature Explained

Dynamic Sensitive Data Masking For Additional Data Security

The Infrastructure Security Layers in Snowflake

Network Access Controls

Multi-location data back-ups

Snowflake Data Security & Privacy with Securiti

Join Our Newsletter

Share

More Stories that May Interest You

Command Your Data with Securiti and Snowflake Horizon

Snowflake and Securiti Partnership Enables Data Innovation at Scale

How to Enhance Snowflake Data Sharing Environments Securely

Newsletter

Company

Resources

Terms

Get in touch

What'sNew

What's
New