Summary of Security Features¶
Snowflake provides industry-leading features that ensure the highest levels of security for your account and users, as well as all the data you store in Snowflake.
The following table provides a high-level summary of the feature categories, the features within each category, the minimum required Snowflake edition to use each feature:
Category |
Features |
Snowflake Editions |
|---|---|---|
Network/site access |
Site access controlled through IP allow and block lists, managed through network policies. |
All |
Configurable idle session timeout for your account or a user through session policies. |
Enterprise Edition |
|
Private communication between the VPC/VNet and the Snowflake service. |
Business Critical Edition |
|
Private communication to Snowflake internal stages. |
Business Critical Edition |
|
User & group administration |
SCIM to manage user identities and groups (i.e. roles). |
All |
Account/user authentication |
Key Pair Authentication & Key Pair Rotation for increased security with client authentication. |
All |
MFA (multi-factor authentication) for increased security for account access by users. |
All |
|
OAuth for authorized account access without sharing or storing user login credentials. |
All |
|
Support for user SSO (single sign-on) through federated authentication. |
All |
|
Key-Pair Authentication as an alternative to basic authentication (i.e. username and password) and key-pair rotation to support multiple active keys. |
All |
|
Object security |
Controlled access to all objects in the account (e.g. users, warehouses, databases, tables) through a hybrid model of DAC (discretionary access control) and RBAC (role-based access control). |
All |
Data security |
All ingested data stored in Snowflake tables is encrypted using AES-256 strong encryption. |
All |
All files stored in internal stages for data loading and unloading automatically encrypted using AES-256 strong encryption. |
All |
|
Periodic rekeying of encrypted data. |
Enterprise Edition |
|
Support for encrypting data using customer-managed keys. |
Business Critical Edition |
|
Security validations 1 |
Soc 1 Type II and Soc 2 Type II compliance. |
All |
HIPAA compliance. |
Business Critical Edition |
|
HITRUST CSF compliance. |
Business Critical Edition |
|
PCI DSS compliance. |
Business Critical Edition |
|
FedRAMP Moderate compliance (in specified US government regions). |
Business Critical Edition |
|
IRAP Protected compliance (in specified Asia Pacific regions). |
Business Critical Edition |
- 1
For a complete list of security validations achieved by Snowflake, see Security & Compliance Reports (Snowflake website).