Summary of Security Features¶
Snowflake provides industry-leading features that ensure the highest levels of security for your account and users, as well as all the data you store in Snowflake.
The following table provides a high-level summary of the feature categories, the features within each category, the minimum required Snowflake edition to use each feature:
Category |
Features |
Snowflake Editions |
|---|---|---|
Network/site access |
Site access controlled through IP allow and block lists, managed through network policies. Private communication between the VPC/VNet and the Snowflake service. Private communication to Snowflake internal stages. Configure the idle session timeout for your account or a user through session policies. |
All Business Critical Edition Business Critical Edition Enterprise Edition |
User & Group Administration |
SCIM to manage user identities and groups (i.e. roles). |
All |
Account/user authentication |
Key Pair Authentication & Key Pair Rotation for increased security with client authentication. MFA (multi-factor authentication) for increased security for account access by users. OAuth for authorized account access without sharing or storing user login credentials. Support for user SSO (single sign-on) through federated authentication. Key-Pair Authentication as an alternative to basic authentication (i.e. username and password) and key-pair rotation to support multiple active keys. |
All All All All All |
Object security: |
Controlled access to all objects in the account (e.g. users, warehouses, databases, tables) through a hybrid model of DAC (discretionary access control) and RBAC (role-based access control). |
All |
Data security: |
All ingested data stored in Snowflake tables is encrypted using AES-256 strong encryption. All files stored in internal stages for data loading and unloading automatically encrypted using AES-256 strong encryption. Periodic rekeying of encrypted data. Support for encrypting data using customer-managed keys. |
All All Enterprise Edition Business Critical Edition |
Security validations: |
Soc 1 Type II and Soc 2 Type II compliance. Support for HIPAA compliance. PCI DSS compliance. HITRUST CSF compliance (see supported regions). FedRAMP Moderate compliance (in the US government regions). IRAP Protected compliance (in specified Asia Pacific regions). |
All Business Critical Edition Business Critical Edition Business Critical Edition Business Critical Edition Business Critical Edition |