Summary of Security Features

Snowflake provides industry-leading features that ensure the highest levels of security for your account and users, as well as all the data you store in Snowflake.

The following table provides a high-level summary of the feature categories, the features within each category, the minimum required Snowflake edition to use each feature:

Category

Features

Snowflake Editions

Network/site access

Site access controlled through IP allow and block lists, managed through network policies.

All

Configurable idle session timeout for your account or a user through session policies.

Enterprise Edition

Private communication between the VPC/VNet and the Snowflake service.

Business Critical Edition

Private communication to Snowflake internal stages.

Business Critical Edition

User & group administration

SCIM to manage user identities and groups (i.e. roles).

All

Account/user authentication

Key Pair Authentication & Key Pair Rotation for increased security with client authentication.

All

MFA (multi-factor authentication) for increased security for account access by users.

All

OAuth for authorized account access without sharing or storing user login credentials.

All

Support for user SSO (single sign-on) through federated authentication.

All

Key-Pair Authentication as an alternative to basic authentication (i.e. username and password) and key-pair rotation to support multiple active keys.

All

Object security

Controlled access to all objects in the account (e.g. users, warehouses, databases, tables) through a hybrid model of DAC (discretionary access control) and RBAC (role-based access control).

All

Data security

All ingested data stored in Snowflake tables is encrypted using AES-256 strong encryption.

All

All files stored in internal stages for data loading and unloading automatically encrypted using AES-256 strong encryption.

All

Periodic rekeying of encrypted data.

Enterprise Edition

Support for encrypting data using customer-managed keys.

Business Critical Edition

Security validations 1

Soc 1 Type II and Soc 2 Type II compliance.

All

HIPAA compliance.

Business Critical Edition

HITRUST CSF compliance.

Business Critical Edition

PCI DSS compliance.

Business Critical Edition

FedRAMP Moderate compliance (in specified US government regions).

Business Critical Edition

IRAP Protected compliance (in specified Asia Pacific regions).

Business Critical Edition

1

For a complete list of security validations achieved by Snowflake, see Security & Compliance Reports (Snowflake website).

Back to top