Summary of Security Features

.

Related Topics

• Snowflake Editions

• Continuous Data Protection

Snowflake provides industry-leading features that ensure the highest levels of security for your account and users, as well as all the data you store in Snowflake.

The following table provides a high-level summary of the features, grouped into the following categories:

Features	Snowflake Editions
Network/site access:
Site access controlled through IP allow and block lists, managed through network policies.	All
Private communication between Snowflake and your other VPCs through AWS PrivateLink.	Business Critical Edition (or higher)
Private communication between Snowflake and your other VNets through Azure Private Link.	Business Critical Edition (or higher)
User & Group Administration
SCIM to manage user identities and groups (i.e. roles).	All
Account/user authentication:
Key Pair Authentication & Key Pair Rotation for increased security with client authentication.	All
MFA (multi-factor authentication) for increased security for account access by users.	All
OAuth for authorized account access without sharing or storing user login credentials.	All
Support for user SSO (single sign-on) through federated authentication.	All
Key-Pair Authentication as an alternative to basic authentication (i.e. username and password) and key-pair rotation to support multiple active keys.	All
Object security:
Controlled access to all objects in the account (e.g. users, warehouses, databases, tables) through a hybrid model of DAC (discretionary access control) and RBAC (role-based access control).	All
Data security:
All ingested data stored in Snowflake tables is encrypted using AES-256 strong encryption.	All
All files stored in internal stages for data loading and unloading operations is automatically encrypted using AES-256 strong encryption.	All
Periodic rekeying of encrypted data.	Enterprise (or higher)
Support for encrypting data using customer-managed keys.	Business Critical Edition (or higher)
Support for masking column data in tables and views using Column-level Security.	Enterprise (or higher)
Security validations:
Soc 1 Type II compliance.	All
Soc 2 Type II compliance.	All
Support for HIPAA compliance.	Business Critical Edition (or higher)
PCI DSS compliance.	Business Critical Edition (or higher)
HITRUST CSF compliance (see supported regions).	Business Critical Edition (or higher)