Summary of Security Features¶

Snowflake provides industry-leading features that ensure the highest levels of security for your account and users, as well as all the data you store in Snowflake.

The following table provides a high-level summary of the features, grouped into the following categories:

Features	Snowflake Editions
Network/site access:
Site access controlled through IP whitelisting and blacklisting, managed through network policies.	All
Private communication between Snowflake and your other VPCs through AWS PrivateLink.	Business Critical Edition (or higher)
Private communication between Snowflake and your other VNets through Azure Private Link.	Business Critical Edition (or higher)
User & Group Administration
SCIM to manage user identities and groups (i.e. roles).	All
Account/user authentication:
MFA (multi-factor authentication) for increased security for account access by users.	All
OAuth for authorized account access without sharing or storing user login credentials.	All
Support for user SSO (single sign-on) through federated authentication.	All
Object security:
Controlled access to all objects in the account (e.g. users, warehouses, databases, tables) through a hybrid model of DAC (discretionary access control) and RBAC (role-based access control).	All
Data security:
All data automatically encrypted (using AES 256 strong encryption).	All
All files stored in stages (for data loading/unloading) automatically encrypted (using either AES 128 standard or 256 strong encryption).	All
Periodic rekeying of encrypted data.	Enterprise (or higher)
Support for encrypting data using customer-managed keys.	Business Critical Edition (or higher)
Support for masking column data in tables and views using Column-level Security.	Enterprise (or higher)
Security validations:
Soc 1 Type II compliance.	All
Soc 2 Type II compliance.	All
Support for HIPAA compliance.	Business Critical Edition (or higher)
PCI DSS compliance.	Business Critical Edition (or higher)