Summary of Security Features

Snowflake provides industry-leading features that ensure the highest levels of security for your account and users, as well as all the data you store in Snowflake.

The following table provides a high-level summary of the feature categories, the features within each category, the minimum required Snowflake edition to use each feature:

Category

Features

Snowflake Editions

Network/site access

Site access controlled through IP allow and block lists, managed through network policies.

Private communication between the VPC/VNet and the Snowflake service.

Private communication to Snowflake internal stages.

Configure the idle session timeout for your account or a user through session policies.

All

Business Critical Edition

Business Critical Edition

Enterprise Edition

User & Group Administration

SCIM to manage user identities and groups (i.e. roles).

All

Account/user authentication

Key Pair Authentication & Key Pair Rotation for increased security with client authentication.

MFA (multi-factor authentication) for increased security for account access by users.

OAuth for authorized account access without sharing or storing user login credentials.

Support for user SSO (single sign-on) through federated authentication.

Key-Pair Authentication as an alternative to basic authentication (i.e. username and password) and key-pair rotation to support multiple active keys.

All

All

All

All

All

Object security:

Controlled access to all objects in the account (e.g. users, warehouses, databases, tables) through a hybrid model of DAC (discretionary access control) and RBAC (role-based access control).

All

Data security:

All ingested data stored in Snowflake tables is encrypted using AES-256 strong encryption.

All files stored in internal stages for data loading and unloading automatically encrypted using AES-256 strong encryption.

Periodic rekeying of encrypted data.

Support for encrypting data using customer-managed keys.

All

All

Enterprise Edition

Business Critical Edition

Security validations:

Soc 1 Type II and Soc 2 Type II compliance.

Support for HIPAA compliance.

PCI DSS compliance.

HITRUST CSF compliance (see supported regions).

FedRAMP Moderate compliance (in the US government regions).

IRAP Protected compliance (in specified Asia Pacific regions).

All

Business Critical Edition

Business Critical Edition

Business Critical Edition

Business Critical Edition

Business Critical Edition