Post extortion and breach, Snowflake adds enforceable security measures.
Snowflake users are to be pushed to enable multi factor authentication (MFA), in new product capabilities.
Announced in a post this week by CISO Brad Jones, the update will see users prompted to enable MFA and guided through the configuration steps. “This dialog can be dismissed, but it will reappear in three days if MFA has not been configured for the user,” Jones said in the post.
The updates are intended to better help users protect their accounts and data, and work on encouraging users who are not using security best practices to adopt them, allowing admins to enforce security by default and provide visibility into adherence to security policies - for example knowing which users haven’t configured MFA.
Jones also said that a future release will “introduce a new user object type to help exclude service users from MFA policies at scale.”
Mitigating Credential Theft
Snowflake has also introduced the general availability of a Trust Center Security Essentials scanner package, which looks for MFA compliance, as well as the use of network policies.
“As the recommended tool for compliance monitoring, it is enabled by default and available free of charge in all Snowflake editions,” Jones said.
Scanners which evaluate accounts against the CIS Snowflake Foundations Benchmark are also introduced, which can detect overprivileged entities, users who have not logged in for the past 90 days and account admin grants.
Jones said Snowflake “is committed to continuing its investment into technology and tools that help our customers increase their security” and it will soon require MFA for all “human users” in newly created Snowflake accounts.
Javvad Malik, lead security awareness advocate at KnowBe4 praised the rollout of MFA, saying from an account protection perspective, it is probably one of the single most effective controls to have in place.
"Given all the attacks against accounts, including credential stuffing - more organisations should enable MFA by default, but it's worth remembering that not all MFA is created equally, and while one could argue that some MFA is better than no MFA at all, having phishing resistant MFA is the preferred route to go down," he said.
"However, simply implementing a control like MFA is sometimes not enough. Social engineering can still bypass the best of controls. Therefore, a strong security culture needs to be created whereby people understand the importance of MFA and how to ensure they are using it correctly.
"Only through a unified approach of people, processes, and technology can we build organisations which are resilient to attacks."
Breach Fallout
The security steps follow a notable breach of Snowflake from this summer, where the details of 165 customers were leaked in an extortion campaign.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
