In the wake of a series of high-profile data breaches, cloud data giant Snowflake is now enabling administrators to mandate multi-factor authentication (MFA) for all user accounts. This move comes as part of Snowflake’s broader efforts to enhance security across its platform, following recent incidents involving major companies such as Ticketmaster, Advance Auto Parts, and as of today – AT&T.
The breaches have cast a spotlight on the importance of robust security measures, particularly MFA, which requires users to provide two or more verification factors to gain access to a resource. This is crucial in protecting user accounts from being compromised by malicious actors who may obtain passwords through phishing or other means.
Snowflake has faced criticism for its security posture after reports linked it to several data theft incidents. However, the company has consistently maintained that the breaches were not due to vulnerabilities or misconfigurations within its platform. Instead, Snowflake attributes these security lapses to its customers’ failure to implement necessary security features. Cybersecurity firm Mandiant, brought in by Snowflake to assist with the investigation and notifications, echoed this sentiment.
In response, Snowflake has introduced new measures to bolster customer security. These measures include the ability for administrators to enforce MFA across all user accounts. “To help drive MFA adoption, we’re taking steps to promote individual compliance for Snowflake users,” Snowflake stated in a blog post. When users without MFA log on to Snowflake’s web interface, Snowsight, they will be prompted to enable MFA and guided through the configuration steps. This prompt can be dismissed but will reappear every three days until MFA is configured.
Alongside this, Snowflake has rolled out the Snowflake Trust Center (STC), a framework that allows customers to monitor compliance with MFA policies and other security guidelines. The STC includes two new packages: the Security Essentials scanner package, which examines MFA and network policy adoption, and the CIS Benchmarks scanner package, which evaluates customer accounts against the CIS Snowflake Foundations Benchmark.
Despite these new tools, implementing MFA remains at the discretion of Snowflake customers for the time being. Snowflake’s default setting enables MFA on a per-user basis, but the company has hinted that this policy may soon change to require all human users to use MFA by default.
Snowflake’s app-based MFA solution, powered by Duo, is currently the only option available for customers. Administrators can configure MFA policies to apply to local users, single sign-on (SSO) users, or on a user-by-user basis. However, Snowflake does not recommend enforcing MFA for service users, such as those used for automation; instead, it advises using OAuth or key-pair authentication.
Findings from Hudson Rock, a cybersecurity firm that initially reported the intrusions at Ticketmaster and Santander, are the root of this saga. These intrusions were linked to Snowflake accounts in a report that was later retracted after legal intervention from Snowflake. Although Snowflake denied responsibility for these breaches, the company did admit that a former employee’s credentials were used by a malicious third party to access a few demo accounts.
With cyber threats becoming more fierce by the minute, robust security measures like MFA are no longer optional but essential. While Snowflake’s new policies and tools are a significant step towards better security, they also remind us that human and organizational negligence plays a considerable role in breaches.
Snowflake and its customers must work together to safeguard data and reduce the risk of credential compromise. You could say that this is Snowflake trying to save face. And maybe that’s true, but it’s also about survival in an increasingly hostile cyber environment.
That said, this will not do much for those already affected, but at least they will not have an excuse in the future.
