ISO/IEC 27001, an information security management system standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is invaluable for monitoring, reviewing, maintaining and improving a company's information security management system.
Snowflake's ISO/IEC 270012013 certification further demonstrates its commitment to deliver industrial strength data warehouse security. Snowflake's end-to-end data security features provide continuous protection, encryption, auditing and monitoring of the infrastructure on which data resides, inherently improving customer data security.
Some of Snowflake's key security features include
Encryption everywhere - Snowflake automatically encrypts all data at rest and in transit.
Comprehensive protection - Security features include multi-factor authentication, role-based access control, IP address whitelisting, federated authentication and annual rekeying of encrypted data.
Security validations - SOC 1 Type 2, SOC 2 Type 2, PCI DSS compliance, achieving FedRAMP-Ready status, and support for HIPAA compliance validate the level of security of Snowflake's cloud data warehouse.
Tri-Secret Secure - Ensures customer control and data protection by combining a customer-provided encryption key, with a Snowflake-provided encryption key and user credentials.
Private deployment - Enterprises can get a dedicated and managed instance of Snowflake within a separate AWS Virtual Private Cloud (VPC).
System for Cross-domain Identity Management (SCIM) - A standard that allows customers to relay changes from an identity that is connecting to Snowflake all the way back to the consuming application. It uses OAuth as a way to pass through identities and is integrated with Snowflake partners like Tableau, Microsoft and Looker.
Lacework, a Snowflake customer and strategic partner, delivers a cloud security platform that combines active cloud resource monitoring, advanced analytics and smart visualization. Lacework's complete security platform provides visibility and intrusion detection that helps enterprises keep their data and resources safe, said Lacework CEO, Dan Hubbard. It's crucial that we practice what we preach and partner with companies like Snowflake that share our values of security and innovation. Snowflake's built-in security features complement and integrate well with Lacework's internal security controls and quality requirements.
Security is rooted in Snowflake's unique built-for-the-cloud architecture, Snowflake Vice President of Security, Mario Duarte said. Gaining the internationally recognized ISO/IEC 270012013 certification is another proof point to our customers that Snowflake provides them with best-in-class, standards-based practices to ensure the security of their data. Our goal with initiatives like this is to remove from our customers the complexity and burden of enabling security.