D1.2 - OUTLINE SECURITY PRINCIPLES

Question 1

MULTI-FACTOR AUTHENTICATION (MFA)

Answer 1

• MFA support is integrated into Snowflake, power by Duo
• MFA is enabled on per user basis, it is not automatic
• STRONGLY recommend for all users with ACCOUNTADMIN role

Question 2

DATA ENCRYPTION

Answer 2

• All ingested data stored in Snowflake is AES-256 strong encryption
• Enterprise edition includes periodic rekeying of encrypted data
• Business critical edition includes encryption using customer managed keys

Question 3

NETWORK SECURITY AND POLICIES

Answer 3

• networking policies allow for creating a user allowed and vice versa list based on user IP address

Question 4

Access Control

Answer 4

• Access based on objects, roles, privilege’s, users etc

Question 5

FEDERATED AUTHENTICATION

Answer 5

• Enables users to sign on to Snowflake using SSO
• When using SSO users can authenticate through an external, SAML 2.0 compliant identity provider (IdP)
• Once authenticated by an IdP users can initiate one or more sessions for the duration of and IdP session without having to login to Snowflake
• Then can choose to initiate from within IdP session or Snowflake

Question 6

Single Sign-On (SSO)

Answer 6

• Applicable when a client application is configured to use browser-based SSO, the application uses the following workflow for user authentication:

1. App launches window displaying the authentication page for IdP
2. The user enters IdP credentials (username and password)
3. If user is enrolled in MFA in Snowflake, they are prompted to type the MFA passcode or confirm authentication on other device
4. After IdP has authenticated user credentials, the browser displays a success message. The user can then close the browser tab/window (it does not need to be open after authentication), return to the application, and use the Snowflake session that has been initiated