In what appears to be the world’s biggest data breach in terms of impacted individuals, Snowflake, the renowned AI data platform, has found itself at the center of a massive cyber incident. This breach has sent shockwaves through the tech community and its customers, highlighting critical vulnerabilities in some cloud data security products and services.
Snowflake, known for its ability to process vast amounts of data with ease, has been accused of lacking sufficient security measures. According to reports, this breach has exposed significant amounts of sensitive data.
The Breach Unfolded
According to various sources, including a blog by Hudson Rock, the breach involved attackers obtaining credentials to demo accounts belonging to a former Snowflake employee. These demo accounts were not protected by Multi-Factor Authentication (MFA), unlike Snowflake's production and corporate systems. The attackers used infostealers to gain access to these accounts, resulting in unauthorized database downloads.
Snowflake's incident response team, with the help of CrowdStrike and Mandiant, identified the cause of the malicious activity. They attributed it to a targeted campaign exploiting single-factor authentication and credentials obtained through infostealing malware.
Several high-profile organizations seem to have been impacted by this breach. For instance, Live Nation’s Ticketmaster had its database compromised, potentially exposing personal information of millions of customers. Other prominent companies such as Santander, State Farm, and Anheuser-Busch were reportedly also affected, with significant data exfiltration reported across various industries.
Snowflake has refuted claims made by a threat actor regarding the theft of data from Santander and Ticketmaster. The company asserts that the breach resulted from stolen customer login credentials rather than any vulnerability, misconfiguration, or breach within Snowflake's product. Snowflake emphasized that there is no evidence to suggest the incident was due to a fault in their platform. They confirmed that attackers accessed certain customer accounts using compromised credentials and have since notified affected customers, provided indicators of compromise, and offered recommendations to enhance account security.
The Fallout
Snowflake’s response to the breach has been under scrutiny. While they have pointed out that the demo accounts were not linked to their core systems, the lack of MFA and the failure to disable access for a former employee have raised serious concerns about their internal security practices. This incident serves as a stark reminder of the potential risks associated with transferring security responsibilities to cloud providers.
Voltage SecureData: A Robust Solution for Protecting Sensitive Data
Acceleration to the Cloud and Privacy Compliance
Strong data security is essential for complying with regulations, protecting customer trust, and avoiding costly breaches. However, traditional data protection techniques can introduce performance issues, complexity, and drive up your overall cloud compute and storage costs, and gaps in data protection may leave you exposed to breaches and non-compliance risks.
According to Gartner, the use of cloud-native technologies is not just popular but pervasive. By 2025, it is estimated that over 95% of new digital workloads will be deployed on cloud-native platforms. Many companies have shifted their data to the cloud due to the cost-effectiveness of cloud storage and its array of services, which enable more value from rapidly expanding data volumes. However, cloud-related data breaches remain a persistent threat, making data security a board-level concern.
Voltage SecureData helps ensure that adopting cloud services like the Snowflake Data Cloud protects sensitive data such as Personally Identifiable Information (PII), Payment Card Information (PCI), Protected Health Information (PHI), and intellectual property by rendering it useless to attackers. This helps avoid regulatory fines and damage to brand reputation and customer trust.
The Shared Responsibility Security Model
The shared responsibility security model is a framework that delineates the security obligations of service providers, like Snowflake, and their customers. In this model, the service provider is responsible for the security "of" the cloud, which includes the infrastructure, physical hardware, and foundational services. On the other hand, the customer is responsible for security "in" the cloud, which involves data encryption, identity and access management, and protecting applications.
Source: https://www.horangi.com/horangipedia/what-is-the-shared-responsibility-model
The Snowflake platform exemplifies this model by offering several native, layered security options, including network security, identity and access management, transparent disk encryption, TLS, and standard data-at-rest encryption. These features ensure the integrity and security of the underlying infrastructure and core services.
To enhance data security further within this framework, solutions like Voltage SecureData play a crucial role. Voltage SecureData adds essential data-centric protection options that bolster the security measures provided by Snowflake. This includes advanced encryption, tokenization, and data masking techniques that protect sensitive data at the data level, ensuring it remains secure throughout its lifecycle, whether at rest, in transit, or in use.
By leveraging both Snowflake’s native security capabilities and Voltage SecureData’s advanced data protection, organizations can achieve comprehensive security coverage. This dual approach allows them to meet regulatory requirements, protect sensitive information, and maintain the usability of their data for analytics and business intelligence, thereby optimizing both security and functionality within their cloud environments.
How Voltage Can Help
The Voltage Fusion and SecureData include critical capabilities from data discovery to disposition. Understanding the flow, use, and storage of data is key to compliance with global privacy legislation and internal security policies. Voltage Fusion provides solutions that discover, analyze, and classify all data types—structured, semi-structured, and unstructured. Policies covering the entire data lifecycle allow enterprises to act on their data with contextual awareness and deep insights from rich risk profile visualizations.
Voltage SecureData uses standards-validated, data-centric security innovations, such as Format-Preserving Encryption and Secure Stateless Tokenization, to pseudonymize and anonymize sensitive information, delivering persistent privacy throughout the data lifecycle wherever it resides, moves, or is used.
Voltage SecureData Integrations for Snowflake Benefits
The Snowflake platform provides several native, layered security options, including network security, identity and access management, transparent disk encryption, TLS, and standard data-at-rest encryption. Voltage SecureData adds important data-centric protection options that enhance data security in Snowflake:
- Format-preservation for usability: Ensures that protected data retains its usability.
- Data security controls: Helps comply with data privacy regulations.
- Persistent protection: Supports multi-cloud and data sharing strategies.
- Flexibility: Uses standards-validated and independently assessed techniques.
- Unicode support: Safely supports all alphabets with Safe Unicode FPE.
Protected data retains referential integrity, allowing customers to perform meaningful analytics on protected data sets. Voltage SecureData preserves data formats so the protected data fits seamlessly into existing table schema and any downstream applications expecting fields of a particular type, like dates, national identifiers, or names. It provides reversible and irreversible methods for sensitive data types across all languages, including Format-Preserving Encryption (FPE), Secure Stateless Tokenization (SST), and Format-Preserving Hash (FPH).
Data protected by Voltage SecureData remains secure when moving into or out of Snowflake, supporting a multi-cloud strategy and data sharing without compromising security. Organizations retain complete control of encryption keys and token tables, from master keys to data encryption keys, in a stateless system.
Share and shift protected data to and from Snowflake
The high-level reference architecture shows the data flow from origin to storage and use in Snowflake. Data protection can be applied on-premises before uploading to the cloud, during transfer, or upon arrival in the cloud. SecureData supports various tools for moving data into Snowflake, making it versatile and effective for enterprise-wide, multi-cloud data protection strategies.
Benefits of Voltage SecureData Integration with Snowflake Horizon
Snowflake Horizon, Snowflake’s built-in governance solution, addresses data security, privacy, and compliance issues, allowing customers to efficiently take action on their data and apps in a governed, secure environment. Snowflake Horizon makes it easy to integrate with security solutions like Voltage SecureData to enhance data protection across your entire data estate.
If you are looking for a way to conduct analytics at scale without compromising on data security, the Voltage SecureData integration with Snowflake Horizon is a great option to consider. SecureData enables you to encrypt, tokenize, or mask your data before loading it into the Snowflake Data Cloud, or even as it lands in the Snowflake solution. By doing so, you make the data useless to unauthorized individuals or entities outside your organization or those with whom you have not specifically shared access. This approach ensures compliance with privacy regulations and preserves the usability of data for analytics and business intelligence, even in its protected form.
The Voltage SecureData integration with Snowflake Horizon is a comprehensive data protection solution that integrates seamlessly with Snowflake’s native features and capabilities, including external functions and dynamic data masking policies. You can use SecureData to protect any type of data, such as PII, PHI, PCI, intellectual property, and trade secrets. You can also choose from different protection methods, such as FPE, SST, or FPH, depending on security requirements.
Key Benefits
- High-scale analytics: Voltage SecureData enables high-scale, high-performance, and secure data analytics, data science, and data sharing in the cloud. It protects sensitive data before, during, and after it lands in the Snowflake Data Cloud, using industry-leading data-centric techniques that preserve the value and format of the data.
- Enhanced data security: Voltage SecureData allows you to perform analytics and business intelligence on protected data with role-based access enabled directly on specific data elements via SQL function calls or conducted transparently in combination with Snowflake masking policies.
- Secure third-party data sharing: SecureData enables the import of data already protected by Voltage SecureData, allowing you to analyze it on other platforms or clouds without removing the protection. This makes it possible to monetize analytics through third parties while maintaining the highest levels of data security.
- Reduced compliance costs: Voltage SecureData helps you comply with data privacy regulations, such as GDPR, CPRA, HIPAA, PCI DSS, and more, saving time and money.
Conclusion
The Snowflake breach is a stark reminder of the vulnerabilities that exist in cloud data platforms. While Snowflake has denied that the breach was caused by any vulnerability, misconfiguration, or breach of their product, the fact remains that attackers were able to access sensitive customer data using stolen login credentials. This incident underscores the importance of robust security measures and the need for organizations to take proactive steps to protect their sensitive data.
In light of these events, it is imperative for organizations to adopt comprehensive security solutions like Voltage SecureData. SecureData offers a robust, data-centric approach to security, ensuring that sensitive information is protected at the data level, regardless of where it resides. By integrating with Snowflake, SecureData helps organizations secure their data before, during, and after it lands in the Snowflake Data Cloud, thereby reducing the risk of data breaches, ensuring compliance with privacy regulations, and maintaining the usability of data for analytics and business intelligence.
Adopting a data-centric security approach with Voltage SecureData is not just a good practice, but a necessity in today's environment. Protect your sensitive information and ensure your data remains secure, no matter where it resides.
To Learn More: