Snowflake Introduces Multifactor Authentication after Cyberattacks

Highlights:

• The Snowflake Trust Center, recently made available, also aids in overseeing compliance.
• Snowflake has introduced new security enhancements focused on bolstering account protection, including the mandatory implementation of MFA.

A data cloud company, Snowflake Inc., has introduced multifactor authentication in response to its customers being targeted following a third-party breach earlier this year.

In late May, a hacking campaign affecting Snowflake users was uncovered when approximately 560 million records, reportedly stolen from Ticketmaster Entertainment, surfaced for sale on the Breach Forums hacking site. This was followed on June 6 by data from U.S. auto parts provider Advance Auto Parts Inc. being offered for sale. The connection between these incidents is that both companies were customers of Snowflake.

On June 10, Google LLC’s Mandiant disclosed that 165 Snowflake customers were targeted in the hacking campaign. Snowflake has consistently asserted that the data was not stolen due to a breach of its platform but rather because targeted users lacked multifactor authentication. Implementing multifactor authentication is the first of Snowflake’s new security measures.

In a blog post published recently, Snowflake announced new security features designed to enhance account protection, including making multifactor authentication (MFA) mandatory. Administrators can now mandate MFA for all users in a Snowflake account, offering flexible configurations for local or single sign-on users. Additionally, Snowflake’s interface, Snowsight, will now prompt users who haven’t enabled MFA to set it up, promoting broader adoption across the platform.

To assist administrators in enforcing these new security measures, Snowflake has introduced a comprehensive authentication policy. This policy provides detailed control, allowing for MFA requirements to be set at both the account and user levels. Service users, such as those involved in non-interactive access through automation, can be exempt from these requirements, with recommendations to use key-pair authentication or OAuth instead.

Now generally available, the Snowflake Trust Center aids in monitoring compliance. It provides tools such as the Security Essentials and CIS Benchmarks scanner packages to identify overprivileged entities and ensure adherence to MFA policies.

Security experts have positively received the move to enforce MFA. “From an account protection perspective, MFA is probably one of the single most effective controls to have in place. Given all the attacks against accounts, including credential-stuffing, more organizations should enable MFA by default,” Javvad Malik, Lead Security Awareness Advocate at security awareness training company KnowBe4 Inc., said in an interview.

Darren James, Senior Product Manager at Specops Software, an Outpost24 company, remarked that the implementation of MFA is a positive development. He said, “MFA for existing customers will still need to be enabled by the end customer and we need to remember that MFA on its own isn’t a silver bullet. MFA comes in different forms e.g., OTP, Biometric, Push Notifications and the like, and some are more secure or phishing-resistant than others.”

He added that secure authentication to any platform should and can be achieved using a multilayered approach: “Firstly, a strong password policy, then strong phishing resistant MFA, but don’t forget threat intelligence to understand who is logging in with an already breached password and to what systems (both external and internal). And finally locking down where users can log in from and using behavior signals such what times they would normally log in which can be used to thwart compromised session cookies.”