Meet us at AWS re:Invent to discuss the latest challenges we are solving for customers and book a time to meet with us!

Learn more

Snowflake Breach Attack Insights

Ofir Stein

June 27, 2024

Snowflake Breach Attack Insights post thumbnail

The recent attack on Snowflake accounts underscores a critical lesson for all cloud users: securely managing identities and access is paramount under the shared responsibility model. As more organizations leverage cloud services, it’s essential to understand that security is a collaborative effort between the service provider and the customer.

Here are some key takeaways:
1️⃣ Shared Responsibility Model: While cloud providers like Snowflake ensure the security of the infrastructure, customers must secure their identities and access management.
2️⃣ Identity Management: Implement strong identity governance to ensure only the right people have the appropriate access to critical data.
3️⃣ Access Control: Use tools and policies to manage and monitor access, reducing the risk of unauthorized access.

Listen in to hear our Director of Product, Sharon Kisluk, explain where things went wrong in this major security incident.

Transcription below

  • At first people thought it was a breach of Snowflake, but then it turned out that the hacks happened because these companies had credentials that were stale with open-ended access to the data that were found online.
  • 20:54 Okay, so also you have to include in this the fact that there was only a single factor off of the kinds of which were targeted, which is its own question about whether or not Snowflake needs to start implementing MFA requirements for sensitive data being stored there.
  • 21:08 But we see data hacks happen all the time. Why was this interesting?
  • 11:13 Yeah, I think this was interesting, first of all, because of the scale. We’re talking about very big companies and really sensitive data. That’s the stuff you don’t want to have leaked, right? Your customer data, personal information.
  • 11:25 But also, I think what’s interesting is that, first of all, the vendor did everything right. Snowflake itself was not hacked. It offered its services as expected. And it really goes to show that companies, customers, need to think about identity and access management.
  • 11:38 They need to understand that they have shared responsibility with the vendor to secure their identities and their data. And we see here a complete failure of identity and access management processes. Credentials were not rotated. Accounts that were not used were not properly off-boarded. And access was left open-ended to something very, very sensitive instead of being managed
  • 11:57 just in time as people require it. So that’s a big thing. And also, to add to that point of how important identity security is, there was no vulnerability of resources involved. So no cloud resources, no services,
  • 12:16 storage, databases, buckets, nothing was misconfigured or had vulnerability. So that just adds to the fact that identities was the cause of the breach here.
  • 22:25 Right, so it’s very much a human management problem more so than anything

Related Posts

How a DevSecOps Initiative Could Have Prevented the IKEA Canada Privacy Breach post thumbnail

How a DevSecOps Initiative Could Have Prevented the IKEA Canada Privacy Breach

Earlier this week, IKEA Canada confirmed that an employee had accessed...

Ofir Stein

September 20, 2022

Top 5 AWS Permissions Management Traps DevOps Leaders Must Avoid post thumbnail

Top 5 AWS Permissions Management Traps DevOps Leaders Must Avoid

As born-in-the cloud organizations grow, natively managed Identity and...

Ofir Stein

September 20, 2022

How we passed our SOC2 compliance certification in just 6 weeks with Apono post thumbnail

How we passed our SOC2 compliance certification in just 6 weeks with Apono

We recently went through the SOC2 process and are happy to report that...

Ofir Stein

September 20, 2022