Snowflake Breach Attack Insights
Ofir Stein
June 27, 2024
The recent attack on Snowflake accounts underscores a critical lesson for all cloud users: securely managing identities and access is paramount under the shared responsibility model. As more organizations leverage cloud services, it’s essential to understand that security is a collaborative effort between the service provider and the customer.
Here are some key takeaways:
1️⃣ Shared Responsibility Model: While cloud providers like Snowflake ensure the security of the infrastructure, customers must secure their identities and access management.
2️⃣ Identity Management: Implement strong identity governance to ensure only the right people have the appropriate access to critical data.
3️⃣ Access Control: Use tools and policies to manage and monitor access, reducing the risk of unauthorized access.
Listen in to hear our Director of Product, Sharon Kisluk, explain where things went wrong in this major security incident.
Transcription below
- At first people thought it was a breach of Snowflake, but then it turned out that the hacks happened because these companies had credentials that were stale with open-ended access to the data that were found online.
- 20:54 Okay, so also you have to include in this the fact that there was only a single factor off of the kinds of which were targeted, which is its own question about whether or not Snowflake needs to start implementing MFA requirements for sensitive data being stored there.
- 21:08 But we see data hacks happen all the time. Why was this interesting?
- 11:13 Yeah, I think this was interesting, first of all, because of the scale. We’re talking about very big companies and really sensitive data. That’s the stuff you don’t want to have leaked, right? Your customer data, personal information.
- 11:25 But also, I think what’s interesting is that, first of all, the vendor did everything right. Snowflake itself was not hacked. It offered its services as expected. And it really goes to show that companies, customers, need to think about identity and access management.
- 11:38 They need to understand that they have shared responsibility with the vendor to secure their identities and their data. And we see here a complete failure of identity and access management processes. Credentials were not rotated. Accounts that were not used were not properly off-boarded. And access was left open-ended to something very, very sensitive instead of being managed
- 11:57 just in time as people require it. So that’s a big thing. And also, to add to that point of how important identity security is, there was no vulnerability of resources involved. So no cloud resources, no services,
- 12:16 storage, databases, buckets, nothing was misconfigured or had vulnerability. So that just adds to the fact that identities was the cause of the breach here.
- 22:25 Right, so it’s very much a human management problem more so than anything