MFA Now Required for All Snowflake Users: A Proactive Security Measure

Snowflake, a company specializing in cloud data storage and analytics, recently announced the introduction of a new feature for administrators—the ability to enforce mandatory multi-factor authentication (MFA) for all controlled users. This initiative aims to enhance security following a series of recent incidents involving the compromise of customer credentials.

In early June, researchers from Hudson Rock highlighted attacks on Ticketmaster and Santander linked to Snowflake accounts. However, Snowflake denied responsibility for these incidents, asserting that the accounts were compromised through third-party attacks.

Image: Snowflake

Subsequently, Snowflake compelled the researchers to remove their report but later acknowledged that the credentials of a former employee had been used to access several demo accounts. It was later revealed that the primary cause of the breach was the lack of MFA protection on the compromised accounts, allowing hackers to easily access client accounts with credentials obtained from other sources.

Now, Snowflake administrators can flexibly configure the multi-factor authentication policy. They can choose whether to apply it only to local users, including single sign-on (SSO) users, or configure it individually for each user. Snowflake does not recommend the latter option for service users, preferring authentication via OAuth or key pairs.

To facilitate the adoption of MFA, the company introduced the Snowflake Trust Center—a platform for monitoring compliance with security policies. The Trust Center offers two new packages: Security Essentials and CIS Benchmarks. The Security Essentials package checks the implementation of MFA and network policies, while CIS Benchmarks assesses client accounts against the secure configurations of the CIS Snowflake Foundations Benchmark.

The new Snowsight interface will remind users who have not enabled MFA of the necessity to set it up, providing step-by-step instructions. This reminder can be dismissed but will reappear every three days until MFA is enabled.

Currently, the decision to implement MFA remains at the discretion of administrators, but in the future, the company plans to make MFA mandatory for all users. Snowflake also provides the option to exclude service users from the MFA policy to avoid the use of passwords in non-interactive processes.

The measures implemented by the company will help prevent credential compromise and protect user data, ensuring a higher level of security. Snowflake plans to continue developing technologies and tools to enhance the security of its clients and will be adding new features to the Trust Center in the coming months.

The attacks related to Snowflake quickly garnered public attention, as they affected at least 165 companies, including Ticketmaster, Santander Bank, Advance Auto Parts, Neiman Marcus, and others. The introduction of mandatory multi-factor authentication in the future is expected to prevent such incidents and strengthen the protection of user data.