Data security and privacy are paramount concerns in today's digital landscape. Snowflake recognizes this, and the Snowflake Trust Center offers a comprehensive suite of tools and resources aimed at enhancing data security, compliance, and governance for Snowflake users. 

By leveraging the Trust Center within Snowsight, you can easily monitor your Snowflake environment's security posture, take proactive measures to mitigate risks, and ensure the protection of your valuable data.

Why the Trust Center Matters

The Snowflake Trust Center serves several key purposes:

• Building Trust: It fosters trust and confidence by demonstrating Snowflake's commitment to security and privacy.

• Transparency: It provides a clear and transparent view of Snowflake's security practices, allowing you to make informed decisions about entrusting your data to the platform.

• Resource Hub: It acts as a valuable resource for security professionals, compliance officers, and anyone interested in understanding Snowflake's security posture.

• Education and Awareness: It educates users about security risks and best practices for maintaining a secure data environment in Snowflake.

CIS (Center for Internet Security)

The CIS (Center for Internet Security) Benchmark for Snowflake is a set of security configuration guidelines designed to help organizations harden their Snowflake deployments and minimize security risks. These benchmarks are developed through community collaboration and consensus among subject matter experts, providing a comprehensive framework for assessing and enhancing the security of your Snowflake environment.

You can find more information about the CIS Benchmark for Snowflake and access the benchmark document on the CIS website: https://www.cisecurity.org/benchmark/snowflake

Scanner Packages

A Scanner Package in the Snowflake Trust Center is a collection of security scanners that automatically assess your Snowflake account for potential vulnerabilities and misconfigurations. Each scanner package focuses on a specific aspect of security, such as compliance with industry benchmarks, data governance practices, database security, identity and access management, or platform security.

SQL

-- Retrieve information about all available scanner packages in the Snowflake Trust Center 
SELECT * FROM

Scanner packages run on a predefined schedule (typically weekly), which you can customize to align with your organization's security needs. Enabling a scanner package initiates an immediate scan and doesn't affect the regular schedule.

By default, scanner packages are disabled. However, you can activate them to proactively monitor your Snowflake environment for security risks and ensure compliance with industry standards.

How to Access the Trust Center

The Snowflake Trust Center is available in Snowsight. You can easily navigate through its different sections to find information relevant to your specific concerns. It's designed to be user-friendly and provide comprehensive information in a clear and concise manner.

Access the Trust Center: Navigate to the "Monitoring" section in Snowsight and select "Trust Center."

Scanner Packages are disabled until setup. 

Explore Scanner Packages: The "Scanner Packages" tab allows you to enable or disable various security scanners that proactively assess your account for vulnerabilities.

Click to enable Scanner Packages for CIS Benchmarks.

Set the schedule that checks for compliance with the Center for Internet Security (CIS) benchmark recommendations for Snowflake.

Verify Scanner settings. Use this tab to "disable" scanner package schedule if needed.

Verify CIS Benchmarks Scanner packages has been enabled for your account. 

Click to explore details and descriptions of specific Scanners.

View Security Findings: The "Findings" tab displays any potential security risks in your Snowflake account, along with recommendations for remediation.

Click specific recommendations to remediate findings. 

Leverage the provided SQL in Snowsight worksheets to further explore violations. 

Understand the impact of Critical violations 

Custom Scanner Packages

Right now (as of May 2024) you cannot create fully custom scanner packages within the Snowflake Trust Center. However, you can achieve a degree of customization in the following ways:

1. Adjusting Scanner Package Schedules: You can modify how often each scanner package runs, tailoring the frequency to your organization's specific needs and risk tolerance.

2. Enabling/Disabling Scanner Packages: You have the flexibility to choose which scanner packages you want to activate for your Snowflake account. This allows you to focus on the security areas most relevant to your organization.

3. Leveraging Snowsight Worksheets: While not a custom package within the Trust Center, you can create and execute SQL queries designed to identify specific security issues or configurations you want to monitor. These scripts can be scheduled to run regularly, providing a form of custom scanning.

4. Integrating with Third-Party Tools: Snowflake integrates with various third-party security and governance platforms. These platforms often offer more extensive customization options, allowing you to define your own security rules and checks.

Key Takeaways

• The Snowflake Trust Center is a testament to Snowflake's dedication to maintaining the highest levels of security, privacy, and compliance.

• It provides a wealth of information to help you understand and trust Snowflake's security practices.

• By leveraging the Trust Center's resources, you can enhance the security of your own Snowflake environment and ensure the protection of your valuable data.

Explore the Snowflake Trust Center today to learn more about how Snowflake safeguards your data and maintains a secure cloud data platform.

Trust Center | Snowflake Documentation