Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Empowering Snowflake Users Securely

Published 11/01/2024

Home
Industry Insights
Empowering Snowflake Users Securely

Originally published by Normalyze.

Written by Joe Gregory.


Two security leaders address data sprawl, user access, compliance, and scale

I recently moderated a webinar titled Unlocking the Power of Snowflake about the top challenges organizations face today: how to maximize their Snowflake investment, provide secure user access, and address the challenges of data sprawl and visibility, compliance, and scale. With 86% of tech leaders acknowledging that their cloud systems generate more data than their teams can handle efficiently, it’s clear that the complexity of managing and securing data is only growing.

Our discussion featured two data security experts with real-world experience:

Both speakers offered personal insights into how their organizations are using Snowflake to address these challenges. They shared thoughtful strategies for controlling data access, ensuring compliance, and scaling data security in an increasingly complex cloud ecosystem.


Addressing Initial Data Security Challenges in Snowflake

One of the first things that came up in my discussions with Anoop and Josiah was the challenge of data sprawl when they initially adopted Snowflake. Both of them faced the same issue—keeping track of where data was stored and who had access to it as their environments grew. Anoop explained that at Sigma, they immediately focused on role-based access control (RBAC) and data encryption to manage this.

What really stood out to me from Josiah’s experience at Audacy was how easily Snowflake can become difficult to manage if you don’t have the right governance structures in place from the start. Snowflake’s ease of use is a double-edged sword—it makes things faster but can lead to over-provisioning. Josiah mentioned that their data team worked closely with their infrastructure team to ensure that access management was handled with the right controls and foresight.


Balancing Data Access Governance and Business Needs

Anoop and Josiah also shared how they’ve managed to reduce risks without limiting business functionality. For both Sigma and Audacy, RBAC was essential, but they didn’t stop there. Anoop talked about the importance of automating access reviews—instead of manually tracking who had access to what, they used tools to continuously monitor and adjust privileges as needed. This ensured users had the access they needed, but no more than that.

Josiah mentioned a key insight: data tagging. Audacy set up tagging protocols early on to manage data access more effectively, ensuring that each dataset was appropriately classified. That helped them maintain a balance between security and user access, preventing unnecessary delays for their teams.


Regulatory Compliance as a Driver of Strategy

Both experts made it clear that regulatory compliance shaped a lot of their Snowflake strategies. Anoop explained that GDPR and SOC 2 requirements were central to how they set up their access controls, encryption, and audit logs. By building in these elements from the beginning, they ensured that compliance audits were easier to handle. He noted that using real-time monitoring to track who accessed sensitive data made responding to audit requests far less stressful.

Josiah brought up a related point: compliance isn’t just about being reactive. They also design their governance framework with future compliance in mind. By implementing least privilege access and zero trust policies early, Audacy is prepared to adapt to new or more stringent regulations as they arise, making future audits less daunting.


Best Practices for Companies New to Snowflake

For companies just starting their Snowflake journey, both Anoop and Josiah had some practical advice. Anoop emphasized the importance of setting up multi-factor authentication (MFA) and using identity management systems like Okta to automate user provisioning. He also advised against giving users direct access to sensitive data—stick to roles, which can scale more easily as the company grows.

Josiah mentioned something I found particularly interesting: it’s important to avoid overcomplicating your setup in the beginning. He recommended starting with basic functional roles and scaling access from there. The simplicity of that approach prevents your system from becoming a nightmare later, especially when you start dealing with hundreds or thousands of users.


Scaling Security with Data Growth

As their data volumes increased, both Sigma and Audacy had to figure out how to keep up with data security without sacrificing operational efficiency. Anoop highlighted how automation has been key at Sigma—automating security controls like access management and data classification allowed them to keep pace with their growth while maintaining security.

Josiah echoed that sentiment, noting that clear communication between security and data teams was critical for Audacy. By keeping security protocols in place that didn’t slow down the team’s ability to work, they maintained the speed and agility necessary to scale, especially as they start working with AI-driven workflows. Both emphasized that Snowflake’s scalability is a strength, but only if you build your security frameworks to grow with it.


Final Thoughts

This conversation with Anoop and Josiah left me with a lot to think about. Managing data security at scale requires not only the right tools but also the right mindset—starting with a strong foundation, automating wherever possible, and always planning for future growth. Snowflake offers enormous power and scalability, but it’s the strategies and practices behind it that make all the difference.

C-LevelComplianceData SecurityIdentity and Access Management

Share this content on your favorite social network today!

Cloud Assurance
Related Resources
STAR
The industry's standard for security assurance in the cloud.
Cloud Controls Matrix & CAIQ v4
The standard cybersecurity control framework.
Trusted Cloud Provider
Demonstrate your commitment to holistic security.
Latest from CSA
Mark Your Calendar for Cyber Monday!
Map the Transaction Flows for Zero Trust
Advance AI Risk Management
Audit Cloud Providers with Confidence & Enroll in STAR Lead Auditor Training
Related Articles:
Establishing an Always-Ready State with Continuous Controls Monitoring

Published: 11/21/2024

The Lost Art of Visibility, in the World of Clouds

Published: 11/20/2024

5 Big Cybersecurity Laws You Need to Know About Ahead of 2025

Published: 11/20/2024

Why Application-Specific Passwords are a Security Risk in Google Workspace

Published: 11/19/2024