06 June 2024

❄️ Snowflake Safe. The Importance of SaaS Governance

Effective SaaS Governance. A view into how Snowflake can remain safe.

Daniel Wallace
Daniel Wallace Senior Security Architect LinkedIn

In today’s digital landscape, the use of Software as a Service (SaaS) has become ubiquitous. SaaS platforms offer flexibility, scalability, and efficiency, which are critical for modern enterprises. One such platform that has gained significant traction is Snowflake- a powerful cloud data platform that enables data warehousing, data lakes, and data sharing. However, the rise of SaaS also brings about unique security challenges. Recently, Snowflake, in collaboration with Crowdstrike and Mandiant, released a joint statement highlighting an increase in cyber threat activity targeting some of their customers’ accounts. According to the statement:

“Snowflake recently observed and is investigating an increase in cyber threat activity targeting some of our customers’ accounts. We believe this is the result of ongoing industry-wide, identity-based attacks with the intent to obtain customer data. Research indicates that these types of attacks are performed with our customers’ user credentials that were exposed through unrelated cyber threat activity. To date, we do not believe this activity is caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product.”

This statement underscores the critical issue of credential exposure and the importance of maintaining a robust security posture. The breaches are primarily due to the lack of correct security posture in the customers’ Snowflake environments, rather than any inherent vulnerabilities within the Snowflake platform itself. This article will dive into the importance of SaaS security posture management (SSPM) and how it fits into the larger realm of SaaS governance - a very effective strategy to help organizations proactively protect against these threats.

Understanding the Threat Landscape

The recent breaches in Snowflake environments have highlighted a critical issue: the vulnerability of credentials. Miscreants have been able to gain unauthorized access by leveraging credentials stolen via malware. This type of malware is designed to extract sensitive information from users’ devices, including login credentials. Once obtained, these credentials can be sold or used to infiltrate corporate environments.

The extent of the unauthorized access is still being determined, but it underscores the importance of robust security measures. Organizations need to be proactive in identifying and mitigating these risks before they can be exploited by threat actors.

What is SSPM?

SSPM, or SaaS security posture management, is a comprehensive approach to managing and improving the security posture of SaaS applications. It involves continuous monitoring, assessment, and remediation of security configurations and practices to ensure that they align with best practices and regulatory requirements.(My colleague David Galiata does a nice job of explaining what SSPM is at a high level in this brief video.) For Snowflake SaaS, SSPM is essential in identifying misconfigurations and vulnerabilities that could be exploited by malicious actors.

The Role of SSPM in Snowflake SaaS Security

  1. Identifying Misconfigurations
  2. SSPM tools can continuously scan Snowflake environments to detect misconfigurations that could expose sensitive data. These tools provide real-time visibility into security settings, allowing organizations to identify and correct issues such as overly permissive access controls, weak encryption settings, and improper user roles.
  3. Proactive Threat Detection
  4. By leveraging SSPM, organizations can proactively detect suspicious activities and potential threats. Mature SSPM tools use advanced analytics and machine learning to identify anomalies and unusual behavior patterns that may indicate a security breach. This early detection is crucial in preventing unauthorized access and minimizing the impact of potential compromise.
  5. Centralized Identity Management Integration
  6. Integrating Snowflake with a centralized identity management platform is critical for maintaining robust security. This integration ensures that the user identities are managed consistently across all SaaS applications, reducing the risk of credential-based attacks. It also enables the implementation of strong authentication mechanisms, such as multi-factor authentication (MFA).

The Importance of Phishing-Resistant MFA

One of the key security measures that SSPM can enforce is the use of phish-resistant MFA. Traditional MFA methods, such as SMS-based authentication, are vulnerable to phishing attacks. Phishing-resistant MFA methods, such as hardware tokens or biometrics, provide a higher level of security by making it significantly more difficult for attackers to gain unauthorized access. Implementing phishing-resistant MFA is essential in protecting against credential theft and ensuring the integrity of user accounts.

SaaS Governance Program

A comprehensive SaaS governance program is crucial for managing SaaS consumption within an organization. Such a program encompasses various aspects of SaaS management,including discovering SaaS in use, vetting and performing deep analysis into inherited risks from SaaS providers, and ensuring SaaS environments are configured securely and in alignment with regulatory requirements.

  1. Discovering and Inventorying SaaS Applications
  2. Organizations often struggle with shadow IT, where employees use unauthorized SaaS applications without the knowledge of the IT department. Tooling can help discover and inventory all SaaS applications in use within the organization, providing a complete picture of the SaaS landscape. This visibility is essential for identifying potential security risks and ensuring that all applications are properly managed.
  3. Managing And Analyzing SaaS For Risks
  4. Before adopting any SaaS application, it is important to conduct a thorough risk assessment. This involves evaluating the application’s security features, compliance with industry standards, and potential vulnerabilities. In addition, organizations should be aware of a SaaS vendor’s complete pedigree, which includes (but is not limited to) SOC 2 reports, penetration tests, previous history of breaches, software bill of materials, etc.
  5. Ensuring SaaS Security With SSPM
  6. Ultimately, the goal of SSPM is to ensure that all SaaS applications are secure and compliant with organizational policies and industry regulations security compliance framework alignment (ISO 27001, NIST Frameworks, etc.). By continuously monitoring and managing the security posture of SaaS applications, SSPM helps organizations mitigate risks, prevent data breaches, and maintain the integrity of their cloud environments.

The recent wave of compromises in Snowflake environments highlights the critical need for robust SaaS security measures. SSPM provides a comprehensive approach to managing and improving the security posture of Snowflake SaaS, helping organizations identify misconfigurations, detect threats, and enforce strong authentication mechanisms. But overall, your organization will deeply benefit and gain value from a full SaaS governance program. A comprehensive SaaS governance program is essential for managing SaaS consumption and ensuring that all applications are secure and compliant. Discovering and inventorying SaaS applications, vetting them for risks, and ensuring continuous security through SSPM are all critical components of a robust SaaS security strategy.

In conclusion, SSPM is not just a best practice, but a necessity for organizations managing diverse SaaS environments. By proactively managing security configurations and continuously monitoring for threats, organizations can stay ahead of malicious actors and protect their sensitive data in the cloud.

Enhance Your SaaS Security with Aquia’s SaaS Governance Program

In today’s fast-paced digital environment, managing the security and efficiency of your SaaS applications is crucial. Aquia’s comprehensive SaaS governance program offers a robust solution to discover, manage, and secure your SaaS usage. By facilitating automatic discovery and inventory of all SaaS applications, vetting vendors for compliance, and continuously monitoring for misconfigurations and vulnerabilities, Aquia ensures your organization remains secure and compliant. Partner with Aquia to mitigate risks, optimize costs, and enhance operational efficiency. Discover more at Aquia SaaS Governance.

If you have any questions, or would like to discuss this topic in more detail, feel free to contact us and we would be happy to schedule some time to chat about how Aquia can help you and your organization.


SaaS Risk Management Compliance Security