Encryption of data in transit on the Snowflake platform

1
votes

Is data encrypted while in transit on the Snowflake plaform? It's clear that via Snowflake End to End Encryption that data at rest is encrypted, but what about data on the move?

For example when data is being transferred from remote Snowflake disk (long term storage) to local cache (SSDs on compute nodes) - does the data remain encrypted during that transfer?

Another example would be when adding results sets to the Snowflake results cache (available to all Virtual Warehouses) - is the data encrypted while being added to the results cache?

Thanks.

3
encryptionsnowflake-cloud-data-platform

3 Answers

1
votes

All editions (Standard/Enterprise/Business Critical/VPS) of Snowflake uses AES256 encryption for data at rest and data in flight. No matter where the data is if it is inside the Snowflake scope, it is encrypted.

The data in the internal stage is encrypted with AES 128. Data in the external stage can also be decrypted but for that storage provider encryption key is needed, else it is not encrypted.

Even SnowPipe communication (when data is moving via SnowaPipe) is encrypted.

Snowflake also has Penetration Testing on a regular basis and if you have NDA signed with your company, you can fetch additional details

  1. SF performs 7-10 penetration testing per year
  2. Application Penetration Test
  3. Network Penetration Test
  4. Functional Penetration Test
  5. All logs and findings are tracked to closure
  6. Test results are available with a customer under NDA

As you can see the image below diagram, all stored data is encrypted and data over the network is also supported as follows

  1. All communication over the internet is via HTTPS.
  2. All communication is secure and encrypted via TLS 1.2 or higher enter image description here

The higher edition of Snowflake also uses hierarchical key model for business-critical applications. enter image description here enter image description here

0
votes

I believe this article covers the scenarios that you are asking about, specifically the results cache question. Everything within the Snowflake infrastructure is encrypted...(all the data, all the time): https://resources.snowflake.com/snowflake/automatic-encryption-of-data

0
votes

Yes, the data is encrypted in transit. Snowflake works on the concept of END-TO-END ENCRYPTION where only the end-users view the data and nobody else would be able to view the data.

For example when data is being transferred from remote Snowflake disk (long term storage) to local cache (SSDs on compute nodes) - does the data remain encrypted during that transfer?

Yes, the data remains encrypted while in the transfer and the same is applicable when using result_cache as well.

Ref : https://www.snowflake.com/blog/end-to-end-encryption-in-the-snowflake-data-warehouse/