Snowflake, a data warehousing company, recently experienced a major data breach in May. The breach exposed vulnerabilities in its systems. Snowflake has now taken action by making Multifactor Authentication (MFA) mandatory for all users.
Snowflake found that the compromised accounts in the breach did not have MFA enabled. To reduce future risks, Snowflake administrators can now require MFA for all users. This involves a three-step process: prompt, enforce, and monitor.
In the prompt phase, users logging into Snowflake’s web interface without MFA are prompted to enable it. They are guided through steps to set up this security feature. In the enforce phase, Snowflake’s updated Authentication Policies include an option to make MFA mandatory for all users.
Admins can choose if this applies to local users, single sign-on (SSO) users, or both.
Snowflake boosts security with MFA
In the monitor phase, the Trust Center Security Essentials scanner checks accounts for MFA and network policy compliance.
This feature is included in all Snowflake editions and is active by default. The Trust Center CIS Benchmarks scanner package provides additional tools to ensure Snowflake accounts are configured securely according to industry standards. Snowflake plans to continue enhancing security by adding features to the Trust Center to improve threat detection on its platform.
Credential theft is still a major security issue, despite various measures developed over the years to combat it. The 2023 Verizon report found that 74% of data breaches involve a human component. MFA is one of the most effective ways to prevent credential theft, making Snowflake’s decision to enforce it a good step.
However, this raises the question of why mandatory MFA isn’t a standard security measure for all organizations with online accounts. It is a relatively simple and inexpensive solution that provides strong protection against a common cybersecurity threat. Snowflake’s proactive approach to cybersecurity, especially introducing mandatory MFA, sets an important example for the industry.
As cyber threats continue to evolve, such measures are essential to protect sensitive data and maintain user trust.
