New Snowflake security policies mean admins can now enforce mandatory MFA

The Snowflake logo displayed on their pavilion at the Mobile World Congress 2024 in Barcelona, Spain, on February 28, 2024.
(Image credit: Getty Images)

Snowflake has announced it will allow admins to enforce multi-factor authentication (MFA) for all users in the wake of the disastrous data breach in May. 

In an advisory to customers, Snowflake CISO Brad Jones said MFA will now be enabled by default for new accounts, and the new security policy will give admins the power to impose mandatory MFA practices.

The changes will also include new prompts for users on the Snowsight platform to enable MFA in a bid to drive adoption, Jones said.

“We’re taking steps to promote individual compliance for Snowflake users,” he said. “Starting today, when users without MFA log on to Snowsight, they will be prompted to enable MFA and guided through the configuration steps”.

This prompt can be dismissed, Jones noted, but will reappear within three days if MFA still hasn’t been configured.

Alongside the new policies, Jones confirmed the general availability of the Snowflake Trust Center Security Essentials scanner package. This, he said, will help “mitigate credential theft issues” by confirming whether MFA compliance is being adhered to.

This will also be enabled by default and will be made available to customers free of charge across all Snowflake editions.

“In addition to checks provided by the Security Essentials scanner package, we are also happy to announce general availability of the Trust Center CIS Benchmarks scanner package, which contains more scanners that evaluate your account against the CIS Snowflake Foundations Benchmark,” Jones added.

“These scanners, for example, can detect overprivileged entities, stale users who have not logged in for the past 90 days, ACCOUNTADMIN grants and more.

“We will continue adding features to the Trust Center to help Snowflake customers better detect threats and attacks against their accounts. We will share more details in upcoming months.”

Snowflake isn’t taking any chances

The update from Snowflake follows a lengthy investigation into a highly disruptive breach in May which saw more than 100 customers impacted globally. 

Snowflake first discovered unauthorized access to user accounts in late May. This allowed threat actors to access demo accounts and customer environments. Several major organizations, including Ticketmaster and Santander, were affected by the breach.

The incident sparked a major war of words between Snowflake and industry stakeholders, with Jones specifically highlighting that the attack targeted users with single-factor authentication on their production environments.

Javvad Malik, lead security awareness advocate at KnowBe4, said the changes are a positive response from the company that will bolster customer security.

RELATED WHITEPAPER

“It’s good to hear that Snowflake is enabling MFA by default. From an account protection perspective, MFA is probably one of the single most effective controls to have in place,” he said.

“Given all the attacks against accounts, including credential stuffing - more organizations should enable MFA by default.”

Malik noted, however, that MFA can only go so far. With threat actors employing increasingly sophisticated social engineering techniques, there is still room for the exploitation of individuals.

“Simply implementing a control like MFA is sometimes not enough. Social engineering can still bypass the best of controls,” he said.

“Therefore, a strong security culture needs to be created whereby people understand the importance of MFA and how to ensure they are using it correctly. Only through a unified approach of people, processes, and technology can we build organizations which are resilient to attacks."

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.