Encryption of data in transit on the Snowflake platform

前端 未结 3 988
甜味超标
甜味超标 2021-01-23 10:11

Is data encrypted while in transit on the Snowflake plaform? It\'s clear that via Snowflake End to End Encryption that data at rest is encrypted, but what about data on the move

相关标签:
3条回答
  • 2021-01-23 10:49

    I believe this article covers the scenarios that you are asking about, specifically the results cache question. Everything within the Snowflake infrastructure is encrypted...(all the data, all the time): https://resources.snowflake.com/snowflake/automatic-encryption-of-data

    0 讨论(0)
  • 2021-01-23 10:54

    All editions (Standard/Enterprise/Business Critical/VPS) of Snowflake uses AES256 encryption for data at rest and data in flight. No matter where the data is if it is inside the Snowflake scope, it is encrypted.

    The data in the internal stage is encrypted with AES 128. Data in the external stage can also be decrypted but for that storage provider encryption key is needed, else it is not encrypted.

    Even SnowPipe communication (when data is moving via SnowaPipe) is encrypted.

    Snowflake also has Penetration Testing on a regular basis and if you have NDA signed with your company, you can fetch additional details

    1. SF performs 7-10 penetration testing per year
    2. Application Penetration Test
    3. Network Penetration Test
    4. Functional Penetration Test
    5. All logs and findings are tracked to closure
    6. Test results are available with a customer under NDA

    As you can see the image below diagram, all stored data is encrypted and data over the network is also supported as follows

    1. All communication over the internet is via HTTPS.
    2. All communication is secure and encrypted via TLS 1.2 or higher

    The higher edition of Snowflake also uses hierarchical key model for business-critical applications.

    0 讨论(0)
  • 2021-01-23 11:12

    Yes, the data is encrypted in transit. Snowflake works on the concept of END-TO-END ENCRYPTION where only the end-users view the data and nobody else would be able to view the data.

    For example when data is being transferred from remote Snowflake disk (long term storage) to local cache (SSDs on compute nodes) - does the data remain encrypted during that transfer?

    Yes, the data remains encrypted while in the transfer and the same is applicable when using result_cache as well.

    Ref : https://www.snowflake.com/blog/end-to-end-encryption-in-the-snowflake-data-warehouse/

    0 讨论(0)
提交回复
热议问题