BSides Toronto 2020

Securing your Snowflake Cloud Data Warehouse
2020-10-17, 16:20–17:00, Twitch

In this session I will go through the security controls in snowflake as well as some of their limitations, along with hands-on walk-throughs of the permission structure of snowflake and how to set up column and row based access controls from within Snowflake. I will also discuss setting up monitoring of authentication and authorization for snowflake with a few useful tips.


Snowflake DB is an awesome Cloud Data Warehouse, used by a large number of organizations. However, even when your data warehouse comes "as a service", you need to configure it properly in terms of security, and understand its limitations. I will focus mainly on 3 topics which I find the most important:

  1. How to set up network access policies for Snowflake.
  2. How to set up data access controls for Snowflake.
  3. Where the logs and other metadata is, what you can find there, and how it can help you secure your Snowflake.

For each section I will also discuss the limitations.

Ben is an experienced hacker & developer, with years of experience in endpoint security, behavioral analytics, application security and data security. Ben filled roles such as the CTO of Cynet, as well as leading the threat research group at Imperva. Ben is now leading research in building secure data access for data warehouses and data lakes as part of Satori.