Why  Did  Snowflake  Have  a  Target  on  It?  Handling  Data


            Warehouse Security Risks


            By Kapil Raina, VP of Marketing, Bedrock Security


            In early June, the Ticketmaster breach brought widespread attention to the fact that Snowflake accounts
            did not require multi-factor authentication (MFA) and some were compromised as a result. If only it were
            that  simple.  While  MFA  is  an  excellent  compensating  control,  it  alone  is  not  sufficient  to  stop  data
            breaches.  Adversaries  have no  governing  rules  and can leverage  several  other  techniques  to  bypass
            compensating controls, including MFA. For example, MFA doesn’t work for non-human identities (that is,
            service accounts), which can make up 20% or more of a typical organization's  credentials. It isn’t just a
            question of whether MFA should have been enabled — MFA isn’t enough. The question we really need
            to ask is, why are adversaries targeting systems like Snowflake and how can we harden these data-rich
            environments more effectively?



            Why Snowflake? Understanding the Target

            Snowflake is a data-rich environment holding an organization’s structured and semi-structured data sets
            for data storage, analysis, and processing. Many organizations use Snowflake because it’s faster, more
            flexible, and easier to use than other database  offerings. It’s designed  for the cloud as a self-managed




            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          136
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.