Page 137 - Cyber Defense eMagazine August 2024
P. 137
service, ideal for digital transformation initiatives. That ease of use has resulted in the aggregation of vast
amounts of sensitive data from multiple sources. Inevitably, these data stores attract cyber adversaries
because that data is ideal for identity theft, ransomware, social engineering, and other malicious activities.
Beyond the data held in Snowflake databases, it also offers extensive data integration capabilities that
make it easy to move data into and out of the cloud data platform. Snowflake also offers dozens of data
integration tools and technologies (Amazon Data Firehose, Google Cloud, Informatica, Apache Kafka,
and SAP to name just a few). Its ecosystem of technology partners delivers connectors that make it
simple to integrate with popular applications, databases, and cloud platforms. This ecosystem is easy to
use, but also increases the potential attack surface for malicious actors. Snowflake is also part of a larger
IT stack. As such, it may not always get security team attention. In addition, attackers may target
vulnerabilities in other parts of the IT stack to gain access to the troves of data Snowflake holds.
Modern Enterprises Are Data Dumping Grounds
As data continues to grow, organizations seek to find ways to use it, and Snowflake is integral to this use.
Data pipelines automate many of the steps organizations had to take manually to transform and optimize
those continuous data loads. The pipelines make it easy to move, analyze, use, and store data for future
use; all of this is vital for business growth. However, data pipelines become, in effect, business-
sanctioned Trojan horses. Lines of business use those pipelines to move customer data to warehouses
for analysis without understanding how they may have created new attack paths for adversaries.
Data warehouses are also collaborative; businesses grant wide access to their employees to analyze
and use that data, further increasing the data attack surface because it’s so easy to move, copy, and
share. Unfortunately, most employees often do not have the same security awareness training or
accountability as a database administrator. Nevertheless, their accounts have access to massive
amounts of sensitive data. What organizations must understand is that, fundamentally, data itself has no
rules unless your organization puts protections in place to secure that data as it grows, moves, and
changes.
Reduce the Data Risk Surface
Attackers have already shown that they can access sensitive data using Snowflake accounts; in
response, organizations must now act to reduce the data risk surface. They can do this in a few key
ways: by minimizing data access, eliminating stale data, and hardening the data they have.
• Minimizing data access is critical when organizations have opened up data warehouses to allow
multiple lines of business easy access to data. Security teams need to assess identity access to
ensure that they are only granting users the minimum level of access required to perform their
jobs, adopting the principle of least privilege. If a user’s account is compromised, the attacker will
only have access to a small subset of the data.
Cyber Defense eMagazine – August 2024 Edition 137
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
