Eliminate Security Blindspots in Your Snowflake Data

Gautam Kanaparthi
March 28, 2023

If your company relies on the cloud, it’s likely your data has moved into one or more cloud data platforms. The leader in this space is Snowflake. About 8,000 customers use the Snowflake Data Platform, including more than 50% of the Fortune 500 and over 25% of the Global 2000. Many Normalyze customers use Snowflake, so it’s useful to describe how our solution helps Snowflake users eliminate security blindspots. But before addressing “how,” let’s understand why cloud data platforms might not be secure.


Why aren’t native cloud platform security controls enough?

The short answer is lack of visibility and control. With on-premises storage, data security teams have full visibility into 

  1. what data stores are being created 
  2. which applications interact with the data
  3. security posture of data and full control over it

A data warehouse, for example, has a variety of controls in place to ensure appropriate access governance, enforce least privilege, and manage the security posture of these data stores. 

When an organization migrates on-premises data to a data platform like Snowflake, security teams lose visibility and control they had on-premises. A basic understanding of whether the cloud-resident data is sensitive and if it’s protected by encryption or other controls is lost. As one CISO quipped during a security assessment call, “Cloud data is now a black box for my team.”


How Normalyze Provides Visibility and Control for Cloud Data

Normalyze automatically implements the five Data Security Posture Management principles for cloud environments. The following capabilities will be of special interest to Snowflake users. 

Discover and catalog all sensitive data 

Automated discovery is a huge benefit for protecting cloud data stores. Normalyze automatically discovers all databases, schemas, tables, and columns in your Snowflake environment. With Normalyze’s one-pass data scanner, customers can now classify all the data within their Snowflake environment. Hundreds of classes of data, including custom data classes are supported by the Normalyze single pass scanner – critical for classifying sensitive data stored in  Snowflake. 

Privacy-preserving scan architecture 

Our privacy scanning architecture is a key ingredient for compliance with privacy laws. Unlike other solutions, Normalyze does not require you to transfer all your data to a third party in order to secure your environment. Normalyze scanners are designed to run in your own cloud environments. So, data never leaves the customer-owned environment, which avoids triggering any privacy or compliance violations. Nice! 

Data Access Graph  

Security teams dread painfully weeding through long lists of information and potential vulnerabilities. Normalyze solves this with automation and visualization.

The Normalyze Cloud Platform continuously monitors and analyzes all users, their roles, privileges granted by these roles to give security teams a clear view of the resulting access grants and privileges available for various users across the cloud data assets. 

Normalyze automatically correlates this vast operational data, visualizes the path from a user to a piece of sensitive data, and shows the intermediate roles that enable this access. This granular insight helps security teams tweak the access policies to identify exactly which role needs to be modified to right-size the access rights for over-privileged users.

Using the Normalyze QueryBuilder, analysts can also quickly build ad hoc queries – without having to learn a new query language – and identify users/roles of interest, such as roles providing access to sensitive data and users who are able to assume too many roles.



Continuous monitoring and risk detection 

Vulnerability management is another key benefit of Normalyze. The Normalyze Cloud Platform detects data breach risks including potential data exfiltration and insider threats across your Snowflake environment. With an extensive set of pre-built risk signatures, Normalyze continuously monitors your Snowflake environment’s query-level activity to identify when unusual activity (e.g. queries with an abnormally large resultset) occurs. These events then triggers alerts for security team investigation. 

In addition to risk detection, Normalyze can also alert on designated activities of interest, such as discovery of a new table with sensitive data, changes in access privileges to a data store with sensitive data, and so forth. As always, teams can create automation rules to trigger a notification via email, Slack, Teams, or ticketing via an ITOps system such as JIRA. 



For Snowflake users, Normalyze’s ability to automatically discover and classify all sensitive data, correlate who should and should not be able to access that data, graphically display potential attack paths, and feed critical alerts into existing workflows will put your security teams back in the driver’s seat of security your organization’s Snowflake-resident sensitive data.

Gautam Kanaparthi

Gautam is the Head of Product at Normalyze. He is passionate about building and scaling market-changing cybersecurity products. At Netskope, Gautam built multiple products from the ground up to help the company address new customer problems, including Nextgen Secure Web Gateway, Advanced Analytics, and Malware Scanning. Before Netskope, he was the principal product manager for Symantec Endpoint Security.