Always-On Data Warehouse Security

Snowflake built security into the foundations of our data warehouse service, not as an add-on or afterthought. Snowflake has been designed to deliver end-to-end security. We follow best-in-class, standards-based practices for the controls and processes that secure our service, removing the complexity and burden from customers.

Industrial-Strength Database Security


Snowflake provides the protection required of an enterprise-class data warehouse.

  • Fine-grained role-based access control for data and actions.
  • Always-on encryption of data stored in Snowflake.
  • Automatic data protection against accidental or intentional destruction.

These are all data security capabilities that other recent entries, such as Hadoop, simply don’t have.

Deployed Securely in the Cloud

Snowflake ensures security of deployment and operation in the cloud. Snowflake is deployed in Amazon Web Services’s highly secure data centers using a Virtual Private Cloud. Individual hosts are protected by firewalls configured with the most stringent firewall rules. All communication with the Snowflake service is protected at the network level using industrial strength secure protocols.


And that’s just the beginning: because we designed Snowflake from the ground up, we continue to adapt as new data security threats emerge, designing and deploying new counter-measures quickly and efficiently, without the obstacle of legacy functionality and architecture.

Certified and Validated


As part of our overall security program, Snowflake leverages established best practices for security controls. Snowflake works with AICPA-certified third party auditors to maintain security compliance and attestations including SOC 2, Type II.

Snowflake is also HIPAA Compliant ready, having in place the processes and controls required by the U.S. Health Insurance Portability and Accountability Act (HIPAA).

Learn more about our approach to security in our security whitepaper.

Request a Trial