Snowflake is a fully managed SaaS that provides a single platform for data warehousing, data lakes, data engineering, data science, data application development, and secure sharing and consumption of real-time / shared data. Snowflake features out-of-the-box features like separation of storage and compute, on-the-fly scalable compute, encryption, data sharing, data backups, data cloning, etc.
Why Snowflake to Vanta integration?
- Admins can see who has access to Snowflake on the Access page and satisfy controls around access management. Also, Vanta will remind you to remove access when an employee leaves your company.
- Admins can see all the databases on the Inventory page and centralize the asset management in Vanta which is critical for security and compliance program.
Connecting Snowflake & Vanta
- To add a Snowflake account to Vanta, you will need to navigate to the Connections page, scroll to the Data warehouse providers section and click "Connect", and select Snowflake in the dropdown:
- After clicking Connect Snowflake, you will be prompted to enter Account URL and Default Warehouse name.
- Account URL is the Account URL value available on the Organization page in Snowflake.
- Default warehouse is the name of any warehouse available on the Warehouse page in Snowflake.
- After clicking Connect Snowflake you will be prompted to copy a snippet, paste it on a new Worksheet page in Snowflake and run that query.
- Upon successful query execution in Snowflake, click “Activate Connection” on this page. This should complete the setup flow in Vanta.
- Once the connection is complete, you can click on the ... to configure the scope of data bases you want to pull into Vanta. Ex: if you mark staging resources out of scope and it wouldn't show up in Vanta on the inventory page
- Upon successful connection, verify access, inventory, and test pages.
You can view all the users who have access to Snowflake on the Access Page and a list of all databases on the Inventory Page in Vanta.
You can view all the databases on the Inventory Page
On the test page, you can see the following tests
- Snowflake accounts associated with users
- MFA on Snowflake
- Snowflake accounts de-provisioned when employees leave
We didn’t write tests for the following configs as they are set out-of-the-box in Snowflake without the ability to turn them off.
- Data is encrypted at rest or in-transit
- Backups are enabled
- Snowflake implements this via Timetravel. The default is 1 Day.
- Storage autoscaling is on
- Compute autoscaling is on
- Can we connect multiple accounts or an entire Organization with Snowflake?