Integrating Vanta & Snowflake

  • Updated
Snowflake is a fully managed SaaS that provides a single platform for data warehousing, data lakes, data engineering, data science, data application development, and secure sharing and consumption of real-time / shared data. Snowflake features out-of-the-box features like separation of storage and compute, on-the-fly scalable compute, encryption, data sharing, data backups, data cloning, etc. 
 

Why Snowflake to Vanta integration?

  • Admins can see who has access to Snowflake on the Access page and satisfy controls around access management. Also, Vanta will remind you to remove access when an employee leaves your company.
  • Admins can see all the databases on the Inventory page and centralize the asset management in Vanta which is critical for the security and compliance program.

Connecting Snowflake & Vanta

  • To add a Snowflake account to Vanta, you will need to navigate to the Integrations page, select the Available tab and click Connect for Snowflake:
ConnectSnowflake.png
  • After clicking Connect Snowflake, you will be prompted to enter Account URL and Default Warehouse name.
  • Account URL is the Account URL value available on the Organization page in Snowflake.
    • Default warehouse is the name of any warehouse available on the Warehouse page in Snowflake. 
    • You will only need to add 1 default Warehouse to Vanta. Vanta will then be able to pull in any relevant Databases and Users from that instance.
 
image.png
 

  • After clicking Connect Snowflake you will be prompted to copy a snippet. Paste it on a new worksheet in Snowflake, highlight it all and run the query.
  • Upon successful query execution in Snowflake, click “Activate Connection” on this page in Vanta. This should complete the setup flow.
  • Once the connection is complete, you can click on Configure Scope to configure the scope of databases you want to pull into Vanta. Ex: if you mark staging resources out of scope and it wouldn't show up in Vanta on the inventory page:
 

SnowflakeConfigScope.png

  • Upon successful connection, verify access, inventory, and test pages.

Access Page

You can view all the users who have access to Snowflake on the Access Page and a list of all databases on the Inventory Page in Vanta.
 

Inventory Page

You can view all the databases on the Inventory Page here:

SnowflakeInventory.png

 
 

Tests page

On the tests page, you can see the following tests
  • Snowflake accounts associated with users
  • MFA on Snowflake
  • Snowflake accounts are de-provisioned when employees leave
We didn’t write tests for the following configs as they are set out-of-the-box in Snowflake without the ability to turn them off.
  • Data is encrypted at rest or in transit
  • Backups are enabled
    • Snowflake implements this via Timetravel. The default is 1 Day.
  • Storage autoscaling is on
  • Compute autoscaling is on

Can we connect multiple Snowflake accounts?

    • Yes, you can add additional accounts by selecting Manage>Edit for the integration and selecting Add Warehouse:

AddadditionalSnowflake.png