“When it comes to customer data, we offer a flat guarantee to our customers: customer data is customer data. We never use that data for training any model ourselves. All of our customers can rest assured that their data, and any AI products they build on top of it, will only be used to answer questions for them,” Snowflake CEO Sridhar Ramaswamy told indianexpress.com.
At the latest edition of Snowflake Summit, Ramaswamy highlighted the company’s unswerving commitment to data security and responsible AI implementation. The CEO spoke about the comprehensive measures the company is undertaking to protect customer data while enabling innovative AI capabilities.
Addressing the concerns about AI companies and their data usage practices, Ramaswamy said, “We’ve built mechanisms that surface security data and alerts to our customers, including visibility into how many of their accounts are not protected with strong authentication. We take these lessons seriously and are dedicated to actively collaborating with our customers to ensure the security of their data.
The AI data cloud company has, over time, strengthened its security posture, implementing what it describes as a ‘shared destiny’ model that places greater responsibility on Snowflake to proactively protect customers rather than relying solely on traditional shared responsibility frameworks. Integral to Snowflake’s enhanced security strategy is the mandatory implementation of two-factor authentication across all accounts.
“We announced that we want to make it mandatory for every account to have two-factor authentication,” Ramaswamy explained, adding that the company has also integrated modern authentication methods such as Face ID and other biometric technologies.
Brad Jones, Snowflake’s chief information security officer and vice president of information security, elaborated on the company’s aggressive stance on eliminating single-factor authentication entirely. “We ultimately believe to be the most secure, we have to take away some of those legacy authentication methods from our customers to really get to that best posture for them.”
The security improvements extend beyond basic authentication. Snowflake has introduced passwordless authentication options, including passkeys, programmatic access tokens, and support for various authenticators like Google Authenticator, moving away from its traditional reliance on Duo for multi-factor authentication.
Story continues below this ad
Jones shared that Snowflake has implemented the ‘leak password protection’ – a system that actively monitors the dark web for compromised credentials associated with Snowflake accounts. “We’re looking in the dark web for credentials, usernames and passwords that have been leaked out there through various means like info-stealing malware or other methods, and we’re validating if those are active credentials that are active in a Snowflake account. We will go as far as locking that account and really asking questions later,” Jones explained.
AI and security
Over the years, AI has become integral to Snowflake’s platform offerings. Considering the meteoric pace of advancements in AI, Snowflake has established comprehensive governance frameworks to ensure responsible deployment. Jones informed that the company recently achieved ISO 42001 certification, an AI governance standard.
“We recently got the ISO 42001 certification, which is the AI governance certification based on the ISO standard that came out. I believe we’re one of the first cloud companies, if not the first kind of cloud company, to get that,” Jones noted, explaining that this required developing standard policies and processes for appropriate AI use.
Snowflake’s approach to AI security uses its unified platform architecture, ensuring that existing data governance and security controls automatically extend to AI workloads. “Because we are a single, unified platform, all of the rules that you have, whether it is for data access or data masking, work out of the box with the AI products that you create on top,” Ramaswamy explained.
Story continues below this ad
“Of course, AI brings challenges like prompt injection and adversarial input. To counter that, we offer features like Cortex Guardrails to protect against malicious prompts and ensure responsible behaviour,” the CEO added.
Addressing evolving threat landscape
Snowflake acknowledges that for cybersecurity AI presents both opportunities and challenges. “AI, everyone sees it as a double-edged sword, right? Any company that doesn’t lean into it and adopt it is going to be left behind, but you have to put strong guardrails and guidelines in place,” Jones noted.
To address AI-enhanced threats, Snowflake employs comprehensive red team testing and maintains robust detection capabilities. “I don’t believe there are any new, novel attacks that are taking place as a result of AI. It’s the same things, but better and faster. So that’s incumbent then on security teams to be able to react quicker,” Jones said.
The company continues to invest in advanced security capabilities, including machine learning models for detecting suspicious behaviour and enhanced visibility tools through its Trust Centre platform. “We’re never going to stop in this area; as we find things that are going to be useful for our customers that we can use internally to help them or provide directly to them, we will continue to innovate,” Jones concluded.
