Snowflake allows admins to enforce MFA as breach investigations conclude
Cybersecurity Dive
|
Contributed by: Drex DeFord
Summary
Snowflake has implemented a new security policy requiring multifactor authentication (MFA) for all users or specific roles within its platform, following a series of attacks targeting over 100 customer environments lacking this security measure. MFA will now be the default setting for newly created customer accounts, as stated by CISO Brad Jones. The decision comes after an investigation by CrowdStrike and Mandiant confirmed no vulnerabilities in Snowflake's platform led to the incidents. These breaches involved demo accounts accessed with stolen credentials from a former employee. While existing customer accounts can opt-out of MFA, Snowflake is encouraging adoption through frequent prompts and introducing the Snowflake Trust Center and security scanners to enhance overall compliance and mitigate risks.
