<- Back to Insights
June 17, 2024
Snowflake-linked attacks are testing the cloud’s shared responsibility status quo
Cybersecurity Dive
|
Contributed by: Drex DeFord
Summary
A recent series of attacks targeting databases of over 100 Snowflake customers has highlighted issues surrounding cloud security responsibilities, particularly the use of multifactor authentication (MFA). Snowflake attributed the breaches to customers' failure to implement MFA and manage credentials properly, noting that MFA is not enforced by default. This incident underscores the importance of incorporating secure-by-design principles, as advocated by the Cybersecurity and Infrastructure Security Agency (CISA). Snowflake's current MFA solution is limited and does not allow administrators to enforce it for specific roles. With increasing pressure, Snowflake plans to require advanced security controls but has yet to provide detailed measures. Experts argue that while customers share responsibility in securing their data, MFA should be a baseline security measure to prevent such attacks.
Explore Related Topics