Post-Breach Bug Fixes: Snowflake Adds Mandatory MFA

As SC Media UK reports, Snowflake users will be encouraged to enable multi-factor authentication (MFA) in new product features. Snowflake provides cloud-based data storage, management and analytics to a wide range of enterprise organizations – an increasingly important capability in the AI era.

The security measures follow a notable attack on Snowflake this summer, in which the data of 165 customers was leaked as part of an extortion campaign. Because Snowflake is a data services provider, the attack had far-reaching implications for other organizations.

The update was announced by CISO Brad Jones in a post this week and will see users prompted to enable MFA and walked through the configuration steps. “This dialog can be closed, but will reappear in three days if MFA has not been configured for the user,” Jones said in the post.

The updates are designed to help users better protect their accounts and data, and encourage users who aren’t using security best practices to adopt them. This will allow administrators to enforce security by default and provide visibility into security policy compliance – for example, knowing which users don’t have MFA configured.

Jones also said that a future release will introduce “a new user object type that will help exclude service users from MFA policies at scale.”

Read the whole story here.

Related Posts

City council could see updated forecasts for planned police station in July

Former Boulder swimming coach convicted of sexual abuse

UN calls on companies to make progress on women’s sexual health