Encryption of data in transit on the Snowflake platform

Question

Is data encrypted while in transit on the Snowflake plaform? It\'s clear that via Snowflake End to End Encryption that data at rest is encrypted, but what about data on the move

Answer 1

All editions (Standard/Enterprise/Business Critical/VPS) of Snowflake uses AES256 encryption for data at rest and data in flight. No matter where the data is if it is inside the Snowflake scope, it is encrypted.

The data in the internal stage is encrypted with AES 128. Data in the external stage can also be decrypted but for that storage provider encryption key is needed, else it is not encrypted.

Even SnowPipe communication (when data is moving via SnowaPipe) is encrypted.

Snowflake also has Penetration Testing on a regular basis and if you have NDA signed with your company, you can fetch additional details

1. SF performs 7-10 penetration testing per year
2. Application Penetration Test
3. Network Penetration Test
4. Functional Penetration Test
5. All logs and findings are tracked to closure
6. Test results are available with a customer under NDA

As you can see the image below diagram, all stored data is encrypted and data over the network is also supported as follows

1. All communication over the internet is via HTTPS.
2. All communication is secure and encrypted via TLS 1.2 or higher

The higher edition of Snowflake also uses hierarchical key model for business-critical applications.