Adrian Johnson
TLDR:
- Snowflake faced a wave of attacks on its customers, but insists that security responsibility lies with the customers, not the company.
- CEO Sridhar Ramaswamy emphasized that Snowflake was not directly breached, and customers are responsible for securing access credentials.
After a wave of attacks hit over 100 Snowflake customer environments, Snowflake CEO Sridhar Ramaswamy reiterated that the company was not breached and the security responsibility lies with the customers. Snowflake’s CFO, Michael Scarpelli, stated that the attacks had no impact on the company’s financial performance during the quarter. Despite the attacks, Snowflake’s revenue increased by 29% year over year. Snowflake recently implemented a new policy in July to allow administrators to require multifactor authentication (MFA) for all users or specific roles, but MFA remains optional for existing customers. The company has commitment to secure-by-design principles and maintains a shared responsibility model with customers, where customers are responsible for securing their own access credentials. The attacks on Snowflake customers underscore the challenges that technology vendors face in enforcing security measures and the importance of actively engaging in the cybersecurity conversation with customers. Snowflake remains focused on working closely with impacted customers to address security vulnerabilities and prevent future attacks.
