* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Data Security](https://www2.paloaltonetworks.com/blog/category/data-security/)
* Is Your Snowflake Data at...

# Is Your Snowflake Data at Risk? Find and Protect Sensitive Data with DSPM

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprotect-sensitive-data-dspm-snowflake%2F)  
[](https://twitter.com/share?text=Is+Your+Snowflake+Data+at+Risk%3F+Find+and+Protect+Sensitive+Data+with+DSPM&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprotect-sensitive-data-dspm-snowflake%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprotect-sensitive-data-dspm-snowflake%2F&title=Is+Your+Snowflake+Data+at+Risk%3F+Find+and+Protect+Sensitive+Data+with+DSPM&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/protect-sensitive-data-dspm-snowflake/&ts=markdown)  
\[\](mailto:?subject=Is Your Snowflake Data at Risk? Find and Protect Sensitive Data with DSPM)  
Link copied  
By [Sharon Farber](https://www.paloaltonetworks.com/blog/author/sharon-farber/?ts=markdown "Posts by Sharon Farber")  
Nov 21, 2025  
7 minutes  
[Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown)  
[Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

Organizations have increased scrutiny of their data managed in third-party applications. A spate of reported security incidents has highlighted the need for effective monitoring of sensitive data stored, accessed or processed by SaaS tools. Snowflake, a hugely popular tool that has been the target of multiple attacks recently, is at the center of many of these discussions.

Details of attacks against Snowflake are still somewhat murky, but several organizations seem to have been impacted, including Ticketmaster and Santander Bank. Advance Auto Parts has also revealed that [2.3 million individuals were impacted](https://www.bleepingcomputer.com/news/security/advance-auto-parts-data-breach-impacts-23-million-people/) by a previous breach related to data stored in Snowflake. According to research by Mandiant, [attackers stole credentials through the use of infostealer malware](https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion). [Snowflake responded](https://www.snowflake.com/en/blog/snowflake-admins-enforce-mandatory-mfa/?_ga=2.10793524.1090316749.1720480424-2059932854.1719941556&_fsi=ss6AhxZS) by hardening its MFA enforcement capabilities.

In this article, we will look at how organizations use Snowflake and the related risks that can arise regarding sensitive data. We will then explain how effective [data security posture management (DSPM)](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm) can help organizations gain visibility into Snowflake data and apply relevant mitigations.

## How Snowflake Is Used Today

Snowflake is a cloud data warehouse. The platform has become popular among business and data teams, as it's easy to deploy, easy to manage (with built-in features such as auto-scaling), and provides high performance when querying structured or semistructured data with SQL.

Snowflake can be deployed on AWS, Azure or Google Cloud. That said, it can't be deployed within the customer's cloud account on any of these platforms. Instead, Snowflake instances sit in their own cloud account, and the physical infrastructure is always managed by the data warehouse. Customers will often deploy Snowflake alongside other databases and data lakes as well as use it for OLAP workloads -- analytics, dashboarding and machine learning.

In many cases, the data in Snowflake will be a copy or subset of the data found in the organization's transactional databases, cloud storage and SaaS applications. The data can be ingested into Snowflake via batch or stream, using either Snowflake-provided tools such as Snowpipe or third-party services such as Fivetran. The [external table](https://docs.snowflake.com/en/user-guide/tables-external-intro) feature also allows Snowflake to read directly from, but not write into, the customer's cloud storage (Amazon S3, Azure Blob or Google Cloud Storage).

## What Are the Security Considerations When Working with Sensitive Data in Snowflake?

While Snowflake offers strong out-of-the-box security features, risks arise when sensitive data is handled by a third-party provider and continuously moved between environments and storage locations.

### 1. Data Stored Outside the Customer's Cloud Account

Snowflake operates as a separate SaaS platform, meaning that sensitive data is stored and processed outside the customer's public cloud deployment (e.g., Amazon Virtual Private Cloud). This can lead to security complications such as:

* **Visibility**: It may be difficult to maintain an up-to-date view of where all sensitive data resides.
* **Compliance**: Some regulations require data to be stored in a specific locality or control measures that may be harder to demonstrate with a third-party SaaS solution.
* **Unified security policies**: Applying consistent security controls across all data assets becomes more complex when they span multiple environments.

### 2. Access Control

Since Snowflake is often used for analytics, the data it stores will be shared with a broad range of consumers and tools. This is a feature rather than a bug -- ubiquitous access to data is part of the vision of data democratization and is generally a desired outcome for companies that adopt modern data tooling.

But overly broad permissions can lead to trouble, especially if relevant controls aren't implemented. According to reports, attackers against Snowflake previously [targeted organizations with weak multifactor authentication (MFA) policies](https://www.darkreading.com/threat-intelligence/snowflake-account-attacks-driven-by-exposed-legitimate-credentials). Practically speaking, these issues are more prevalent, since Snowflake deployments are often managed by nontechnical or semi-technical teams, creating heightened risk for misconfigurations.

### 3. Data Exfiltration

Once sensitive data is moved into Snowflake, it can be moved out of Snowflake. The risks here are similar to those of other web-accessible, highly interconnected SaaS applications, such as:

* **Bulk data exports**: Users with appropriate permissions can export large datasets, potentially leading to accidental or intentional data breaches.
* **Integration with external tools**: Snowflake's ability to connect with various BI and analytics tools may create additional avenues for data to leave the platform if not properly secured.
* **Lack of DLP controls** : Since Snowflake is provided as a managed infrastructure, organizations can't install their own [DLP](https://www.paloaltonetworks.com/cyberpedia/data-loss-prevention) tools to restrict certain types of sensitive data from being queried or exported\*\*.\*\*

## Reduce Data and Compliance Risk with DSPM for Snowflake

[Cortex Cloud DSPM](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management) enables you to bring Snowflake into the fold of your broader data security strategy. Rather than treating Snowflake as an isolated silo, you can see the full picture of data, risk and compliance in every cloud environment you manage or use -- including Snowflake and CSPs such as Amazon Web Services (AWS) or Azure. This allows you to eliminate blind spots and ensure that adequate security controls are in place, wherever your data is stored.

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/09/Snowflake-data-security-datasheet-Cortex-Cloud_blogimg-scaled.jpg)

### Understand Your Data Flows

Cortex Cloud DSPM helps you understand how sensitive data moves in and out of Snowflake. Not requiring agents (which can't be installed on Snowflake), Cortex Cloud can identify which sensitive data is stored in Snowflake and which cloud storage can be accessed within the data warehouse via the external tables feature. You can also see the pathways -- both sources and destinations -- through which [sensitive data](https://www.paloaltonetworks.com/cyberpedia/sensitive-data) is moved between Snowflake and other systems.

Understanding these flows enables you to implement appropriate security measures at each stage of the data lifecycle (such as in staging tables or ETL pipelines) and better understand risks.

**Example scenario:** As part of a marketing analytics project, a third-party data pipeline tool ingests customer [PII](https://www.paloaltonetworks.com/cyberpedia/pii) into Snowflake from Azure Blob. If the data flow isn't needed for the particular use case -- e.g., a marketing dashboard reading from Snowflake may not require viewable customer emails -- then you can block it. If it is needed, you can verify that Snowflake data warehouses containing sensitive data have the correct security controls, such as MFA, in place.

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/09/word-image-327764-2.png)

### Classify Data to Understand Risk

The "sensitivity" of data depends on several factors, including the data itself and the business context in which it is processed. For example, zip codes and credit card details might both fall under personally identifiable information (PII), but the consequences of each type of record leaking are quite different. Therefore, a full picture of data risk requires accurate, granular classification of sensitive data and mapping of the associated security and compliance risks.

Cortex Cloud DSPM provides 100+ built-in classifiers that can be applied to data stored in Snowflake. You can also easily define custom risks and classifiers, starting from existing labels.

**Example scenario** : As part of a [GDPR compliance](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance) project, you might want to scan your environment for records that may be violating compliance requirements. For example, you can create a custom label for all "European resident PII stored outside of EU" that compliance teams can later review.

***Related Article*** *:* [*Use Context-Aware Data Classification for a Robust Data Security Posture*](https://www.prismacloud.io/blog/prisma-cloud/context-aware-data-classification-data-security-posture/)

### Apply the Same Security Policies to Every Environment

Within Cortex Cloud DSPM, you can apply from a single interface the same security and compliance policies to Snowflake as you would to any of the databases in your own cloud account.

Managing all data security posture aspects with Cortex Cloud helps prioritize risk effectively, allows security teams to support their organizations' move to multicloud and hybrid architectures, and reduces the fragmentation and context switching that comes from working with point solutions.

**Example scenario**: Let's say you have a policy that requires encryption and access logging for all databases containing customer financial information. Cortex Cloud DSPM enables you to see whether this policy is currently violated in any database that stores customer data -- from Snowflake to self-managed MySQL instances running on virtual machines.

## Learn More

Download [Securing the Data Landscape with DSPM and DDR](https://www.paloaltonetworks.com/resources/guides/dspm-ddr-big-guide) for a more complete understanding of what DSPM is and how it can help you protect your sensitive data. And to learn specifically about Cortex Cloud DSPM for Snowflake, [download the datasheet](https://www.paloaltonetworks.com/resources/datasheets/snowflake-data-security-dspm) today.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/cloud-security/category/announcement/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

[#### Data Security, Meet Remediation: Introducing the New Integration Between Prisma Cloud DSPM and Cortex XSOAR](https://www2.paloaltonetworks.com/blog/cloud-security/dspm-xsoar-data-security/)

### [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

[#### DSPM-Driven Data Context to Improve Attack Path Analysis and Prioritization](https://www2.paloaltonetworks.com/blog/cloud-security/dspm-attack-path-prioritization/)

### [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

[#### Are Cloud Serverless Functions Exposing Your Data?](https://www2.paloaltonetworks.com/blog/cloud-security/secure-access-cloud-serverless-functions/)

### [Data Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/data-detection-and-response/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

[#### How to Build an Enterprise Data Security Team](https://www2.paloaltonetworks.com/blog/cloud-security/how-to-build-enterprise-data-security-team/)

### [Data Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/data-detection-and-response/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

[#### Redshift Security: Attack Surface Explained](https://www2.paloaltonetworks.com/blog/cloud-security/redshift-security-attack-surface-explained/)

### [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

[#### Redshift Security: Data Backups and Encryption Best Practices](https://www2.paloaltonetworks.com/blog/cloud-security/configuring-aws-redshift-protect-data/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language