‍

Introduction: Building trust at the core of Snowflake’s data cloud 

Trust is the cornerstone of any relationship, including the one between businesses and their cloud platforms. In today’s world, data not only drives decisions but also innovation, and the security of that data within the cloud has become more important than ever. Snowflake stands at the forefront of this reality with a Data Cloud platform built on the principles of security and trust.

Challenge: Tackling CVEs and compliance

Snowflake’s journey in cloud computing transcended typical technological hurdles, evolving into a steadfast commitment to building trust with their customers — where security is built in, not bolted on to Snowflake’s products and services. This mission, however, is a constant journey and tackling Common Vulnerabilities and Exposures (CVEs) became paramount to building the most secure-by-default solutions. As a leading cloud-native company, container security and vulnerability management of these technologies particularly became a top priority for the Snowflake team to address.

‍

“When you think about customer data, it's all about trust. And so our philosophy has always been to build security into the product in a way that the customer can focus on grabbing insight from the data and not having to worry about the security of the platform.”

Anoosh Saboori, Head of Product Security

‍

‍

The path to achieving FedRAMP High accreditation illuminated the importance of streamlining their team’s vulnerability management to meet stringent requirements for container vulnerability scanning and remediation. This compliance endeavor was a cornerstone of the trust Snowflake’s customers placed in their platform — especially those within highly regulated sectors such as governments and public services like education — who can benefit from Snowflake’s modern technologies and innovations. 

‍

For Snowflake, addressing CVEs in container images that power its products and services needed to be assessed, triaged, and remediated to instill the foundational trust of its platform. Anoosh Saboori — Head of Product Security — emphasized the dual focus of CVE remediation driving the security team’s efforts: 1) reducing risk to Snowflake and its customers while 2) enhancing productivity.

‍

This delicate balance was pivotal as they navigated the complexities of security and compliance, striving to uphold the highest standards of vulnerability management. “It goes back to shifting left as the key to address scalability,” Anoosh explained, advocating for a proactive approach to security that begins with a solid baseline, thereby minimizing the need for extensive patching and allowing engineers to concentrate on innovation rather than remediation.

‍

The journey towards FedRAMP High accreditation was a testament to Snowflake’s dedication to bringing the most secure solutions to regulated industries and sectors. On their journey to strengthen overall software supply chain security, the need for a strategic shift in Snowflake’s security approach that optimized developer velocity while reducing risk became evident. “Software supply chain is only going to become more important as we go forward,” remarked Brandon Sterne — Senior Manager of Product Security — highlighting the growing significance of a provably secure software supply chain in meeting and surpassing compliance standards.

‍

“For us, it was really about enabling more insights. Imagine law enforcement officers, health sectors, and education sectors. There are so many insights that could help them do their job better. And by achieving FedRAMP High, it allows us to provide the benefits of Snowflake to these customers such that they can pass those benefits onto our citizens.”

Anoosh Saboori, Head of Product Security

‍

‍

This realization marked a pivotal moment for Snowflake, acknowledging that the existing manual methods of vulnerability management were no longer sufficient in the face of escalating threats.

Solution: Embracing Chainguard’s innovations

Facing the challenge of streamlining vulnerability management for container images, Snowflake sought a solution that could not only enhance their existing security processes, but also reinforce the foundation of trust with their customers. The answer came in the form of a strategic partnership with Chainguard, a collaboration that promised to help revolutionize Snowflake’s approach to software security.

Streamlining vulnerability management

The first order of business was addressing the overwhelming task of managing vulnerabilities, one that consumes valuable resources and takes time away from important business or customer innovations. Chainguard’s solution, with its focus on security-by-default measures, presented an innovative approach. 

‍

According to Brandon, “Chainguard Images allowed us to get the best of both worlds — we're able to go faster and build on top of really powerful open source platforms, but we also get the security assurance that Chainguard is able to provide us by giving us hardened, secure images.”

‍

Anoosh highlighted the synergy, stating, “Chainguard was founded by people who’ve lived our challenges… their focus on preempting security issues aligns perfectly with our mission.” The adoption of Chainguard Images marked a significant shift, transforming Snowflake’s ability to manage vulnerabilities with unprecedented efficiency.

‍

Furthermore, achieving FedRAMP High accreditation underscored the need for a solution capable of meeting stringent security standards. Chainguard Images offered Snowflake a pathway to not only help meet, but exceed these standards in a matter of months to ensure they were operational and audit-ready.

‍

“It's a remarkable thing when you introduce Chainguard Images and see the vulnerability count plummet. Watching various applications go from hundreds or even thousands of vulnerabilities down to zero overnight is a really powerful testament to what Chainguard Images can do. And we would not have been able to get [to FedRAMP High] in time without their support.”

Brandon Sterne, Senior Manager of Product Security
‍

Building trust through enhanced security

Beyond the technical benefits, the partnership with Chainguard was instrumental in upholding the trust of Snowflake’s customers. By significantly reducing the number of vulnerabilities, Snowflake could assure its users of the platform’s security, an essential factor for clients in highly regulated industries.

‍

“Chainguard is able to give us a really solid story, a really solid picture of what we are building on top of and making sure those building blocks are trustworthy and aren't going to create a problem for us in production. It all comes down to customer trust.”

Brandon Sterne, Senior Manager of Product Security
‍

Conclusion: A trusted platform and partnership

The collaboration with Chainguard represented more than a mere technical solution for Snowflake; it was a partnership founded on a shared commitment to security and trust by both companies. By integrating Chainguard Images into the team’s software development processes, Snowflake was able to focus on solving  security challenges at scale, all while reinforcing its promise of providing a secure, trustworthy data cloud platform to its customers.

‍

Looking ahead to the future of software supply chain security, Brandon remains optimistic: “As more industry and government regulation come into the picture and our obligation to having a provably secure software supply chain becomes more and more important for us, the direction that companies like Chainguard have charted … I think that sets the tone for the entire industry, frankly.”

‍