“At Snowflake we take security extremely seriously”

In a chat with VARINDIA, Vimal Venkatram, Country Manager, Snowflake – India talks about the company's fully encrypted storage, its data localization, security issues regarding hybrid or multi-cloud, etc.  

Who are your competitors and how do you differentiate with them?

There is obviously competition in the market. From an architecture standpoint, it is absolutely a key USP of Snowflake - one is we are across the cloud, which means we are available on multi-cloud technologies like AWS, Microsoft Azure, and GCP. We are a true pay as you go model, which means customers only pay for what they use and consume on Snowflake. The unique architecture of Snowflake makes instant availability, scalability, elasticity or reality. Finally, we are a single source of truth, which means it is one common platform, or we have one single source of truth from a data standpoint where customers can load all kinds of data, whether it is structured, semi-structured data, and soon to be announced unstructured data as well in a single platform, which means you are not maintaining different siloed data sets, one for structured data, one for semi-structured data, and then trying to figure out join these two at some level. It is very complex to do that. Snowflake makes it extremely easy. Finally, I have been speaking about the rise of the Data Cloud or how customers can now share data, customers can now monetize their data or ingest data from third parties as well. Customers can securely share data with partners, suppliers can even host it on our data marketplace and potentially even monetize that data.

Does the exponential increase of value of data can lead to security breaches?

From a security standpoint, this is going to be a key focus not only from a Snowflake perspective, but from an overall security perspective as well right. We are seeing that customers are engaging in a lot more spending on cyber resilience and they are also doing a lot of excess spending in emerging technology risk management. From a Snowflake standpoint, we are absolutely secure by design, by providing end to end encryption, our storage is fully encrypted as well. We have strong multi-factor authentication and the profiles of customers who are Snowflake customers are some of the most heavily regulated and sensitive industries like financial services, telecommunications and healthcare. There are customers globally from an Fs standpoint, we have Capital One, Allianz from healthcare, McKesson which is a Fortune 10 company. So we absolutely take security very seriously from a Snowflake standpoint.

India is working on its own data protection laws and it is talking about data localization. How does that affect your business? If you can, talk about that? 

In India, we launched in May 2020, on AWS. So from a data localization standpoint, if customers are utilizing the Snowflake for instance, in AWS in Mumbai, they are covered with data localization, because we are present in India today. So we are hosted on the three major public cloud platforms globally, which is AWS, Microsoft Azure, and Google Cloud GCP. This is why we have also seen, increasingly, a lot of focus around sensitive industries, financial services, telecommunications, retail, for example, we can absolutely work with these organizations who have laws where they need to store data locally in India, so Snowflakes are protected on that front.

Would you like to dispel the myth that data on Cloud is not safe or data on multi-cloud is not safe? Would you want to dispel that threat myth today? 

So yes, I would love to dispel that myth. So, data is absolutely secure. When I say data is absolutely secure, Snowflake takes a lot of effort and our solution was built from the ground up to take advantage of the public clouds. We are only available on the public cloud, we see the highest certification levels for security from a Snowflake standpoint, we have an end to end encryption, where the data is in transit or rest, the data is encrypted. We have role-based access control, very strong authentication systems, which multifactor. For example, we are also FedRAMP ready, we meet NIST 800 145. Specifications, SOC type 2, we are PCI DSS compliant as well. Also, we are HIPA compliant for a lot of healthcare customers. So, McKesson is a significant customer for Snowflake. Customers trust their data, to be on us, because of the security and the governance that we built into our system from the grounds up. As we expand our footprint in India, this is a very key conversation with a lot of CEOs, CIOs, analytics officers, and we take the pains to make them understand how secure the data is. There are times where data on the cloud is sometimes even more secure than on-premise systems.

How do you address the security issues when you talk about the hybrid cloud or a multi cloud? 

At Snowflake we take security extremely seriously. We have built our solution around security, some of the most highly regulated and sensitive industries like healthcare, financial services, government, telecommunications, retail, we have reference customers, and each one of these are key verticals globally. Without security, being at the centre of the conversation, we would have never been able to win some good accounts. In any campaign that we go, we work closely with the people in the organization, whether it means we share our certifications we have pretty much as I said earlier, we are HIPAA compliant, SOC type 2, PCI DSS compliant. Snowflake is encrypted end to end when the data is in transit or in flight. There is on top of that role-based access control.

On top of that, we also allow customers to bring your own encryption key, which means if you ever revoke your credentials of an encryption key, the data is basically meaningless to anyone who wants to access that. We also provide a lot of flexibility for customers to ensure that data is absolutely secure.