LFG Security Consulting’s Post

Thoughts on the recent Snowflake incident and data encyrption. According to Mandiant Security, a financially motivated threat actor compromised hundreds of Snowflake instances using customer credentials stolen via infostealer malware that infected non-Snowflake owned systems. While it may take some time to fully measure the financial costs associated with this incident for both Snowflake and its customers, I think it's fair to say the impact will be signifcant to both the wallet and the reputation of the impacted companies. It is my belief that the use of Field Level Encryption and Multifactor Authentication would have prevented the recent Snowflake issues, because the data would not have been readable or usable to the bad actors. In my opinion, Field Level Encryption is far superior to TDE and other types of database native encryption, because it is not vulnerable to credential compromise.  Typically with TDE and other database native encyrption technology, if a bad actor obtains inappropriate access to a database, they are able to access and read all of the sensitive data.  If they are then able to exfiltrate the data, it results in a data breach. This was the case with the Snowflake incident. With Field Level Encryption, even if data is exfiltrated from the database, the data is still scrambled and unusable in its current format. This makes TDE and other database level encryption vulnerable to phishing, some man-in-the-middle attacks and the like.  If a database administrator clicks on the wrong email, and gets his or her credentials compromised, in most cases database native encryption does not safeguard against that. Additionally, when Field Level Encryption is combined with Format Preserving Encryption schemes, the data can be used for its intended purpose without ever having to decrypt the data in most cases.  This ability to use the data without decrypting it, makes Field Level Encryption far more secure than other encryption technologies that require a decrypt cycle every time the data is accessed. Having been responsible for one of the largest private sector field level encryption projects in world history, including integrating FLE with Snowflake before this incident occurred, I can personally attest to the power of this type of data protection. For institutions that store highly sensitive data such as credit cards, bank account numbers, social security numbers, drivers licenses, etc., a roadmap to Field Level Encryption should be a consideration to protect an organization's data, brand and reputation. #snowflake #databreach #encryption #cybersecurity #dataprotection #ciso #fieldlevelencryption #lfgsecurity #datasecurity #pci #ffiec #fba #payments #banking #creditcards #hipaa #deputyciso #informationsecurity #infosec #database #productsecurity #cloudsecurity

With more and more organizations leveraging #databricks to enable personalized customer experiences, it's important we understand the protections built into the platform that help ensure customer data is private and secure. To that end, Andrew Weaver and I partnered with LFG Security Consulting, a security and privacy firm engaged with some of North America's leading retail organizations, to develop this guide to the key questions organizations should explore when housing customer data on ANY platform and how Databricks addresses these. We welcome everyone interested in how best to protect their customer data to explore this guide and to reach out to their Databricks representative to understand why so many organizations trust our platform with their most sensitive information assets.  #privacy #security #nextgencx https://lnkd.in/gGCGfEXD