INTERWORKS EUROPE LTD

Snowflake

Integrated data sharing platform with near infinite scalability. data lakes, enterprise data warehouse, data marts, big data storage and analytics. Secure data sharing. Interfaces with leading ETL, ELT visualisation and machine learning tools. Automatic load based scaling. Upgrades, patches, backups, load-balancing, maintenance and tuning are all handled automatically. NHS expertise,

Features

• Separate Compute/Storage/Services layers allow near infinite scalability
• Pay for just the compute/storage you use
• Automatic scaling up and down with demand
• All data encrypted in transit and at rest
• Column based storage for high performance analytics
• Browser based UI. No software installation required.
• ANSI SQL compliance for wide industry compatibility
• SQL extensions to aid parsing of semi-structured data (JSON/XML/Avro/ORC)
• Automated handling of routine maintenance (backups, tuning, upgrades, patches etc)
• Real time data ingestion from streaming sources (eg Kafka)

Benefits

• Consistent performance regardless of number of users or data size
• Single sign on using latest industry standards (SAML 2.0, Okta)
• Multi-factor authentication configurable for all users.
• Individual departments can be recharged based on usage
• Automated monitoring and alerting can prevent overspending
• Allows simple, secure data sharing with partners or the public
• Compatible with a broad range of ETL/Data ingestion tools
• Compatible with all major data visualisation tools
• Compatible with leading Machine Learning / Data science tools.
• SaaS. Snowflake manages all aspects of software installation and updates

£2 to £5 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Daniel.rostron@interworks.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

394101636944653

Contact

Daniel Rostron
07531541276
Daniel.rostron@interworks.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Cloud only. ; ; Hosting on Amazon AWS, Microsoft Azure or Google Cloud Platforms only.; ; Virtual private cloud hosting available on Business Critical Edition only.; https://www.snowflake.com/wp-content/uploads/2017/09/SNO-Solutions_VPS_4.pdf
• System requirements: Standard web browser based user interface

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 4 hours Mon - Fri 9am - 5pm; 24/7 service is available on request at an additional cost depending on size of environment
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide office hours support desk service via email, phone and video conference.; Support is provided free of charge for anything to do with ensuring that the software is working as it should. Support is only charged for work which would classify as consulting assistance - this is usually separately agreed with clients in advance.; All accounts have an assigned account manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: InterWorks has a team of Snowflake accredited data engineers who can perform initial setup of the Snowflake instance, and then configuration of a warehouse according to a predefined architecture agreed with the client.; ; Additionally we can provide professional services to set up and configure your data warehouse to specific requirements while following industry best practices.; ; We can provide solution specific bespoke training once your system is up and running.; ; Full, current documentation for Snowflake is online and free.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Data can be unloaded in bulk to flat files cloud data storage (Amazon S3, Azure, or Google Cloud Storage).
• End-of-contract process: At the end of the contract the licences expire, users are no longer able to log in and access the service. After a short grace period, any data held is deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile apps can connect to Snowflake via standard ODBC/JDBC connectors
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Command line tool "SnowSQL" allows scripting of Snowflake operations outside of the web interface, using powershell, bash or similar.; ; Python interface also available.
• Accessibility standards: None or don’t know
• Description of accessibility: Standard ODBC/JDBC connectors mean the data can be accessed from pretty much any application that can connect to a database.
• Accessibility testing: No specific testing
• API: Yes
• What users can and can't do using the API: All operations that can be performed via the user interface can also be performed via the API. ; ; Snowflake supports developing applications using many popular programming languages and development platforms:- ; ; Go Language: 1.13 (or higher), Java: 1.8 (or higher), Microsoft .NET ( Visual Studio 2017), Node.js: 10.0 (or higher), Python: 3.5 or higher.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Role based security with default roles for account administration, user administration and resource administration. Additional custom roles can be created with customised permissions.; ; A snowflake account can contain any number of databases, schemas, warehouses (compute resources), tables, views, stored procedures, scheduled tasks all of which can be customised. Level of access to each resource is configurable at role level. Users can have multiple roles.; ; Size of warehouses can be configured individually, as can the extent to which they automatically scale in response to demand from a large number of clients.; ; Time travel feature can be configured to preserve accidentally changed or deleted data for up to 90 days.; ; MFA is automatically enabled, and can be enforced for some or all users.

Scaling

• Independence of resources: The unique architecture of Snowflake, decoupling storage and compute, allows the immediate provisioning of unlimited isolated workloads within seconds. The compute resources required for data ingestion, transformation and data consumption loads, can be completely isolated from each other, as can different groups of users with different compute demands. Compute clusters can be configured to automatically spin up and shut down additional nodes within seconds, depending on load at that time. A sudden unexpected demand from a lot of users won't affect performance for others on the system.

Analytics

• Service usage metrics: Yes
• Metrics types: Volume of data stored; User activities and last login; Live monitoring and alerting of warehouse usage consumption; Query history by user including execution plan, and query statistics
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Snowflake

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users accessing through a browser can, subject to permissions, download data from a dashboard or from a selection to a csv file.; Users can also, again subject to permissions, download the file to Tableau Desktop or Tableau Reader (free, read only version of Tableau) which allows users to download the data from the workbook or from a selection to csv or a crosstab to Excel.
• Data export formats:
  • CSV
  • Other
• Other data export formats: TSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • Avro
  • ORC
  • Parquet
  • Connection to existing databases via separate ETL or CDC tool

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Snowflake guarantees 99.9% availability for customers on premier or priority support level agreements, with credits to the customer account in the following month in case of breach.; ; Full SLA publically viewable at ; https://www.snowflake.com/wp-content/uploads/2019/02/Snowflake-Support-Policy-02202019.pdf
• Approach to resilience: Each layer in the Snowflake architecture is distributed; across availability zones. Because availability zones; are geographically separated data centers with; independent access to power and networking,; operations continue even if one or two availability; zones become unavailable. In addition, the database; storage layer leverages the cloud provider’s resilient; storage service to provide highly durable, costeffective storage. When a transaction is committed; in Snowflake, the data is securely stored in the cloud; provider’s highly durable data storage, which enables; data survival in the event of the loss of one or more; disks, servers, or even data centers. Amazon S3; synchronously and redundantly stores data across; multiple devices in multiple facilities. It is designed; for eleven 9s (99.999999999%) of data durability.
• Outage reporting: Public dashboard at https://status.snowflake.com/; ; Anyone can subscribe to e-mail alerts via the above status page; ; Status updates also available via RSS feed, Atom feed or webhooks; (again can subscribe from above status page)

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Authentication requirements configurable. ; Username/password authentication with or without MFA.; OAuth 2.0 either with built in or external OAuth server.; Federated authentication & SSO with configurable identify providers via Okta, AD FA or other SAML2.0 compliant service.
• Access restrictions in management interfaces and support channels: Management Interfaces and support channels are secured using roles applied to users to maintain the separation of ability of users. The system is designed to allow only specific and absolutely necessary users the ability to alter authentication and authorisation. Default permission for new users is always set to deny all access until it is specifically granted by and administrative account.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Level of access is determined by user role. Process for authentication for management access is exactly the same as all other user authentication.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: A-LIGN
• ISO/IEC 27001 accreditation date: 21/5/2019
• What the ISO/IEC 27001 doesn’t cover: I don't understand the question. ; Certificate available for inspection at ; ; https://www.snowflake.com/wp-content/uploads/2019/12/Snowflake-Computing-Inc.-ISO-27001-Certificate-with-signature-1.pdf
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Information available on request
• PCI DSS accreditation date: Information available on request
• What the PCI DSS doesn’t cover: Available on Business Critical Edition only
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Given our role as data analysts we take data security very seriously. We do have an internal security governance policy but this is not currently one that is accredited to an external standard. We have never had a security incident or breach.
• Information security policies and processes: We have a detailed IT Policy (Security and Internet) which we can make available on demand. The key points of which are:; Roles and responsibilities - the policies are established, monitored and breaches investigated by the directors, but at a core level everyone has a responsibility for security. ; Monitoring - we reserve the right to monitor employee use of IT resources, tracking and remote wipe software is installed on all devices; Damage and loss - defined actions in the event of damage or loss of equipment; Misuse and vandalism ; Specific guidelines concerning encryption and security admin policies of portable devices, memory sticks, mobile phones, laptops, AV software, email attachments, commitments in emails, IM systems, licensing of software, and password policies.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All software updates are handled by Snowflake themselves with no user intervention.; ; Security announcements, services alerts, pending behaviour changes and release history are available at https://community.snowflake.com/s/announcements ; ; Anyone can subscribe to e-mail notifications of any of these announcements from the same page
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: AWS has a built in vulnerability testing process which allows the on demand testing of an AWS instance (that we control / have access to).
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Snowflake uses advanced threat detection tools to; monitor all aspects of its infrastructure. ; Activities meeting certain criteria generate alerts; that are triaged through Snowflake’s security incident; process. Specific areas of focus include the following:; ; File integrity monitoring (FIM) tools are used; to ensure that critical system files, have not been; tampered with.; ; Behavioral monitoring tools monitor network,; user, and binary activity against a known baseline; to identify anomalous behavior.; ; Snowflake uses threat intelligence feeds to; contextualize and correlate security events and; harden security controls to counteract malicious; tactics, techniques, and procedures (TTPs).
• Incident management type: Supplier-defined controls
• Incident management approach: User reported incidents go to our support desk for triage. If the support desk cannot resolve it immediately it is escalated to the correct specialist within the team.; Incidents discovered by our team would be notified directly to the client. Minor issues would usually be resolved then alerted. Major issues would be alerted first and then the focus would move on to resolution.; Incidents are reported via email

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Covid-19 recovery

  Covid-19 recovery

  Snowflake are dedicated in providing support the NHS to combat COVID 19 recovery

Pricing

• Price: £2 to £5 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A 30 day free trial of any edition with $400 of free credit
• Link to free trial: http://interworks.com/snowflake-trial

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Daniel.rostron@interworks.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.