Snowflake

Snowflake

Snowflake is a data platform built for the cloud. Snowflake delivers the performance, concurrency and simplicity needed to store and analyze an organization’s data in one location. Snowflake is your solution for data warehousing, data lakes, data engineering, data science, data application development, and securely sharing and consuming shared data.

Features

• Security, Governance, and Data Protection
• Standard and Extended SQL Support
• Tools and Interfaces
• Connectivity
• Data Import and Export
• Data Sharing
• Database Replication and Failover
• Please see https://docs.snowflake.com/en/user-guide/intro-supported-features.html

Benefits

• Security, Governance, and Data Protection. Choice of data storage location
• Standard and Extended SQL Support
• Tools and Interfaces: Monitoring resources/system usage. Querying data
• Connectivity: Broad ecosystem of partners, client connectors and drivers
• Data Import/Export: bulk loading/unloading data and continuous data loading
• Data Sharing - secure data sharing with other Snowflake accounts
• Database Replication and Failover
• Near-unlimited scalability and concurrency
• Streamlined data pipelines
• No SRE/DevOps burden

£0 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at arndt.brinkmann@snowflake.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

773882485699629

Contact

Arndt Brinkmann
07836364189
arndt.brinkmann@snowflake.com

Service scope

• Service constraints: Feature sets of the service depend on the edition of service. Please refer to the link below for information on features available for Business Critical edition: https://docs.snowflake.com/en/user-guide/intro-editions.html
• System requirements: Please refer to https://docs.snowflake.com/en/user-guide/setup.html for system requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Premier Support response time targets:; Sev 1: 1 hour; Sev 2: 2 business hours; Sev 3: 1 business day; Sev 4: 2 business days; ; Priority Support response time targets:; Sev 1: 15 minutes; Sev 2: 2 hours; Sev 3: 4 business hours; Sev 4: 1 business day; ; Refer to these sites for details: https://www.snowflake.com/legal/support-policy-and-service-level-agreement/; https://www.snowflake.com/support/
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Premier Support is included in your contract.; ; Priority Support can be purchased in addition. Priority support services include Support Account Management. ; ; Refer to this website for details:; https://www.snowflake.com/support/
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite and Online Training as well as certifications are available.; For training please refer to: https://www.snowflake.com/snowflake-professional-services/; ; For Certification please refer to:; https://www.snowflake.com/certifications/; ; Public documentation regarding the system features and how to use the system can be located here: https://docs.snowflake.com/en/; ; Snowflake Professional services can be used for migration, implementation, and deployment of the service. ; https://www.snowflake.com/snowflake-professional-services/
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Upon written notice to Snowflake, Customer will have up to thirty (30) calendar days from termination or expiration of its agreement with Snowflake to access the Service to retrieve Customer Data (“Retrieval Right”). Snowflake shall have no further obligation to make Customer Data available after termination of the agreement and Snowflake shall delete Customer Data. ; ; For technical information on how to perform data unloading please refer to data unloading documentation: https://docs.snowflake.com/en/user-guide-data-unload.html
• End-of-contract process: Customer may renew the contract or, if ending the contract, it may request upto 30 days Retrieval Right (see above answer) to facilitate retrieval if customer data.

Using the service

• Web browser interface: Yes
• Using the web interface: Snowflake’s classic web interface is easy to use and powerful. You can use it to perform almost every task that can be performed using SQL and the command line, including:; ; - Creating and managing users and other account-level objects (if you have the necessary administrator roles).; - Creating and using virtual warehouses.; - Creating and modifying databases and all database objects (schemas, tables, views, etc.).; - Loading data into tables.; - Submitting and monitoring queries.; ; Limitations: Query results are available for a 24-hour period. This limit is not adjustable.; ; Once your Snowflake account has been provisioned, you can access Snowflake using any of the following methods:; - Browser-based web interface; - SnowSQL, the Snowflake command line client; - Any client application connected via JDBC or ODBC; - Any 3rd-party partner that can connect to Snowflake; - Any of the following browsers are supported:; ; Any of the following browsers are supported:; Supported Browser Minimum Version; Chrome 47; Safari 9; Firefox 45; Opera 36; Edge 12
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: A full user guide is maintained at https://docs.snowflake.com/en/index.html
• Web interface accessibility testing: N/a
• API: Yes
• What users can and can't do using the API: Snowflake provides many APIs. Developer Guides and API Reference documentation or Source Code is provided for each API. ; ; Refer to this website: https://docs.snowflake.com/en/api-reference.html
• API automation tools: Other
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: For details on SnowSQL (Command Line Interface Client) refer to this page https://docs.snowflake.com/en/user-guide/snowsql.html

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Customers must enable auto scaling for their virtual warehouses (compute resources). Please refer to this website: https://docs.snowflake.com/en/user-guide/warehouses-multicluster.html; ; Users are given dedicated virtual resources which are virtually unlimited as they are provided by AWS, Azure, and GCP.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Snowflake encrypts Customer Data at-rest using AES 256-bit (or better) encryption.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• Backup controls: Snowflake enables recovery across the spectrum of failure scenarios:; ; 1. Accidental Data Corruption or Deletion; - Time Travel enables accessing historical data; https://docs.snowflake.com/en/user-guide/data-time-travel.html; - Fail-safe provides a 7-day period during which historical data may be recoverable. https://docs.snowflake.com/en/user-guide/data-failsafe.html; ; 2. Data Center Failure; - Snowflake has Built-in redundancy across 3 Availability Zones in each cloud region. https://www.snowflake.com/blog/how-to-make-data-protection-and-high-availability-for-analytics-fast-and-easy/; ; 3. Region Failure; - Cross-region Replication/Failover enables replication and failover to a different region of the cloud provider. https://docs.snowflake.com/en/user-guide/replication-intro.html; ; 4.Multi-Region Failure in a Cloud; - Cross-Cloud Replication & Failover enables replication and failover to a different cloud provider. https://docs.snowflake.com/en/user-guide/replication-intro.html
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Snowflakes Monthly Availability Percentage for the Snowflake Service is 99.9%.; ; For information on availability, SLAs, and refunds, please refer to this website: https://www.snowflake.com/legal/support-policy-and-service-level-agreement/
• Approach to resilience: Snowflake leverages three separate data center clusters called "availability zones," which are "multiple, isolated locations” per region. The deployment of the N+2 redundant components are spread evenly across the three availability zones, so that there is always (in the non-failed state) at least one instance of each component in each of the three availability zones. ; ; Also refer to this whitepaper for more details on redundancy and resilience: https://developers.snowflake.com/wp-content/uploads/2021/06/Snowflake-High-Availability-for-Data-Apps-Whitepaper.pdf
• Outage reporting: Snowflake outages are reported on a public dashboard located here:; https://status.snowflake.com/; ; Outages and availability incidents are also posted on this website:; https://status.snowflake.com/history; ; Users can subscribe to e-mail updates for these incidents. ; ; RCAs are provided for all Incidents within 7 days.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Snowflake support personnel can only obtain access to customer accounts once customers grant explicit access and permissions to their account. This access is logged and is temporary, expiring within 24 hours or upon manual termination by the customer. ; ; Customers control the level of access granted to the support personnel and can review logs as needed to determine what was performed by the support personnel.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: A-Lign.
• ISO/IEC 27001 accreditation date: 5/20/2022
• What the ISO/IEC 27001 doesn’t cover: The certification covers the entire production environment of the Snowflake service.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: A-Lign.
• PCI DSS accreditation date: 5/19/2022
• What the PCI DSS doesn’t cover: The PCI DSS certification for Snowflake covers the entire production environment of the Snowflake service.
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • HITRUST
  • FedRAMP Moderate
  • SOC 2 Type II
  • SOC 1 Type II
  • IRAP (Protected)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus (CE+). Please see Snowflake’s compliance website for details of all current security governance standards/certifications: https://www.snowflake.com/snowflakes-security-compliance-reports/
• Information security policies and processes: See Security Addendum which describes security processes in place. These processes are put in place based on documented policies and procedures. https://www.snowflake.com/legal/security-addendum/; ; All employees are required to read and acknowledge policies and procedures (including the Information Security Policy) as part of their annual training. ; ; Logging, monitoring, and alerting are in place for security processes to help ensure policies are followed. Periodic information security and governance audits also occur multiple times per year. ; ; Policies are managed by the Security Compliance team and require approvals from leadership at least annually. The Security Compliance team reports to the VP of Security who reports to the CFO.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Production system and software changes are reviewed, tested, and approved prior to deployment to production to ensure the change meets the authorization, design, acquisition, implementation, configuration, and testing requirements to ensure security, availability and confidentiality as outlined in the Secure Development Life Cycle at Snowflake Policy. ; ; For more details on this process please view compliance reports such as the SOC 2 on this website: https://www.snowflake.com/snowflakes-security-compliance-reports/
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Regular internal and external vulnerability scans are automatically performed weekly using an up-to-date vulnerability database.; ; Scans that detect vulnerabilities meeting Snowflake-defined risk criteria automatically trigger notifications to Security personnel and are remediated according to the documented policy.; ; ● Alerts are evaluated by Security personnel.; ● Critical, High and Medium vulnerabilities are documented and tracked to closure.; ● Critical vulnerabilities are reported to the Security Committee.; ; Patches are deployed to the service based on internal policies and procedures. ; ; Information regarding potential threats are also gathered based on industry threat and security alerts from US-CERT, CISA, OWASP, CIS, vendor-supplied notifications and others.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Network activity within Snowflake infrastructure, as well as access to Snowflake, is monitored, logged, and automatically analyzed for suspicious activity to ensure continued system security, integrity, and; availability. Included within this monitoring is the implementation of an Intrusion Detection System (IDS) for systems and networks. Snowflake uses a dedicated Snowflake database, the Snowflake Security Analytics Warehouse (SAW) as its security information and event management (SIEM) tool. ; ; Tickets are automatically generated and reviewed by Security personnel. ; ; Incidents are responded to based on criticality rating and the internal Security Incident Response Process.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The Snowflake Security Incident Process consists of three major phases, Detect, Analyze, and Respond, which are documented in detail in the Snowflake Incident Process Policy. Snowflake records, investigates, and resolves production problems reported by internal and external Snowflake users in a timely manner. All incidents that are classified as high impact must go through a post-mortem process to identify changes to policies, procedures, best practices, and documentation to improve the prevention, detection, containment, analysis of or response to applicable incidents.; ; Incidents are reported/communicated to customers and/or other parties according to contracts, laws, and regulations.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: AWS, Azure, and GCP services are utilized for virtualization.
• How shared infrastructure is kept separate: Organisations are separated via user access permissions assigned to their users which only allow access to their resources (account, storage locations, data, etc.). ; ; Separation of customer data is also controlled via cryptographic keys. Each customer account has a unique Account Master Key, Table Keys, and File Keys. Other users without those keys can not view or access the related data.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Snowflake actively supports the health and wellbeing of its employees. Our competitive benefits programs include 26 weeks of paid parental leave, fertility benefits, and various options for taking time off work when our employees need it. In addition, all Snowflakes have access to our weekly online lunch and learns, virtual workout classes, and ergonomic work-from-home equipment. We offer on-demand mental health and wellness programs to support our employees and their families.; ; Learn more about Snowflake’s benefits here: https://careers.snowflake.com/us/en/benefits

Pricing

• Price: £0 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 30-day free Snowflake trial which includes $400 worth of free usage
• Link to free trial: https://signup.snowflake.com/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at arndt.brinkmann@snowflake.com. Tell them what format you need. It will help if you say what assistive technology you use.