Advanced Network Security

Combine TLS encryption with customizable network policies for granular control, ensuring data is both encrypted and protected from unauthorized access.

CREATE NETWORK POLICY IF NOT EXISTS my_acme_np WITH
ALLOWED_IP_LIST = (‘44.224.89.1/24’)
BLOCKED_IP_LIST = (‘44.224.89.3’)
DESCRIPTION = ‘new network policy for my acme
organization’;
CREATE NETWORK POLICY IF NOT EXISTS kate_np WITH
ALLOWED_IP_LIST = (‘44.224.89.7’)
DESCRIPTION = ‘Kate’s network policy’;

Strengthened Access with Identity Management

Secure access to your resources with layered identity management, combining username and password authentication, Single Sign-On (SSO), and support for MFA. By integrating solutions like Auth0 and SAML 2.0, you can safeguard against unauthorized access.

ALTER ORGANIZATION vsko SET SSO = ‘{
“signOnUrl”: “https://acme-sso.okta.com/app/acme-sso-acmeappv2prod_1/exkelyi3do0l22FDA4x7/sso/saml”,
“issuer”: “okta”,
“provider”: “okta”,
“Label”: “Okta Company App”,
“fieldMapping”: {
“given_name”: “name”,
“family_name”: “surname”
},
“certificate”: “<certifate>”,
}‘;

Single Sign-On

Firebolt supports Single Sign-On (SSO) for centralized access control, allowing users to authenticate across multiple apps with one set of credentials.

CREATE LOGIN "kate@acme.com" WITH
FIRST_NAME = 'Kate'
LAST_NAME = 'Peterson'
IS_PASSWORD_ENABLED = FALSE
IS_MFA_ENABLED = TRUE;

Multi-Factor Authentication (MFA)

Firebolt's MFA strengthens security by requiring multiple forms of verification for access. Admins can control MFA settings per login, ensuring compliance with industry regulations through centralized management with Okta and Auth0.

Granular Access Control

Get secure, role-based access with RBAC, which assigns permissions through hierarchical and composable roles. Strict authorization allows only permitted users to access critical data and system resources.

Securables and Permissions

Fine-grained access control with SQL-based permission management enables secure, flexible access across databases, engines, and queries.

CREATE ROLE IF NOT EXISTS sales;
GRANT USAGE ON DATABASE sales_db TO sales;
GRANT USAGE ANY DATABASE ON ACCOUNT dev_account TO sales;
REVOKE OPERATE ON ENGINE sales_eng FROM sales;

Granular RBAC

Link users to logins for customizable access and role assignments, with flexible and out-of-the-box security options.

CREATE USER kate;
CREATE ROLE sales:
GRANT ROLE sales TO USER kate;
GRANT SELECT ON TABLE sales_data to sales;
ALTER USER kate SET LOGIN = "kate@acme.com";

Layered Data Protection

Safeguard your data whether at rest and in motion through industry-standard encryption, secure key management, and TLS communication.

Industry Standards and Compliance

Get comprehensive information security aligned with industry best practices, ensuring privacy, confidentiality, integrity, and availability of data.

FAQs About Cloud Data Warehouse Security

Key Components of Cloud Data Warehouse Security

Data Encryption

In-Transit Encryption: Protects data as it moves between systems using protocols like TLS.
At-Rest Encryption: Ensures stored data is encrypted with strong algorithms such as AES-256.

Access Management

Role-Based Access Control (RBAC): Limits access based on user roles and responsibilities.
Multi-Factor Authentication (MFA): Adds an extra layer of protection by requiring multiple verification methods.

Network Security

Virtual Private Cloud (VPC): Isolates your data warehouse within a secure, private network.
Firewalls and Intrusion Detection Systems: Block unauthorized access and detect malicious activity.

Compliance and Governance

Regulatory Standards: Adheres to GDPR, HIPAA, SOC 2, and other compliance frameworks.
Audit Trails: Maintains logs of access and changes for accountability.

Backup and Disaster Recovery

Ensures data integrity and availability through regular backups and disaster recovery plans.

Monitoring and Alerts

Continuously monitors for unusual activity and sends alerts for potential security threats.

What is cloud data warehouse security?

Cloud data warehouse security encompasses all the measures taken to protect sensitive data stored in cloud-based warehouses from unauthorized access, breaches, and other threats.

How is data encrypted in a cloud data warehouse?

Data is encrypted both in transit and at rest using protocols like TLS for transmission and encryption algorithms like AES-256 for storage.

What are role-based access controls (RBAC)?

RBAC restricts access to data and systems based on user roles, ensuring users only access information necessary for their tasks.

Why is multi-factor authentication (MFA) important?

MFA enhances security by requiring users to verify their identity through two or more methods, such as a password and a mobile OTP.

What compliance standards should a cloud data warehouse meet?

Standards like GDPR, HIPAA, SOC 2, and PCI DSS ensure the data warehouse complies with industry-specific regulations for security and privacy.

What is data masking, and how does it enhance security?

Data masking obscures sensitive information, such as customer data or financial details, making it unreadable to unauthorized users while maintaining its usability for analysis.