Navigating the shared responsibility model: lessons from the Snowflake cybersecurity incident

12 September 2024

Jerry Dawkins, PhD

A courageous stance: Snowflake’s response

Snowflake's response to the incident was bold: they pointed the finger at their customers and emphasized that the breaches were due to compromised credentials and the lack of proper security measures such as multi-factor authentication (MFA). While Snowflake's stance may seem bold, it is partially true. Customers do indeed have a responsibility to secure their environments by implementing recommended security practices. However, this perspective raises an important question: shouldn't vendors also play a more active role in ensuring security by default?

Arguments for secure default settings

If Snowflake is such a strong advocate for the use of MFA, why not make it the default? In today's threat landscape, relying solely on customer due diligence is not enough. According to the Verizon 2024 Data Breach Investigations Report, 77% of attacks on web-based applications involve credential theft. This statistic underscores that vendors need to do more than just recommend best practices—they need to enforce them. By incorporating secure defaults such as mandatory MFA or seamless integration with single sign-on (SSO) providers, vendors can significantly reduce the risk of credential-based attacks.

Arguments for shared responsibility

The Snowflake incident is a stark reminder of the importance of the shared responsibility model in cybersecurity. Vendors should not only provide secure platforms, but also ensure that security features are easy to implement and, where possible, automatically enforced. On the other hand, customers must demand a clear and robust shared responsibility model from their vendors. It is critical for organizations to verify that their vendors' implementations are upholding their end of the bargain when it comes to security.

A call to action

The Snowflake incident is a wake-up call for vendors and customers. Vendors must take proactive steps to ensure their platforms are secure by default, minimizing the risk of human error. At the same time, customers must take an active role in understanding and acknowledging their shared responsibility with their vendors. By working together, we can create a more secure digital landscape where both parties contribute to protecting sensitive data.

CISO Global is at the forefront of this discussion, advocating for greater collaboration between vendor and customer and helping organizations navigate the complexities of cybersecurity. It's time to move beyond blame and work together toward a more resilient future.

About the author

Jerald Dawkins is the Chief Technology Officer (CTO) at CISO Global and has founded and exited several cybersecurity companies, including True Digital Security and TokenEx, LLC, both based in Oklahoma. (True Digital Security was acquired by CISO Global in January 2022.) He currently holds three (3) patents in cybersecurity. Additionally, Jerry has secured millions of dollars in over twenty-five (25) federal and industry research grants for cybersecurity research and has also served as a cybersecurity advisor to the Department of Homeland Security's Inter-Agency Board supporting the first responder community. A tireless advocate for technology and skills development, Jerry has also held numerous board positions supporting STEM education and actively advises the technology innovation community in Tulsa, Oklahoma.

Jerry's outstanding combination of security and technology expertise, business acumen and creativity has made him a thought leader in information security and cyber resilience.

He received his Bachelor of Arts in computer science from Fort Lewis College in Durango, Colorado, and his Master of Science from the University of Tulsa. His doctoral thesis, also from the University of Tulsa, was on heuristics for scalable compound exposure analyses.

The post Navigating the Shared Responsibility Model: Lessons from the Snowflake Cybersecurity Incident first appeared on CISO Global.

***This is a Security Bloggers Network syndicated blog from CISO Global, written by hmeyers. Read the original post at: