SafetyDetectives recently sat down with John Bland, the Head of Cybersecurity Strategy at Snowflake, to gain insights into his journey and Snowflake’s innovative approach to cybersecurity. John’s career in cybersecurity began at Splunk, where he played a pivotal role in helping customers transition to more advanced SIEM solutions. His experience at Splunk highlighted the challenges of traditional SIEMs in the cloud era, driving his interest in cloud-native solutions like Snowflake. At Snowflake, John leverages his deep understanding of security challenges to develop strategies that empower security teams with scalable, efficient data solutions.
Can you share a bit about your background and how you came to be the Head of Cybersecurity Strategy at Snowflake?
My interest in cybersecurity started when I accepted a position at Splunk in 2016. Customers were looking for a more innovative and scalable SIEM, and I supported many of Splunk’s largest customers in their migration from older legacy solutions to Splunk. From there, I was lucky enough to have a front row seat as Splunk emerged as a market leader in SIEM.
However, problems started to emerge as cloud transformation became top-of-mind for customers. Legacy SIEM providers were born in the on-premise era. The single install monolithic architecture that was once a benefit to customers for its ease of install and time to value became a liability in the cloud. Leacy SIEM providers needed to break up the monolithic architecture and move to a cloud-native architecture that would provide customers with benefits in cost, scale, and elasticity. This change in architecture proved to be much harder than expected, and is still not complete for most legacy providers six years later.
In parallel, the volume of security data grew exponentially as customers migrated to the cloud. Legacy SIEM licensing models were no longer a viable option for customers, and I saw the challenges that large Splunk users faced as costs skyrocketed. Customers were forced to compromise on the data they could send to their SIEM, and how long they could retain that data in an effort to reduce costs. What was once a beloved security platform for Splunk customers became a burden due to costs and lack of cloud scale.
Cloud-native data platforms like Snowflake started to emerge, and I admired them from a distance. Snowflake was the data platform that I admired most. I firmly believe cybersecurity is a data problem, and knew that a data platform like Snowflake could solve a lot of the problems that my Splunk customers were very vocal about.
A couple of years later, Snowflake announced the launch of their cybersecurity workload, and I started to search for an opportunity to help Snowflake accelerate adoption. A short time later I accepted a position as Snowflake’s Cybersecurity Data Cloud Principal, and was promoted to Head of Cybersecurity Strategy a year later.
I guess the short answer is that I ended up here by listening to my customers. I have a deep understanding of the security challenges that customers face today, and the emerging technologies and capabilities that will power security operations in the near to mid term.
What does Snowflake’s approach to cybersecurity entail, and how does it differentiate from other cloud data platform solutions?
Snowflake is the home for all security data — for security teams and security vendors. There are three key pillars in how we deliver a great data foundation for security analytics:
First, we focus on breaking down data silos. We are a company that puts our customers first, which is why we are investing in Iceberg and other integrations so that customers can have access to all of their data with ease. Especially in the cybersecurity world where teams are often using more than 40 to 50 different tools, each with its own schema and formats. It is extremely difficult to bring data sets together for simple joins and analytics. The economics of the modern data stack, with the cloud data platform at its core, will drive savings and while better data analytics capabilities will translate to higher fidelity insights for security teams.
In addition, we’re zeroed in on providing our customers analytics at scale. Snowflake provides a secure, cost-effective, and performant platform for log analytics. For example, a Fortune 500 financial services customer needed to scan petabytes of data in minutes for a breach investigation. They were thoroughly impressed with Snowflake’s ability to find needle in the haystack answers across such a high volume of data. And they loved that they were able to seamlessly scale up during the investigation, and back down afterward to save costs.
Last, but not least, we help our customers bring applications directly to where their data already lives. What’s most exciting is the concept of giving data ownership and control back to security teams. With a robust ecosystem of applications that connect to the Snowflake security data lake, customers are bringing applications to their data rather than sending their data to other applications’ backends. They have access to more than 90 days of data, can see historical trends, build machine learning models to detect anomalous behaviors, and much more.
What strategies does Snowflake employ to protect against emerging cybersecurity threats?
Our newest capabilities and features in AI are making it easy for security teams to leverage Snowflake for more advanced use cases such as anomaly detection, threat modeling, and large language model (LLM)-powered analytics. Our team is at the cutting-edge of this technology, and many are presenting on how they are leveraging Snowflake to make us more secure at Snowflake Summit 2024. We are customer zero of our own solution. Security customers are also able to leverage Snowflake to achieve increased visibility and protection.
On the other hand, security vendors that we partner with are also building cool products such as SQL-to-text chatbots that enable faster investigations and recommendation engines in user interfaces that security analysts are most familiar with — all available directly on the Snowflake platform. We are breaking down the barriers for security teams to get to their answers faster, and strengthen their overall security posture.
Can you explain how the AI Data Cloud for Cybersecurity integrates with existing security infrastructure within an organization?
The Snowflake AI Data Cloud is powered by our robust network of cybersecurity vendors, customers, and more — all grounded in the Snowflake platform’s core technology. With Snowflake as the data platform and an extensive ecosystem of partners delivering security capabilities with connected applications, cybersecurity teams can quickly gain visibility and automation at cloud-scale. Snowflake’s modern security architecture allows customers to gain control of their data, leverage pre-built content and security capabilities on top of their existing Snowflake environments, and utilize a single copy of data across their cybersecurity needs.
In addition, with Snowflake, organizations can unify their security data with enterprise data in a single source of truth, enabling contextual data from HR systems or IT asset inventories to inform detections and investigations — bringing the CISO together with the CIO for a unified data strategy.
Snowflake is at the heart of our customers’ cybersecurity strategies, enabling a variety of use cases spanning threat detection and response, cloud security posture management, advanced threat hunting, application security, and more. Customers including CSAA Insurance Group, DoorDash, Dropbox, Figma, and Navan are leveraging Snowflake’s cybersecurity workload to drive value.
What advice would you give to organizations looking to improve their data security practices?
Choose a data platform that you can scale with, securely. It is extremely important that we have granular controls over permissions, role-based access controls, data masking, and more. Without these foundational features, it’s incredibly difficult to share and democratize data within an organization and it hinders collaboration outside of the organization.
It’s also important to choose a security partner that can guarantee built-in security and governance throughout their offering, and enable the freedom to experiment with cutting-edge technologies without the fear of compromising secure data. Snowflake’s cybersecurity workload further empowers security teams in the AI Data Cloud so that they can collaborate with diverse stakeholders and succeed in their vital mission to protect the enterprise.