Build Trust across your Data Clouds
Ockam enables Snowflake customers to establish zero-trust connections between any application, anywhere, and their Snowflake Data Cloud
Remove public API endpoints
Your data is business critical. Business critical data should not be accessible through a Public API that’s available to the entire internet. Ockam replaces the Snowflake API public endpoint with a private connection between your remote applications and your Data Cloud.
Easier than PrivateLink
Business critical connections are trivially easy to establish with Ockam - particularly when compared to a Private Link. Simply, install an Ockam Node next to your remote application, and go to the Snowflake Marketplace to add Ockam’s Native App to your Snowflake environment.
Secure-by-design that's simple
All of your remote applications will use unique keys to mutually authenticate with, and create secure channels to your Snowflake Data Cloud. Data-in-motion is always end-to-end encrypted. Keys, enrollments, and credentials are safely created, stored, rotated, and revoked automagically so there's almost nothing to manage.
Setup the following Snowflake Native Apps within minutes...
Sync Snowflake to Postgres
Push a stream of changes from Snowflake tables or views to Postgres tables in a private Postgres database
Sync Postgres to Snowflake
Pull a stream of changes from a private Postgres database into Snowflake tables
Push from Snowflake to Kafka
Push a stream of changes from Snowflake tables or views to Kafka topics in a private Kafka cluster
Pull from Kafka to Snowflake
Pull messages from Kafka topics located on a private server and insert them in Snowflake tables
Mount Snowflake Stages as a WebDAV filesystem
Use Ockam to securely access files in your stage via WebDAV
No more shipping secrets
Whether it's reading a credential or secret value from a central source, or transmitting a secret key to another app, every time a secret value is transmitted over the wire is another opportunity for it to leak. Ockam's approach to secret management means each secret key never needs to leave the place where it was generated. By removing the need to transmit secrets the risk of an attacker intercepting a secret in transit is also removed.
Automated & regular key-rotation
Everyone hopes they never have a data breach, but to minimize the impact incase the worst happens Ockam apps automatically and regularly rotate their encryption keys. If a secret key is ever leaked the data at risk is reduced to the amount sent in the small window of that secret key was active. Don't put your historical and future data at risk because rotating secret keys is difficult — it's built-in from the start.
Data authenticity & integrity
The approach to mutual authentication of every app that Ockam provides results in strong data governance guarantees around the authenticity and integrity of the messages moving through your system.
Trust your security team can depend on
Ockam's approach uses existing and well established open source technologies and frameworks. We build trust through transparency so your CISO can be confident everything meets their requirements. The cryptographic and messaging protocols are publicly documented and the implementations are open source and available on GitHub.
We've published an independent third-party audit by the security research firm Trail of Bits, we've passed the security reviews of our major partners, and we're SOC2 compliant.
The current status of our latest audits and compliance controls are also available.
It’s time to start building...
Or, ask our team a question
We'll get back to you within one business day