Snowflake's security is good but since I can connect from a normal browser (not like Browzer) or from the terminal using SnowSQL, they must be looking for incoming connections. According to OpenZiit, this increase the attack surface so it makes me think that Zitifying Snowflake makes it more secure. Are there any examples of this being done?
Generally speaking, a project as large as that would need to want to adopt OpenZiti. Let them know! 
I've personally not used snowflake, but I do think there have been people here who have used OpenZiti with Snowflake, just not me personally. I don't know their security model to know if they have the same sort of concepts as "totally private" instances (protected by firewalls or bastions etc). I'd imagine they do, but I don't know at all.
Perhaps another community member has more experience to comment, but I don't!
1 Like
It'd be the same basic idea, yes. You can absolutely use OpenZiti with any technology that requires secure connectivity using tunnelers. But to "zitify" a program has a different meaning to me. To "zitify" a program, you'd have to take and embed one of our sdks into the application, creating an application embedded zero trust solution. We did that for kubectl, we did it for a prometheus prototype, for NATS.io etc, but they are forks that we update if and when there's a desire.
1 Like
I found something about Azure Private Link: Azure Private Link & Snowflake | Snowflake Documentation so investigating using that from a web app deployed on Azure to connect to Snowflake and then zitifying the web app using the SDK. This seems secure to me.
1 Like