Keebo | Keebo Warehouse Optimization Security Overview

Keebo Warehouse Optimization Security Overview

Security Overview: Fully Automated Snowflake Optimization

Keebo’s warehouse optimization for Snowflake does not access user data. See Keebo’s security architecture and the Snowflake metadata we read.

Keebo warehouse optimization security

  • Access only usage metadata (76 fields total), never user data
  • Run within dedicated instances, separating each customer’s queries and models
  • Encrypt all communications during transit and at rest (TLS1.2, Google KMS using FIPS 140-2 Level 3)
  • Automated monitoring of code with every release, plus regular 3rd-party penetration testing
  • All computations carried out inside DB

SOC2 certified

Keebo | Keebo Warehouse Optimization Security Overview

Keebo needs only usage metadata

From SNOWFLAKE.ACCOUNT_USAGE.QUERY_HISTORY:

DATABASE_ID
DATABASE_NAME
SCHEMA_ID
SCHEMA_NAME (hashed)
QUERY_TYPE
SESSION_ID
USER_NAME (hashed)
ROLE_NAME (hashed)
WAREHOUSE_ID
WAREHOUSE_NAME
WAREHOUSE_SIZE
WAREHOUSE_TYPE
CLUSTER_NUMBER
QUERY_TAG
EXECUTION_STATUS
ERROR_CODE
ERROR_MESSAGE
START_TIME
END_TIME
TOTAL_ELAPSED_TIME
BYTES_SCANNED
PERCENTAGE_SCANNED_FROM_CACHE
BYTES_WRITTEN
BYTES_WRITTEN_TO_RESULT
BYTES_READ_FROM_RESULT
ROWS_PRODUCED
ROWS_INSERTED
ROWS_UPDATED
ROWS_DELETED
ROWS_UNLOADED
BYTES_DELETED
PARTITIONS_SCANNED
PARTITIONS_TOTAL
BYTES_SPILLED_TO_LOCAL_STORAGE
BYTES_SPILLED_TO_REMOTE_STORAGE
BYTES_SENT_OVER_THE_NETWORK
COMPILATION_TIME
EXECUTION_TIME
QUEUED_PROVISIONING_TIME
QUEUED_REPAIR_TIME
QUEUED_OVERLOAD_TIME
TRANSACTION_BLOCKED_TIME
CREDITS_USED_CLOUD_SERVICES
QUERY_LOAD_PERCENT
QUERY_TEXT (hashed)
OUTBOUND_DATA_TRANSFER_CLOUD
OUTBOUND_DATA_TRANSFER_REGION
OUTBOUND_DATA_TRANSFER_BYTES
INBOUND_DATA_TRANSFER_CLOUD
INBOUND_DATA_TRANSFER_REGION
INBOUND_DATA_TRANSFER_BYTES
LIST_EXTERNAL_FILES_TIME
RELEASE_VERSION
EXTERNAL_FUNCTION_TOTAL_INVOCATIONS
EXTERNAL_FUNCTION_TOTAL_SENT_ROWS
EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS
EXTERNAL_FUNCTION_TOTAL_SENT_BYTES
EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES
IS_CLIENT_GENERATED_STATEMENT

From SNOWFLAKE.ACCOUNT_USAGE.WAREHOUSE_METERING_HISTORY:

CREDITS_USED
CREDITS_USED_CLOUD_SERVICES
CREDITS_USED_COMPUTE
END_TIME
START_TIME
WAREHOUSE_ID
WAREHOUSE_NAME

From SNOWFLAKE.ACCOUNT_USAGE.WAREHOUSE_EVENTS_HISTORY:

CLUSTER_NUMBER
EVENT_NAME
EVENT_REASON
EVENT_STATE
QUERY_ID
ROLE_NAME
TIMESTAMP
USER_NAME
WAREHOUSE_ID
WAREHOUSE_NAME

API and deployment architecture

Keebo | Keebo Warehouse Optimization Security Overview

Network data flow

Keebo | Keebo Warehouse Optimization Security Overview

Keebo | Keebo Warehouse Optimization Security Overview
Keebo the Robot Dog
Articles: 15