Keebo Warehouse Optimization Security Overview
Security Overview: Fully Automated Snowflake Optimization
Keebo’s warehouse optimization for Snowflake does not access user data. See Keebo’s security architecture and the Snowflake metadata we read.
Keebo warehouse optimization security
- Access only usage metadata (76 fields total), never user data
- Run within dedicated instances, separating each customer’s queries and models
- Encrypt all communications during transit and at rest (TLS1.2, Google KMS using FIPS 140-2 Level 3)
- Automated monitoring of code with every release, plus regular 3rd-party penetration testing
- All computations carried out inside DB
SOC2 certified
Keebo needs only usage metadata
From SNOWFLAKE.ACCOUNT_USAGE.QUERY_HISTORY:
DATABASE_ID
DATABASE_NAME
SCHEMA_ID
SCHEMA_NAME (hashed)
QUERY_TYPE
SESSION_ID
USER_NAME (hashed)
ROLE_NAME (hashed)
WAREHOUSE_ID
WAREHOUSE_NAME
WAREHOUSE_SIZE
WAREHOUSE_TYPE
CLUSTER_NUMBER
QUERY_TAG
EXECUTION_STATUS
ERROR_CODE
ERROR_MESSAGE
START_TIME
END_TIME
TOTAL_ELAPSED_TIME
BYTES_SCANNED
PERCENTAGE_SCANNED_FROM_CACHE
BYTES_WRITTEN
BYTES_WRITTEN_TO_RESULT
BYTES_READ_FROM_RESULT
ROWS_PRODUCED
ROWS_INSERTED
ROWS_UPDATED
ROWS_DELETED
ROWS_UNLOADED
BYTES_DELETED
PARTITIONS_SCANNED
PARTITIONS_TOTAL
BYTES_SPILLED_TO_LOCAL_STORAGE
BYTES_SPILLED_TO_REMOTE_STORAGE
BYTES_SENT_OVER_THE_NETWORK
COMPILATION_TIME
EXECUTION_TIME
QUEUED_PROVISIONING_TIME
QUEUED_REPAIR_TIME
QUEUED_OVERLOAD_TIME
TRANSACTION_BLOCKED_TIME
CREDITS_USED_CLOUD_SERVICES
QUERY_LOAD_PERCENT
QUERY_TEXT (hashed)
OUTBOUND_DATA_TRANSFER_CLOUD
OUTBOUND_DATA_TRANSFER_REGION
OUTBOUND_DATA_TRANSFER_BYTES
INBOUND_DATA_TRANSFER_CLOUD
INBOUND_DATA_TRANSFER_REGION
INBOUND_DATA_TRANSFER_BYTES
LIST_EXTERNAL_FILES_TIME
RELEASE_VERSION
EXTERNAL_FUNCTION_TOTAL_INVOCATIONS
EXTERNAL_FUNCTION_TOTAL_SENT_ROWS
EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS
EXTERNAL_FUNCTION_TOTAL_SENT_BYTES
EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES
IS_CLIENT_GENERATED_STATEMENT
From SNOWFLAKE.ACCOUNT_USAGE.WAREHOUSE_METERING_HISTORY:
CREDITS_USED
CREDITS_USED_CLOUD_SERVICES
CREDITS_USED_COMPUTE
END_TIME
START_TIME
WAREHOUSE_ID
WAREHOUSE_NAME
From SNOWFLAKE.ACCOUNT_USAGE.WAREHOUSE_EVENTS_HISTORY:
CLUSTER_NUMBER
EVENT_NAME
EVENT_REASON
EVENT_STATE
QUERY_ID
ROLE_NAME
TIMESTAMP
USER_NAME
WAREHOUSE_ID
WAREHOUSE_NAME