How We Keep Your Environment Safe
Keebo’s snowflake security architecture is built on fundamental principles that protect your data at every level
Minimal & Secure Data Access
Warehouse Optimization and Workload Intelligence use metadata only. Query Routing requires query access for routing but never stores data or uses it for routing decisions. Sensitive data remains protected. See required roles & grants.
AI Optimization Without Risk
Warehouse Optimization (KWO) and Workload Intelligence (KWI) work exclusively on metadata—never seeing query results. Query Routing (KQR, Diamond tier) analyzes query text inside an customer-isolated, firewalled Kubernetes cluster.
Encrypted Connections
Every connection to Snowflake and Databricks is fully encrypted to protect your environment at all times.
Restricted Platform Permissions
Uses a dedicated user and role with strict, limited access to only necessary Snowflake or Databricks metadata.
Strict Access Controls
Firewall-protected with IP whitelisting — only your domains can connect to our infrastructure.
Dedicated Infrastructure
Your own Kubernetes cluster with isolated resources — no shared infrastructure with other customers.
Trusted by modern data teams
Enterprise-Grade Data Access Architecture
Keebo analyzes 76+ metadata fields for every query, operating through a dedicated user and role with strict permissions. It leverages only metadata—query logs, performance metrics, warehouse settings—never storing tables or sensitive data.
- All connections are secure and encrypted with industry‑standard protocols.
- AI‑driven optimization runs in either autopilot or recommendation mode.
- Full governance and audit visibility—proven at enterprise scale.
How Keebo Uses Metadata to Optimize Cost + Performance
Keebo Workload Intelligence (KWI) is the FinOps & observability module of the Keebo platform that analyzes warehouse, compute, query, and storage health to uncover inefficiencies and performance bottlenecks—surfacing ~18% additional savings opportunities with clear, prioritized recommendations.
Real-time Metadata Learning
Analyzes 76+ metadata fields – no actual data accessed or stored
AI-Powered Decisions
Automatically right-sizes warehouses and tunes resources based on workload patterns
Autonomous Cost Reduction
Intelligently scales down resources during low-usage periods
Automatic Performance Scaling
Protects performance when latency rises or demand increases
No Extra Data Collected
Only collects what’s essential for optimization – nothing more
Patented Optimization Models
Continuously adapt for maximum ROI with zero maintenance overhead
Security-First Query Routing
Keebo Query Routing (KQR) acts as a smart, secure proxy between your workloads and Snowflake
KQR dynamically routes each query to the most cost-efficient warehouse based on real-time conditions and your custom rule set. The highest-priority rule that matches both the query and the current environment determines where the query is sent.
Audit‑Ready Query Routing
KQR gives you complete control over workload placement with zero compromise on data security.
Rules are AI‑recommended and logged for audit; you can review, modify, re‑order, and approve every rule before it goes live. All routing decisions are logged, and if no rule applies, KQR safely falls back to the session’s default warehouse, ensuring zero disruption to live traffic.
Enterprise-Grade Security Features
Encrypted Credentials
Customer credentials are encrypted at rest and in transit using industry-standard protocols.
No Data Stored (Ephemeral Processing)
Keebo processes metadata in‑memory and never stores query results or sensitive data.
Continuous Security Testing
Automated code scanning and third-party penetration testing
Private Network Connectivity
Support for AWS PrivateLink, GCP Private Service Connect, and Azure PrivateLink connections to your environment
Role-Based Access Control (RBAC)
Billing Administrator, Administrator, User, and Read Only roles with least-privilege defaults.
Enterprise-Grade Security Compliance
Keebo operates with the highest security standards to protect your Snowflake environment
“Keebo’s architecture demonstrates a sophisticated understanding of both optimization and security requirements. The metadata-only approach allows us to benefit from AI-driven optimizations without any data privacy concerns.”
Head of Data Infrastructure,
Major Financial Institution
Ready to Securely Optimize Snowflake & Databricks?
Join industry leaders who trust Keebo with their most sensitive data environments
Frequently Asked Questions
Yes. Snowflake provides automatic, end-to-end encryption for data both at rest and in transit. This built-in encryption model works alongside Snowflake access control policies to ensure complete data confidentiality and protection from potential breaches.
Keebo strengthens Snowflake security by automating monitoring, identifying configuration risks, and enforcing compliance policies across your Snowflake environment. It adds intelligent automation to Snowflake access control and secrets management, ensuring continuous protection and operational efficiency.
Absolutely. Snowflake supports integration with identity providers such as Okta, Azure AD, and others through SAML 2.0 and OAuth. This simplifies user authentication and strengthens Snowflake security by enforcing single sign-on (SSO) and multi-factor authentication (MFA).
Snowflake security features help organisations comply with standards like GDPR, HIPAA, and SOC 2. With strong encryption, access control, and audit logging, Snowflake enables continuous compliance monitoring and secure data management across all environments.
Snowflake security provides multiple authentication options, including username/password, key pair authentication, OAuth, and integration with external identity providers. These methods ensure that only authorised users can access your Snowflake environment, supporting stronger access control and reducing the risk of credential misuse.