Your data is business critical. Business critical data should not be accessible through a Public API that’s available to the entire internet. Ockam replaces the Snowflake API public endpoint with a private connection between your remote applications and your Data Cloud.

Business critical connections are trivially easy to establish with Ockam - particularly when compared to a Private Link. Simply, install an Ockam Node next to your remote application, and go to the Snowflake Marketplace to add Ockam’s Native App to your Snowflake environment.

All of your remote applications will use unique keys to mutually authenticate with, and create secure channels to your Snowflake Data Cloud. Data-in-motion is always end-to-end encrypted. Keys, enrollments, and credentials are safely created, stored, rotated, and revoked automagically so there's almost nothing to manage.

Whether it's reading a credential or secret value from a central source, or transmitting a secret key to another app, every time a secret value is transmitted over the wire is another opportunity for it to leak. Ockam's approach to secret management means each secret key never needs to leave the place where it was generated. By removing the need to transmit secrets the risk of an attacker intercepting a secret in transit is also removed.

Everyone hopes they never have a data breach, but to minimize the impact incase the worst happens Ockam apps automatically and regularly rotate their encryption keys. If a secret key is ever leaked the data at risk is reduced to the amount sent in the small window of that secret key was active. Don't put your historical and future data at risk because rotating secret keys is difficult — it's built-in from the start.

The approach to mutual authentication of every app that Ockam provides results in strong data governance guarantees around the authenticity and integrity of the messages moving through your system.

Ockam's approach uses existing and well established open source technologies and frameworks. We build trust through transparency so your CISO can be confident everything meets their requirements. The cryptographic and messaging protocols are publicly documented and the implementations are open source and available on GitHub.

We've published an independent third-party audit by the security research firm Trail of Bits, we've passed the security reviews of our major partners, and we're SOC2 compliant.

The current status of our latest audits and compliance controls are also available.