Speaker:: Ragini Ramalingam Title:: Enterprise AI Governance at Snowflake Duration:: 26 min Video:: https://www.youtube.com/watch?v=RF4gR5uviv0 ## Key Thesis Traditional enterprise security governance assumed deterministic execution; AI has replaced that with context-aware, runtime decision-making that blurs endpoint/network/cloud/SaaS boundaries. Snowflake's answer is governance that evolves at the same velocity as AI adoption — driven by an executive steering committee, visibility across four discovery pathways, feature-based risk assessment rather than tool-level approval, and a core principle of constraining AI execution authority rather than blocking adoption. ## Synopsis Ramalingam opens with a fundamental observation: enterprise security for decades assumed predefined, deterministic execution. Identities authenticated, systems executed predefined logic. AI has changed this: systems now make decisions at runtime, invoke actions across the full stack from endpoint to cloud to SaaS, and blur control boundaries that were previously distinct. Traditional governance models designed for static, human-controlled workflows don't work. She quotes Snowflake CISO Brad Jones: "Governing AI at a company like Snowflake where the AI data cloud is our business is like laying tracks in front of a running train." The challenge is laying tracks without slowing the train. **Why AI governance is fundamentally different**: (1) AI tool adoption doesn't wait for review cycles — engineers experiment, product teams integrate, solution engineers demo, business teams adopt simultaneously. (2) Feature velocity outpaces any review process — AI vendors release features weekly or multiple times per week. (3) AI blurs control plane boundaries — a single prompt can trigger endpoint actions, file reads/writes, outbound network egress, and SaaS API calls. (4) Risk is non-static because execution is non-deterministic. **Governance structure**: An enterprise steering committee with members from security, IT, legal, privacy, AI/ML, data engineering, and procurement — selected because they had visibility into AI adoption patterns across the enterprise. They identify usage patterns, assess risks, define mitigations (technical, process, or contractual), and surface everything to executive leadership in engineering, product, sales, customer experience, and IT. Key insight: enabling or disabling AI is not a security decision, it's a business decision. Executive sponsorship provides alignment and drives cultural change. This shifted Snowflake from reactive approvals to proactive risk ownership. **Visibility through four pathways**: (1) Procurement process with AI oversight built in — rationalized products not just on features but on redundant capability elimination, reducing both operational overhead and attack surface. (2) Security reviews required before enabling AI features in existing products — not just new product acquisition. (3) Active discovery for AI artifacts (MCP components, models, agents) across the enterprise using Snowflake's own platform and security lake with AI-powered telemetry across endpoint, network, cloud, and SaaS. (4) Embedded security partners in business units providing early warning on AI adoption. **Deploying GenAI tools**: Feature-based risk assessment rather than broad tool approval or rejection. Evaluated features by what enterprise control plane capabilities existed to constrain data exfiltration and manage integrations (MCP allow/deny lists, web search domain restrictions, etc.). Enabled lower-risk features immediately; gated higher-risk features pending vendor feature requests. This initiated active vendor engagement to drive security feature development — and vendors have responded with significant improvements over recent months. **Coding agents**: Treated as a fundamentally different threat model, not just another development tool. Risks include autonomous code execution, system-level calls, file system access, API integrations, and embedded browser components that bypass standard controls. Snowflake's approach: hardened immutable configuration enforced at the endpoint using existing IT/security tooling (since coding agent enterprise control planes lack robust native enforcement), restricted automated browser pathways to internal domains only, used existing EDR tools to constrain manual browser pathways to match enterprise-wide policy. For high-autonomy modes, used risk profiling to limit deployment to select user groups rather than broad rollout. Filed vendor feature requests for schema-based selective feature enablement per user group. **Lessons learned**: Executive sponsorship drives alignment; cross-functional ownership scales better than central control; visibility is prerequisite to governance; focus on constraining execution authority rather than blocking adoption; governance processes must evolve at the same velocity as technology. ## Key Takeaways - AI governance must be dynamic and evolve at AI adoption speed — traditional static governance models fail - Enabling/disabling AI is a business decision, not a security decision; executive ownership is essential - Feature-based risk assessment (not tool-level approval) is the right unit of analysis for GenAI governance - Four visibility pathways: procurement, existing product feature reviews, active AI artifact discovery, and business unit security partners - Coding agents require a different threat model than other AI tools — they blur endpoint/network/cloud/SaaS boundaries with autonomous execution - Constraining execution authority (restricting what AI can do) is more sustainable than blocking adoption - Vendor engagement is productive — security feature requests have driven measurable improvements ## Notable Quotes / Data Points - "Governing AI at Snowflake is like laying tracks in front of a running train" — CISO Brad Jones - Snowflake's security lake lives on their own platform; they used their own AI capabilities to discover AI artifacts across the enterprise - Automated browser pathways restricted to internal domains only; manual browser pathways constrained via EDR to match enterprise baseline - High-autonomy mode deployment limited to select user groups based on risk profiles - "You cannot stop AI adoption in the enterprise. If you did, it'll go around you and it will impact your business." - "AI governance is not a roadblock to innovation. It is the foundation to enable innovation securely and responsibly." - Vendors responded to feature requests with significant improvements in recent months #unprompted #claude