Datacoral takes data security very seriously and is committed to keeping your data safe. Datacoral offers an industry-leading security architecture designed to keep you in control of your data at all times including during ingestion, transformation, and publishing.
Contact [email protected] if you have any questions or comments regarding the following policies. A whitepaper on Datacoral’s security architecture is available by request.
Datacoral’s software is built as a set of fully-managed serverless microservices that get spun up within the customer AWS virtual private cloud (VPC). The microservices move and manage data within the VPC. All configuration and runtime state is also managed within the VPC. All data and sensitive metadata like credentials are encrypted using customer managed encryption keys. The deployment and monitoring of the micro-services is done using a cross account role that only has limited access (following the Principle of Least Privilege) to deploy software and monitor for failures. Datacoral employees have no direct access to the customer data or sensitive credentials.
All connections to Datacoral’s web portal are encrypted by default using industry-standard TLS. Only customers and authorized Datacoral users are authorized to use the web portal.
All attempts to connect via HTTP are redirected to HTTPS, therefore users’ web browsers must support TLS.
In transit, all connections to customer data sources, their AWS VPC, databases, applications, and analytic systems are SSL encrypted.
Collect slices are read-only connections to customer data. These connections support source-vendor-supported APIs or industry-standard interfaces and file formats such as CSV, and JSON. Connectors to third-party SaaS data sources are encrypted in transit, and use the account owner’s credentials for access. These credentials are supplied and maintained by Datacoral’s customers within their AWS DynamoDB. Datacoral does not see these account credentials, and data flows never pass through Datacoral-owned environments.
Data is loaded, stored and transformed within the customer’s data warehouse. Datacoral microservices installed in your VPC require CRUD permissions to your data warehouse in order to create a schema, execute slices and save materialized views within the database.
Datacoral stores no customer data outside of the customer’s account. Datacoral monitoring services may capture metadata related to behavior of software and microservices within the customer’s VPC including log files generated from AWS services such as databases and S3 file systems.
Datacoral authorizes specific customer support employees to have access to the customer’s environment via highly restricted cross-account roles for the purposes of operating and maintaining the customer’s data pipeline.
Datacoral, like each of its customers, depends on AWS to maintain the physical and environmental security of their physical system. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 1/2-3, PCI-DSS and ISO27001. See Amazon compliance and security documentation for more detailed information.
Datacoral offers data lineage and provenance features that allow the customer to demonstrate their compliance with regulations such as GDPR and CCPA. Datacoral will also gain it’s HIPAA compliance requirements, including having signed a Business Associate Agreement (BAA) with Amazon, and with customers as necessary, however, all data access occurs within the customer’s cloud account, making HIPAA compliance the responsibility of the customer, who is the owner and operator of their data.
Since all the data and services reside in the customer’s account and are a part of the customer’s environment, all the data breach prevention practices specific to strategies, policies, and procedures adopted by a specific customer will fully apply to Datacoral deployment.
To secure our own environment, Datacoral has developed a set of security policies and procedures in order to minimize chances of environment or data breach of any kind. We are working to adopt a robust incident response policy that complies with industry’s best practices and recommendations.
Datacoral has already established a strong reputation for its responsiveness and transparency. In the event that an operational or security issue occurs within a single or across multiple customers, Datacoral will notify the affected customers as soon as possible with information regarding the issue, it’s consequences and the timeline under which we are working to correct it.
If you have a concern about a specific security feature or not sure if Datacoral is in compliance with your security policies, or believe you’ve observed a security vulnerability, please send it to us by emailing [email protected]. Please include as much information as possible such that we can understand your concern or reproduce and correct the problem.
If you’d like to learn more about Datacoral’s security design, feel free to request our long-form security paper and we will follow up.