Skip to main content
Security

Databend Security Design

Secutity
|
Encryption
|
Complicance

Security

Role Based Access Control (RBAC) + Discretionary Access Control (DAC)

Databend incorporates both Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) models for its access control functionality.

Masking Policy

A masking policy refers to rules and settings that control the display or access to sensitive data in a way that safeguards confidentiality while allowing authorized users to interact with the data.

Network Policy

Network policy in Databend is a configuration mechanism designed to manage and enforce network access control for users within the system. It allows you to define sets of rules governing the allowed and blocked IP address ranges for specific users, effectively controlling their network-level access.

Password Policy

Databend includes a password policy to strengthen system security and make user account management smoother. This policy sets rules for creating or changing passwords, covering aspects like length, types of characters, age restrictions, retry limits, lockout durations, and password history.

AWS PrivateLink

PrivateLink provides enhanced network security by connecting to databend cloud cluster over VPC peering. Customers can initiate the connection to the desired service using a VPC endpoint, which can be further configured with security groups to create trust boundaries and control access to the endpoint. Currently, this feature is only available on AWS.

Encryption

TLS 1.2

We provide end-to-end encryption for all communication. All customer data-flow are solely over HTTPS. Connections encrypted using TLS 1.2 from clients through to the Databend API gateway.

Storage Encryption

Databend Enterprise supports server-side encryption in OSS. This feature enables you to enhance data security and privacy by activating server-side encryption for data stored in OSS. You can choose the encryption method that best suits your needs.

Complicance

SOC 2 Type II

SOC 2 Type II

An independent third-party has thoroughly conducted a SOC 2 Type II assessment, affirming the robustness and effectiveness of our operational controls. Emphasizing our commitment to security and excellence, we continuously monitor and enhance our operational controls and defenses against vulnerabilities. Our dedicated team ensures these standards are upheld without compromise.

GDPR

GDPR

Our GDPR compliance hinges on strict data privacy enforcement, robust encryption, and regular privacy audits to shield personal data from unauthorized access. We enforce stringent access controls, permitting only a select group of trained security personnel to access and monitor our infrastructure and operational logs, ensuring the highest levels of data protection and compliance.

401 RYLAND ST. STE 200-A, Reno, NV 89502, USA
SOC 2 Type IIGDPR
© 2024 Databend Cloud. All Rights Reserved.