data
fabric
Security is central to our mission—our commitment to enhancing our customers' security and compliance begins with our own practices.
SOC stands for "System and Organization Controls" as defined by the American Institute of Certified Public Accountants. SOC focuses on security, availability, processing integrity, confidentiality, and privacy. Our latest cybersecurity controls review was on 5 June 2024
With our partner Vanta, Datafabric monitor compliance with policies and controls to prove our security and compliance to third-party auditors.
All datastores with customer data, in addition to S3 buckets, are encrypted at rest. Sensitive collections and tables also use row-level encryption.
This means the data is encrypted even before it hits the database so that neither physical access, nor logical access to the database, is enough to read the most sensitive information.
Vanta uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use features such as HSTS (HTTP Strict Transport Security) to maximize the security of our data in transit. Server TLS keys and certificates are managed by AWS and deployed via Application Load Balancers.
Encryption keys are managed via AWS Key Management System (KMS). KMS stores key material in Hardware Security Modules (HSMs), which prevents direct access by any individuals, including employees of Amazon and Vanta. The keys stored in HSMs are used for encryption and decryption via Amazon's KMS APIs.
Application secrets are encrypted and stored securely via AWS Secrets Manager and Parameter Store, and access to these values is strictly limited.