With the advent of the digital era, data has become one of the most valuable assets for enterprises. As data usage continues to expand, ensuring data security and privacy protection has become a common challenge for businesses worldwide. To address this challenge, we are thrilled to announce that the Databend Cloud platform has recently achieved two internationally recognized certifications - SOC 2 and GDPR compliance. This significant milestone not only marks a solid step forward in Databend Cloud's commitment to data security and privacy protection but also further strengthens global customers' trust in the platform.
Databend Cloud is a next-generation big data analytics platform built on the open-source, cloud-native data lakehouse project Databend. It offers ultra-fast elastic scalability and a pay-as-you-go Data Cloud experience. As a data lakehouse solution developed in Rust and designed with an object storage architecture, Databend is dedicated to leveraging technological innovation to provide global users with a more efficient, cost-effective, and high-performance cloud data lakehouse solution.
Since its launch, Databend Cloud has successfully replaced multiple traditional data warehouse solutions, including Snowflake, Redshift, BigQuery, Greenplum, ClickHouse, and CDH. It has helped customers across various industries - particularly in gaming, finance, advertising, and e-commerce - reduce costs and improve efficiency in big data processing.
Data Security and Privacy: Databend's Core Commitment
As a global company, Databend has prioritized data security and privacy protection as a core objective since its inception. SOC 2 and GDPR compliance are two essential regulatory standards that provide strong assurances for data security and privacy protection. When selecting a data warehouse or cloud service platform, these certifications have become key factors in enterprise decision-making.
SOC 2 Certification: A Globally Recognized Data Security Standard
SOC 2 certification, established by the American Institute of Certified Public Accountants (AICPA), is a globally recognized standard for assessing data security. It primarily evaluates a service provider's ability to manage data protection, privacy, availability, processing integrity, and confidentiality.
SOC 2 certification provides strong assurance to customers, demonstrating that the service provider has undergone an independent audit and implemented appropriate technical and managerial measures to ensure data security. The certification is divided into two types: Type I and Type II, with the latter involving a longer audit period and stricter requirements.
GDPR Compliance: The World's Strictest Data Privacy Regulation
The General Data Protection Regulation (GDPR), enacted by the European Union in 2018, is a data privacy and security law designed to protect individuals' personal data and regulate data processing and storage practices.
GDPR sets the highest global standards for privacy protection, making compliance a legal requirement for businesses operating in the EU market. It ensures that data processing and cross-border transfers adhere to strict regulatory guidelines, helping organizations avoid significant fines for non-compliance.
Key Measures for Certification: Streamlining Audits and Ensuring Compliance
Databend's successful completion of SOC 2 Type II certification was no coincidence. It was the result of thorough preparation in compliance and security architecture, as well as a transparent third-party audit process. We implemented three key measures to effectively streamline the entire audit process:
1.Implementing Controls and Policies in Advance
Before initiating the formal audit, Databend had already established a compliance framework by proactively deploying key control measures, laying a solid foundation for the audit process.
In terms of data security, Databend ensures encryption for both data at rest and data in transit, along with a robust key management system and multi-region replication architecture to guarantee data security and durability. Additionally, for code governance, strict branch protection policies and code review mechanisms are enforced through tools like GitHub. These include mandatory pull request (PR) reviews, static code analysis, and automated deployment pipelines, effectively mitigating potential code risks.
Moreover, Databend prepared a comprehensive set of organizational governance documents in advance, covering job responsibilities, risk management reports, and legal documents related to human resources. These documents provide clear business support and regulatory justification throughout the compliance process.
2. Leveraging Compliance Automation Platforms
To streamline compliance processes, Databend adopted Vanta as its compliance automation platform, building a comprehensive intelligent compliance management system. This platform enables real-time monitoring and visualization of audit control point compliance rates while also automating compliance framework mapping, remediation planning, and system integration for automatic ticket creation - significantly reducing manual workload.
By automating evidence collection and documentation, Vanta enhances efficiency and accuracy throughout the audit process. Additionally, it provides valuable resources such as security policy templates and customized security training modules, allowing Databend to quickly address compliance challenges and ensure all measures meet the stringent requirements of SOC 2 Type II.
3. Learning from Industry Best Practices
Throughout the audit process, Databend leveraged insights from companies that had successfully passed SOC 2 audits. By confirming the audit date in advance, the company ensured a smooth process. Within a week of signing the contract with the audit firm, Databend engaged with auditors to discuss requirements, prepare documentation, and efficiently advance the audit process.
Data Security Architecture: Multiple Technological Safeguards for User Privacy
In addition to achieving SOC 2 and GDPR certifications, Databend Cloud has built a comprehensive security system encompassing access control, data encryption, network policies, password strategies, and compliance measures:
Access Control
- RBAC + DAC Model: Databend combines Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) models to implement flexible and granular access control functionalities.
- Masking Policies: Masking policies are rules and settings that control the display or access to sensitive data, ensuring data confidentiality while allowing authorized users to interact with the data.
Network Policies
- Network Policy Configuration: Databend's network policies provide a configuration mechanism for managing and enforcing network access control for users within the system. It allows the definition of rules for IP address ranges that are either allowed or blocked for specific users, effectively controlling their network-level access.
- AWS PrivateLink: PrivateLink enhances network security through VPC peering connections. Customers can initiate connections to Databend Cloud clusters using VPC endpoints and configure security groups to create trust boundaries and control access to endpoints. This feature is currently available only on AWS.
Password Policies
Password Policy Features: Databend includes password policies to enhance system security and simplify user account management. These policies set rules for creating or changing passwords, covering aspects such as length, character types, age restrictions, retry limits, lockout duration, and password history.
Encryption Measures
- TLS 1.2: Databend provides end-to-end encryption, ensuring that all customer data flows are transmitted exclusively via HTTPS. Connections from clients to Databend API gateways are encrypted using TLS 1.2.
- Storage Encryption: Databend Enterprise supports server-side encryption in Object Storage Service (OSS). This feature enhances data security and privacy by activating server-side encryption for stored data in OSS. You can choose the encryption method that best suits your needs.
Future Outlook: Continuously Enhancing Security Standards and Compliance
By achieving SOC 2 and GDPR certifications, Databend Cloud is positioned to provide secure and compliant cloud data lakehouse solutions to customers worldwide. While completing these certifications marks a significant milestone, we recognize that data security is an ongoing process. Databend will continue to strengthen its technical measures for data security and privacy protection, while advancing data management and big data analytics to help businesses achieve data-driven transformations.
For more information, feel free to visit our official website at https://databend.com or join our channels on Slack to connect directly with our team.
Top comments (0)