Platform Security Overview
Datastreamer's encyption, access, logging, and security measures.
Datastreamer Security Documentation
Datastreamer is a software product designed to handle data securely and reliably using dynamic pipelines. Leveraging Google Cloud Platform's robust infrastructure and security features, Datastreamer ensures comprehensive security measures throughout its architecture.
Encryption in Transit
Datastreamer utilizes Google Cloud's advanced encryption technologies to encrypt data in transit. No customer data within dynamic pipelines comes to rest or is stored in databases, disks, other repositories or in backups.
Datastreamer provides pipeline support for external operations for either 3rd party or client hosted services, as required for specific customer use cases. Datastreamer supports encryption for all external data movement, including egress to customer environments.
Identity and Access Management
Google Cloud IAM allows fine-grained control over access to resources. Datastreamer implements IAM policies to restrict access for data visibility only to authorized personnel. Role-based access control (RBAC) ensures that engineers and support personnel have the appropriate permissions based on their roles.
As data does not come to rest, the only data visibility expected is in relation to supporting processing issues due to data or component failures. All access to pipeline components are carried out by accredited engineers and access is audited. Access is reguarly reviewed, and is also an integrated part of onboarding and offboarding processes.
API Authentication
Access to data pipelines is managed through API keys, with optional key rotation support. API endpoints are accessible via whitelisted IP addresses only.
Network Security
Datastreamer employs Google Cloud's Virtual Private Cloud (VPC) to create isolated network environments, enhancing security by restricting access to resources within the network and implementing effective firewall rules. All data pipeline components processing customer data operate within dedicated and secure networks with no resource sharing for data at the component level.
Logging and Monitoring
Datastreamer utilizes Google Cloud’s operations suite to track and analyze activities, detect anomalies, and respond to security incidents in real-time. Customer pipelines are also available to be monitored through their Pipeline options at portal.datastreamer.io.
Secure Development Lifecycle
Datastreamer follows a secure development lifecycle, adhering to industry-standard security practices and principles. Regular security assessments, code reviews, and vulnerability scans are conducted throughout the development process to identify and mitigate security risks.
Compliance and Certifications
Google Cloud Platform complies with various industry standards and holds numerous certifications, including ISO 27001, SOC 2, and HIPAA. Datastreamer ensures compliance with relevant regulations and undergoes regular audits to maintain compliance.
Updated 5 months ago