Understanding Security in FeatureBase Managed Deployments
*Updated: May 2, 2022 | Originally published: February 10, 2022
Our latest product update further improves enterprise-ready security in FeatureBase to protect and control access to your most important data.
*Molecula Advances to SOC 2 Type 2
On May 2, 2022, Molecula announced that we received our SOC 2 Type 2 certification–with zero failures or exceptions–after a rigorous evaluation and audit. This audit was conducted by Maxwell, Locke, and Ritter, a licensed Public Accounting firm and certified specialist in SOC reporting registered with the American Institute of Certified Public Accountants (AICPA).
To demonstrate our continued commitment to maintaining secure systems and controls, we will conduct an independent review of our information security practices via the SOC 2 Type 2 process every year.
Molecula’s Approach to Security
We’re dedicated to leveraging existing industry-standard tools and techniques wherever possible to meet industry requirements, reduce operator confusion, and reduce our attack surface. A simpler security model is a safer security model, both in design and in practice.
On The Wire Encryption
To protect data during ingest and querying, FeatureBase is designed to encrypt all traffic with TLS encryption using server certificates. These certificates allow for users and for FeatureBase itself to cryptographically verify that the server they are talking to is authentic.
FeatureBase is designed to integrate with existing enterprise-ready OAuth 2.0 identity providers. This allows for a user-friendly single sign-on (SSO) experience.
This update supports Azure Active Directory, and we are happy to work with customers to validate and support additional identity providers!
FeatureBase provides a simple-yet-effective set of authorization permissions that meet customer usage requirements while guarding against overly complicated policies that can unknowingly expose sensitive data.
Currently, we offer three permissions in FeatureBase:
- Admin – Can read, write, create, and delete any table in FeatureBase. Additionally, with this permission, a user can view cluster information.
- Table Write – Can query from (read) or ingest into (write) to a specified table.
Table Read – Can only query from (read) a specified table.
To meet compliance requirements, FeatureBase logs all usage locally to a syslog compatible log file. Whether the user is utilizing the UI or directly communicating with an API, the request is logged with:
- Source IP and Port
- Protocol Used
- API Endpoint
- User ID and Name
- Query String
With the audit log written in a syslog format, it’s possible to ingest with an enterprise SIEM tool of choice.
Molecula’s Commitment to Security
Security is front-and-center in everything we do at Molecula. We are committed to continuously expanding our security and compliance capabilities so that our customers can confidently access and act on their data in real time.
If you’re interested in learning more, please reach out to our team!